[2013/11/07 14:24:51.887463, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) smbd_smb2_request_incoming: idx[1] of 5 vectors [2013/11/07 14:24:51.887853, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) smb2_validate_sequence_number: clearing id 155 (position 155) from bitmap [2013/11/07 14:24:51.888103, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) smbd_smb2_request_dispatch: opcode[SMB2_OP_CREATE] mid = 155 [2013/11/07 14:24:51.888351, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2013/11/07 14:24:51.888658, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_create.c:451(smbd_smb2_create_send) smbd_smb2_create: name[spoolss] [2013/11/07 14:24:51.888893, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap.c:187(dbwrap_check_lock_order) check lock order 1 for /var/run/samba/smbXsrv_open_global.tdb [2013/11/07 14:24:51.889097, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) lock order: 1:/var/run/samba/smbXsrv_open_global.tdb 2: 3: [2013/11/07 14:24:51.889343, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) Locking key 9D63E5BF [2013/11/07 14:24:51.889576, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap_tdb.c:143(db_tdb_fetch_locked_internal) Allocated locked data 0x0xb7fb14a0 [2013/11/07 14:24:51.889948, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smbXsrv_open.c:695(smbXsrv_open_global_store) [2013/11/07 14:24:51.890068, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smbXsrv_open.c:697(smbXsrv_open_global_store) smbXsrv_open_global_store: key '9D63E5BF' stored [2013/11/07 14:24:51.890277, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) &global_blob: struct smbXsrv_open_globalB version : SMBXSRV_VERSION_0 (0) seqnum : 0x00000001 (1) info : union smbXsrv_open_globalU(case 0) info0 : * info0: struct smbXsrv_open_global0 db_rec : * server_id: struct server_id pid : 0x0000000000002c7f (11391) task_id : 0x00000000 (0) vnn : 0xffffffff (4294967295) unique_id : 0xf0a57ba60aba1420 (-1106342180374834144) open_global_id : 0x9d63e5bf (2640569791) open_persistent_id : 0x000000009d63e5bf (2640569791) open_volatile_id : 0x00000000fd288e4a (4247293514) open_owner : S-1-5-21-1094127309-486540266-3527182606-1118 open_time : Do Nov 7 14:24:52 2013 CET create_guid : 00000000-0000-0000-0000-000000000000 client_guid : 4a76dfb5-4795-11e3-be7a-5254003f141e app_instance_id : 00000000-0000-0000-0000-000000000000 disconnect_time : NTTIME(0) durable_timeout_msec : 0x00000000 (0) durable : 0x00 (0) backend_cookie : DATA_BLOB length=0 [2013/11/07 14:24:51.893008, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) Unlocking key 9D63E5BF [2013/11/07 14:24:51.893224, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor) release lock order 1 for /var/run/samba/smbXsrv_open_global.tdb [2013/11/07 14:24:51.893499, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) lock order: 1: 2: 3: [2013/11/07 14:24:51.893715, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smbXsrv_open.c:862(smbXsrv_open_create) [2013/11/07 14:24:51.893827, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smbXsrv_open.c:870(smbXsrv_open_create) smbXsrv_open_create: global_id (0x9d63e5bf) stored [2013/11/07 14:24:51.894027, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) &open_blob: struct smbXsrv_openB version : SMBXSRV_VERSION_0 (0) reserved : 0x00000000 (0) info : union smbXsrv_openU(case 0) info0 : * info0: struct smbXsrv_open table : * db_rec : NULL local_id : 0xfd288e4a (4247293514) global : * global: struct smbXsrv_open_global0 db_rec : NULL server_id: struct server_id pid : 0x0000000000002c7f (11391) task_id : 0x00000000 (0) vnn : 0xffffffff (4294967295) unique_id : 0xf0a57ba60aba1420 (-1106342180374834144) open_global_id : 0x9d63e5bf (2640569791) open_persistent_id : 0x000000009d63e5bf (2640569791) open_volatile_id : 0x00000000fd288e4a (4247293514) open_owner : S-1-5-21-1094127309-486540266-3527182606-1118 open_time : Do Nov 7 14:24:52 2013 CET create_guid : 00000000-0000-0000-0000-000000000000 client_guid : 4a76dfb5-4795-11e3-be7a-5254003f141e app_instance_id : 00000000-0000-0000-0000-000000000000 disconnect_time : NTTIME(0) durable_timeout_msec : 0x00000000 (0) durable : 0x00 (0) backend_cookie : DATA_BLOB length=0 status : NT_STATUS_OK idle_time : Do Nov 7 14:24:52 2013 CET compat : NULL [2013/11/07 14:24:51.897496, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/files.c:125(file_new) allocated file structure fnum 4247293514 (2 used) [2013/11/07 14:24:51.897725, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/files.c:713(file_name_hash) file_name_hash: /tmp/spoolss hash 0x7d4e46e5 [2013/11/07 14:24:51.897991, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) Create pipe requested \spoolss [2013/11/07 14:24:51.898215, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 9 for pipe \spoolss [2013/11/07 14:24:51.898574, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) Created internal pipe \spoolss [2013/11/07 14:24:51.898927, 8, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/dosmode.c:631(dos_mode) dos_mode: spoolss [2013/11/07 14:24:51.899174, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_create.c:1053(smbd_smb2_create_send) smbd_smb2_create_send: spoolss - fnum 4247293514 [2013/11/07 14:24:51.899436, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[88] dyn[yes:0] at ../source3/smbd/smb2_create.c:369 [2013/11/07 14:24:51.899692, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/156/127 [2013/11/07 14:24:51.902758, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) smbd_smb2_request_incoming: idx[1] of 5 vectors [2013/11/07 14:24:51.903058, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) smb2_validate_sequence_number: clearing id 156 (position 156) from bitmap [2013/11/07 14:24:51.903283, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) smbd_smb2_request_dispatch: opcode[SMB2_OP_WRITE] mid = 156 [2013/11/07 14:24:51.903637, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2013/11/07 14:24:51.903855, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) mid 156, CreditCharge: 1, NeededCharge: 1 [2013/11/07 14:24:51.904060, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_write.c:271(smbd_smb2_write_send) smbd_smb2_write: spoolss - fnum 4247293514 [2013/11/07 14:24:51.904275, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 160 [2013/11/07 14:24:51.904664, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 160 [2013/11/07 14:24:51.904868, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 160 [2013/11/07 14:24:51.905072, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) fill_rpc_header: data_to_copy = 160, len_needed_to_complete_hdr = 16, receive_len = 0 [2013/11/07 14:24:51.905276, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 16 [2013/11/07 14:24:51.905504, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 144 [2013/11/07 14:24:51.905701, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 144 [2013/11/07 14:24:51.905909, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 0 [2013/11/07 14:24:51.906105, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 144 [2013/11/07 14:24:51.906303, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 144, incoming data = 144 [2013/11/07 14:24:51.906510, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) PDU is in Little Endian format! [2013/11/07 14:24:51.906735, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_BIND (11) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x00a0 (160) auth_length : 0x0000 (0) call_id : 0x00000002 (2) u : union dcerpc_payload(case 11) bind: struct dcerpc_bind max_xmit_frag : 0x10b8 (4280) max_recv_frag : 0x10b8 (4280) assoc_group_id : 0x00000000 (0) num_contexts : 0x03 (3) ctx_list: ARRAY(3) ctx_list: struct dcerpc_ctx_list context_id : 0x0000 (0) num_transfer_syntaxes : 0x01 (1) abstract_syntax: struct ndr_syntax_id uuid : 12345678-1234-abcd-ef00-0123456789ab if_version : 0x00000001 (1) transfer_syntaxes: ARRAY(1) transfer_syntaxes: struct ndr_syntax_id uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 if_version : 0x00000002 (2) ctx_list: struct dcerpc_ctx_list context_id : 0x0001 (1) num_transfer_syntaxes : 0x01 (1) abstract_syntax: struct ndr_syntax_id uuid : 12345678-1234-abcd-ef00-0123456789ab if_version : 0x00000001 (1) transfer_syntaxes: ARRAY(1) transfer_syntaxes: struct ndr_syntax_id uuid : 71710533-beba-4937-8319-b5dbef9ccc36 if_version : 0x00000001 (1) ctx_list: struct dcerpc_ctx_list context_id : 0x0002 (2) num_transfer_syntaxes : 0x01 (1) abstract_syntax: struct ndr_syntax_id uuid : 12345678-1234-abcd-ef00-0123456789ab if_version : 0x00000001 (1) transfer_syntaxes: ARRAY(1) transfer_syntaxes: struct ndr_syntax_id uuid : 6cb71c2c-9812-4540-0300-000000000000 if_version : 0x00000001 (1) auth_info : DATA_BLOB length=0 [2013/11/07 14:24:51.911949, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) Processing packet type 11 [2013/11/07 14:24:51.912157, 3, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:693(api_pipe_bind_req) api_pipe_bind_req: spoolss -> spoolss rpc service [2013/11/07 14:24:51.912362, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:724(api_pipe_bind_req) api_pipe_bind_req: make response. 724 [2013/11/07 14:24:51.912623, 3, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:342(check_bind_req) check_bind_req for \spoolss [2013/11/07 14:24:51.912834, 3, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:349(check_bind_req) check_bind_req: spoolss -> spoolss rpc service [2013/11/07 14:24:51.913039, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 10 for pipe \spoolss [2013/11/07 14:24:51.913349, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_BIND_ACK (12) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0044 (68) auth_length : 0x0000 (0) call_id : 0x00000002 (2) u : union dcerpc_payload(case 12) bind_ack: struct dcerpc_bind_ack max_xmit_frag : 0x10b8 (4280) max_recv_frag : 0x10b8 (4280) assoc_group_id : 0x000053f0 (21488) secondary_address_size : 0x000e (14) secondary_address : '\PIPE\spoolss' _pad1 : DATA_BLOB length=0 num_results : 0x01 (1) ctx_list: ARRAY(1) ctx_list: struct dcerpc_ack_ctx result : 0x0000 (0) reason : 0x0000 (0) syntax: struct ndr_syntax_id uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 if_version : 0x00000002 (2) auth_info : DATA_BLOB length=0 [2013/11/07 14:24:51.916626, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 144 smbd_smb2_request_pending_queue: req->current_idx = 1 req->in.vector[0].iov_len = 0 req->in.vector[1].iov_len = 0 req->in.vector[2].iov_len = 64 req->in.vector[3].iov_len = 48 req->in.vector[4].iov_len = 160 req->out.vector[0].iov_len = 4 req->out.vector[1].iov_len = 0 req->out.vector[2].iov_len = 64 req->out.vector[3].iov_len = 8 req->out.vector[4].iov_len = 0 [2013/11/07 14:24:51.917868, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[16] dyn[yes:0] at ../source3/smbd/smb2_write.c:150 [2013/11/07 14:24:51.918087, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/157/127 [2013/11/07 14:24:51.920811, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) smbd_smb2_request_incoming: idx[1] of 5 vectors [2013/11/07 14:24:51.921160, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) smb2_validate_sequence_number: clearing id 157 (position 157) from bitmap [2013/11/07 14:24:51.921529, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) smbd_smb2_request_dispatch: opcode[SMB2_OP_READ] mid = 157 [2013/11/07 14:24:51.921790, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2013/11/07 14:24:51.922008, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) mid 157, CreditCharge: 1, NeededCharge: 1 [2013/11/07 14:24:51.922215, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_read.c:400(smbd_smb2_read_send) smbd_smb2_read: spoolss - fnum 4247293514 [2013/11/07 14:24:51.922481, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) name: \spoolss len: 1024 [2013/11/07 14:24:51.922699, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:326(read_from_internal_pipe) read_from_pipe: \spoolss: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. [2013/11/07 14:24:51.922914, 3, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) free_pipe_context: destroying talloc pool of size 25 smbd_smb2_request_pending_queue: req->current_idx = 1 req->in.vector[0].iov_len = 0 req->in.vector[1].iov_len = 0 req->in.vector[2].iov_len = 64 req->in.vector[3].iov_len = 48 req->in.vector[4].iov_len = 1 req->out.vector[0].iov_len = 4 req->out.vector[1].iov_len = 0 req->out.vector[2].iov_len = 64 req->out.vector[3].iov_len = 8 req->out.vector[4].iov_len = 0 [2013/11/07 14:24:51.924115, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 68 bytes. There is no more data outstanding [2013/11/07 14:24:51.924324, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[16] dyn[yes:68] at ../source3/smbd/smb2_read.c:154 [2013/11/07 14:24:51.924625, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/158/127 [2013/11/07 14:24:51.927041, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) smbd_smb2_request_incoming: idx[1] of 5 vectors [2013/11/07 14:24:51.927342, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) smb2_validate_sequence_number: clearing id 158 (position 158) from bitmap [2013/11/07 14:24:51.927570, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) smbd_smb2_request_dispatch: opcode[SMB2_OP_IOCTL] mid = 158 [2013/11/07 14:24:51.927824, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2013/11/07 14:24:51.928039, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) mid 158, CreditCharge: 1, NeededCharge: 1 [2013/11/07 14:24:51.928243, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl.c:394(smbd_smb2_ioctl_send) smbd_smb2_ioctl: ctl_code[0x0011c017] spoolss, fnum 4247293514 [2013/11/07 14:24:51.928533, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:59(smb2_ioctl_named_pipe) smbd_smb2_ioctl_send: np_write_send of size 192 [2013/11/07 14:24:51.928737, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 192 [2013/11/07 14:24:51.928941, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 192 [2013/11/07 14:24:51.929140, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 192 [2013/11/07 14:24:51.929375, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) fill_rpc_header: data_to_copy = 192, len_needed_to_complete_hdr = 16, receive_len = 0 [2013/11/07 14:24:51.929621, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 16 [2013/11/07 14:24:51.929822, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 176 [2013/11/07 14:24:51.930020, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 176 [2013/11/07 14:24:51.930226, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 0 [2013/11/07 14:24:51.930423, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 176 [2013/11/07 14:24:51.930620, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 176, incoming data = 176 [2013/11/07 14:24:51.930827, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) PDU is in Little Endian format! [2013/11/07 14:24:51.931046, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x00c0 (192) auth_length : 0x0000 (0) call_id : 0x00000002 (2) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x000000a8 (168) context_id : 0x0000 (0) opnum : 0x0045 (69) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=168 [0000] 00 00 02 00 13 00 00 00 00 00 00 00 13 00 00 00 ........ ........ [0010] 5C 00 5C 00 53 00 4C 00 41 00 56 00 45 00 52 00 \.\.S.L. A.V.E.R. [0020] 5C 00 73 00 70 00 72 00 69 00 6E 00 74 00 65 00 \.s.p.r. i.n.t.e. [0030] 72 00 31 00 00 00 00 00 00 00 00 00 00 00 00 00 r.1..... ........ [0040] 00 00 00 00 00 00 00 00 01 00 00 00 01 00 00 00 ........ ........ [0050] 04 00 02 00 28 00 00 00 08 00 02 00 0C 00 02 00 ....(... ........ [0060] 80 25 00 00 03 00 00 00 00 00 00 00 09 00 00 00 .%...... ........ [0070] 05 00 00 00 00 00 00 00 05 00 00 00 57 00 49 00 ........ ....W.I. [0080] 4E 00 38 00 00 00 00 00 0A 00 00 00 00 00 00 00 N.8..... ........ [0090] 0A 00 00 00 46 00 46 00 46 00 5C 00 74 00 65 00 ....F.F. F.\.t.e. [00A0] 73 00 74 00 38 00 00 00 s.t.8... [2013/11/07 14:24:51.935136, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) Processing packet type 0 [2013/11/07 14:24:51.935339, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1472(dcesrv_auth_request) Checking request auth. [2013/11/07 14:24:51.935548, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(2016, 5001) : sec_ctx_stack_ndx = 1 [2013/11/07 14:24:51.935802, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (2016, 5001) - sec_ctx_stack_ndx = 1 [2013/11/07 14:24:51.936012, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (7): SID[ 0]: S-1-5-21-1094127309-486540266-3527182606-1118 SID[ 1]: S-1-5-21-1094127309-486540266-3527182606-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-32-545 SID[ 6]: S-1-5-32-554 Privileges (0x 800000): Privilege[ 0]: SeChangeNotifyPrivilege Rights (0x 400): Right[ 0]: SeRemoteInteractiveLogonRight [2013/11/07 14:24:51.937275, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 2016 Primary group is 5001 and contains 6 supplementary groups Group[ 0]: 5001 Group[ 1]: 5012 Group[ 2]: 5032 Group[ 3]: 5010 Group[ 4]: 5067 Group[ 5]: 5052 [2013/11/07 14:24:51.938160, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1324(api_pipe_request) Requested \spoolss rpc service [2013/11/07 14:24:51.938370, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1356(api_rpcTNP) api_rpcTNP: \spoolss op 0x45 - api_rpcTNP: rpc command: SPOOLSS_OPENPRINTEREX [2013/11/07 14:24:51.938582, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1390(api_rpcTNP) api_rpc_cmds[69].fn == 0xb7662e70 [2013/11/07 14:24:51.938812, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) spoolss_OpenPrinterEx: struct spoolss_OpenPrinterEx in: struct spoolss_OpenPrinterEx printername : * printername : '\\SLAVER\sprinter1' datatype : NULL devmode_ctr: struct spoolss_DevmodeContainer _ndr_size : 0x00000000 (0) devmode : NULL access_mask : 0x00000000 (0) 0: SERVER_ACCESS_ADMINISTER 0: SERVER_ACCESS_ENUMERATE 0: PRINTER_ACCESS_ADMINISTER 0: PRINTER_ACCESS_USE 0: JOB_ACCESS_ADMINISTER 0: JOB_ACCESS_READ userlevel_ctr: struct spoolss_UserLevelCtr level : 0x00000001 (1) user_info : union spoolss_UserLevel(case 1) level1 : * level1: struct spoolss_UserLevel1 size : 0x00000028 (40) client : * client : 'WIN8' user : * user : 'FFF\test8' build : 0x00002580 (9600) major : UNKNOWN_ENUM_VALUE (3) minor : SPOOLSS_MINOR_VERSION_0 (0) processor : PROCESSOR_ARCHITECTURE_AMD64 (9) checking name: \\SLAVER\sprinter1 [2013/11/07 14:24:51.941921, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:737(open_printer_hnd) open_printer_hnd: name [\\SLAVER\sprinter1] [2013/11/07 14:24:51.942142, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 02 01 00 00 00 00 00 00 7B 52 A3 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:51.942550, 3, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:506(set_printer_hnd_printertype) Setting printer type=\\SLAVER\sprinter1 Printer is a printer [2013/11/07 14:24:51.942844, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:566(set_printer_hnd_name) Setting printer name=\\SLAVER\sprinter1 (len=18) searching for [sprinter1] [2013/11/07 14:24:51.943209, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=tdb] ../source3/lib/gencache.c:275(gencache_set_data_blob) Did not store value for PRINTERNAME/sprinter1, we already got it set_printer_hnd_name: Printer found: sprinter1 -> sprinter1 [2013/11/07 14:24:51.943501, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:773(open_printer_hnd) 2 printer handles active [2013/11/07 14:24:51.943705, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 02 01 00 00 00 00 00 00 7B 52 A3 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:51.944078, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 02 01 00 00 00 00 00 00 7B 52 A3 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:51.944523, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:489(get_printer_snum) short name:sprinter1 [2013/11/07 14:24:51.944771, 3, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/access.c:338(allow_access) Allowed connection from 10.200.7.61 (10.200.7.61) [2013/11/07 14:24:51.945360, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/share_access.c:237(user_ok_token) user_ok_token: share sprinter1 is ok for unix user test8 [2013/11/07 14:24:51.945608, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) Create pipe requested \winreg [2013/11/07 14:24:51.945698, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:221(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \winreg [2013/11/07 14:24:51.945780, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg [2013/11/07 14:24:51.945915, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) Created internal pipe \winreg [2013/11/07 14:24:51.946024, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:24:51.946532, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2013/11/07 14:24:51.946618, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(2016, 5001) : sec_ctx_stack_ndx = 2 [2013/11/07 14:24:51.946721, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:485(push_conn_ctx) push_conn_ctx(2620291195) : conn_ctx_stack_ndx = 0 [2013/11/07 14:24:51.946804, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/11/07 14:24:51.946884, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/11/07 14:24:51.946964, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/11/07 14:24:51.947207, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (2016, 5001) - sec_ctx_stack_ndx = 1 [2013/11/07 14:24:51.947293, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:866(regdb_open) regdb_open: registry db opened. refcount reset (1) [2013/11/07 14:24:51.947380, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2013/11/07 14:24:51.947460, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2013/11/07 14:24:51.947545, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:51.947625, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM] [2013/11/07 14:24:51.947753, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2013/11/07 14:24:51.947858, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:24:51.947944, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 03 01 00 00 00 00 00 00 7B 52 A3 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:51.948100, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000103-0000-0000-7b52-a3947f2c0000 result : WERR_OK [2013/11/07 14:24:51.948528, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000103-0000-0000-7b52-a3947f2c0000 keyname: struct winreg_String name_len : 0x008c (140) name_size : 0x008c (140) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:24:51.949640, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 03 01 00 00 00 00 00 00 7B 52 A3 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:51.949799, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2013/11/07 14:24:51.949881, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (1->2) [2013/11/07 14:24:51.949966, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2013/11/07 14:24:51.950045, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2013/11/07 14:24:51.950129, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:51.950208, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE] [2013/11/07 14:24:51.950321, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2013/11/07 14:24:51.950423, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2013/11/07 14:24:51.950505, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (2->3) [2013/11/07 14:24:51.950589, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:51.950669, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:51.950754, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:51.950833, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:51.950938, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:51.951039, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2013/11/07 14:24:51.951120, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (3->4) [2013/11/07 14:24:51.951204, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:51.951297, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:51.951382, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:51.951460, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:51.951562, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:51.951666, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2013/11/07 14:24:51.951747, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (4->5) [2013/11/07 14:24:51.951831, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:51.951911, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:51.951996, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:51.952075, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:51.952203, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2013/11/07 14:24:51.952285, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (5->6) [2013/11/07 14:24:51.952370, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:51.952491, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:51.952582, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:51.952662, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:51.952772, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2013/11/07 14:24:51.952855, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (6->7) [2013/11/07 14:24:51.952940, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:51.953035, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:51.953123, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:51.953202, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:51.953321, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:51.953426, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [sprinter1] [2013/11/07 14:24:51.953508, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (7->8) [2013/11/07 14:24:51.953594, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:51.953674, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:51.953762, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:51.953841, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:51.953966, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:51.954069, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:24:51.954155, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (8->7) [2013/11/07 14:24:51.954239, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (7->6) [2013/11/07 14:24:51.954322, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (6->5) [2013/11/07 14:24:51.954406, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (5->4) [2013/11/07 14:24:51.954489, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (4->3) [2013/11/07 14:24:51.954571, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (3->2) [2013/11/07 14:24:51.954656, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 04 01 00 00 00 00 00 00 7B 52 A3 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:51.954823, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000104-0000-0000-7b52-a3947f2c0000 result : WERR_OK [2013/11/07 14:24:51.955182, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000104-0000-0000-7b52-a3947f2c0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2013/11/07 14:24:51.955956, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 04 01 00 00 00 00 00 00 7B 52 A3 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:51.956104, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:51.956186, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2013/11/07 14:24:51.956268, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' (ops 0xb6d86bc0) [2013/11/07 14:24:51.956352, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:51.956572, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[0]: name[Attributes] len[4] [2013/11/07 14:24:51.956659, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[1]: name[Description] len[2] [2013/11/07 14:24:51.956743, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[2]: name[Datatype] len[8] [2013/11/07 14:24:51.956827, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[3]: name[Default Priority] len[4] [2013/11/07 14:24:51.956926, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[4]: name[Port] len[38] [2013/11/07 14:24:51.957011, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[5]: name[Name] len[20] [2013/11/07 14:24:51.957095, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[6]: name[Print Processor] len[18] [2013/11/07 14:24:51.957180, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[7]: name[Priority] len[4] [2013/11/07 14:24:51.957265, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[8]: name[Security] len[248] [2013/11/07 14:24:51.957377, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[9]: name[Share Name] len[20] [2013/11/07 14:24:51.957462, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[10]: name[StartTime] len[4] [2013/11/07 14:24:51.957548, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[11]: name[UntilTime] len[4] [2013/11/07 14:24:51.957632, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[12]: name[ChangeID] len[4] [2013/11/07 14:24:51.957720, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : NULL data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x00000000 (0) result : WERR_OK [2013/11/07 14:24:51.958183, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000104-0000-0000-7b52-a3947f2c0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_BINARY (3) data : * data: ARRAY(0) data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x00000000 (0) [2013/11/07 14:24:51.958993, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 04 01 00 00 00 00 00 00 7B 52 A3 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:51.959159, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:51.959240, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2013/11/07 14:24:51.959328, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : * data: ARRAY(248) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0xc4 (196) [55] : 0x00 (0) [56] : 0x07 (7) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x24 (36) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x05 (5) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x15 (21) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0xcd (205) [101] : 0x0e (14) [102] : 0x37 (55) [103] : 0x41 (65) [104] : 0xea (234) [105] : 0x03 (3) [106] : 0x00 (0) [107] : 0x1d (29) [108] : 0x0e (14) [109] : 0x89 (137) [110] : 0x3c (60) [111] : 0xd2 (210) [112] : 0x00 (0) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x02 (2) [118] : 0x24 (36) [119] : 0x00 (0) [120] : 0x0c (12) [121] : 0x00 (0) [122] : 0x0f (15) [123] : 0x10 (16) [124] : 0x01 (1) [125] : 0x05 (5) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x05 (5) [132] : 0x15 (21) [133] : 0x00 (0) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0xcd (205) [137] : 0x0e (14) [138] : 0x37 (55) [139] : 0x41 (65) [140] : 0xea (234) [141] : 0x03 (3) [142] : 0x00 (0) [143] : 0x1d (29) [144] : 0x0e (14) [145] : 0x89 (137) [146] : 0x3c (60) [147] : 0xd2 (210) [148] : 0x00 (0) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x09 (9) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x20 (32) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x02 (2) [178] : 0x18 (24) [179] : 0x00 (0) [180] : 0x0c (12) [181] : 0x00 (0) [182] : 0x0f (15) [183] : 0x10 (16) [184] : 0x01 (1) [185] : 0x02 (2) [186] : 0x00 (0) [187] : 0x00 (0) [188] : 0x00 (0) [189] : 0x00 (0) [190] : 0x00 (0) [191] : 0x05 (5) [192] : 0x20 (32) [193] : 0x00 (0) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x20 (32) [197] : 0x02 (2) [198] : 0x00 (0) [199] : 0x00 (0) [200] : 0x00 (0) [201] : 0x09 (9) [202] : 0x18 (24) [203] : 0x00 (0) [204] : 0x0c (12) [205] : 0x00 (0) [206] : 0x0f (15) [207] : 0x10 (16) [208] : 0x01 (1) [209] : 0x02 (2) [210] : 0x00 (0) [211] : 0x00 (0) [212] : 0x00 (0) [213] : 0x00 (0) [214] : 0x00 (0) [215] : 0x05 (5) [216] : 0x20 (32) [217] : 0x00 (0) [218] : 0x00 (0) [219] : 0x00 (0) [220] : 0x26 (38) [221] : 0x02 (2) [222] : 0x00 (0) [223] : 0x00 (0) [224] : 0x00 (0) [225] : 0x02 (2) [226] : 0x18 (24) [227] : 0x00 (0) [228] : 0x0c (12) [229] : 0x00 (0) [230] : 0x0f (15) [231] : 0x10 (16) [232] : 0x01 (1) [233] : 0x02 (2) [234] : 0x00 (0) [235] : 0x00 (0) [236] : 0x00 (0) [237] : 0x00 (0) [238] : 0x00 (0) [239] : 0x05 (5) [240] : 0x20 (32) [241] : 0x00 (0) [242] : 0x00 (0) [243] : 0x00 (0) [244] : 0x26 (38) [245] : 0x02 (2) [246] : 0x00 (0) [247] : 0x00 (0) data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x000000f8 (248) result : WERR_OK [2013/11/07 14:24:51.969754, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000104-0000-0000-7b52-a3947f2c0000 [2013/11/07 14:24:51.970043, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 04 01 00 00 00 00 00 00 7B 52 A3 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:51.970210, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 04 01 00 00 00 00 00 00 7B 52 A3 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:51.970360, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:24:51.970446, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (2->1) [2013/11/07 14:24:51.970529, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:24:51.970868, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000103-0000-0000-7b52-a3947f2c0000 [2013/11/07 14:24:51.971148, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 03 01 00 00 00 00 00 00 7B 52 A3 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:51.971299, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 03 01 00 00 00 00 00 00 7B 52 A3 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:51.971449, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:24:51.971531, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (1->0) [2013/11/07 14:24:51.971635, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:24:51.971969, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:416(close_policy_by_pipe) Deleted handle list for RPC connection \winreg [2013/11/07 14:24:51.972060, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x20020008 to 0x00020008 [2013/11/07 14:24:51.972142, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2013/11/07 14:24:51.972221, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2013/11/07 14:24:51.972314, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2013/11/07 14:24:51.972446, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2013/11/07 14:24:51.972530, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2013/11/07 14:24:51.972610, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2013/11/07 14:24:51.972693, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/printing/nt_printing.c:1844(print_access_check) access check was SUCCESS [2013/11/07 14:24:51.972777, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:1921(_spoolss_OpenPrinterEx) Setting printer access = PRINTER_ACCESS_USE [2013/11/07 14:24:51.972932, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) Create pipe requested \winreg [2013/11/07 14:24:51.973025, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:221(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \winreg [2013/11/07 14:24:51.973109, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg [2013/11/07 14:24:51.973242, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) Created internal pipe \winreg [2013/11/07 14:24:51.973360, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:24:51.973872, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2013/11/07 14:24:51.973957, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(2016, 5001) : sec_ctx_stack_ndx = 2 [2013/11/07 14:24:51.974046, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:485(push_conn_ctx) push_conn_ctx(2620291195) : conn_ctx_stack_ndx = 0 [2013/11/07 14:24:51.974129, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/11/07 14:24:51.974210, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/11/07 14:24:51.974290, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/11/07 14:24:51.974526, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (2016, 5001) - sec_ctx_stack_ndx = 1 [2013/11/07 14:24:51.974611, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:866(regdb_open) regdb_open: registry db opened. refcount reset (1) [2013/11/07 14:24:51.974712, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2013/11/07 14:24:51.974793, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2013/11/07 14:24:51.974877, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:51.974956, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM] [2013/11/07 14:24:51.975079, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2013/11/07 14:24:51.975180, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:24:51.975268, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 05 01 00 00 00 00 00 00 7B 52 A3 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:51.975423, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000105-0000-0000-7b52-a3947f2c0000 result : WERR_OK [2013/11/07 14:24:51.975833, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000105-0000-0000-7b52-a3947f2c0000 keyname: struct winreg_String name_len : 0x008c (140) name_size : 0x008c (140) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:24:51.976879, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 05 01 00 00 00 00 00 00 7B 52 A3 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:51.977036, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2013/11/07 14:24:51.977133, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (1->2) [2013/11/07 14:24:51.977217, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2013/11/07 14:24:51.977310, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2013/11/07 14:24:51.977395, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:51.977475, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE] [2013/11/07 14:24:51.977587, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2013/11/07 14:24:51.977688, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2013/11/07 14:24:51.977770, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (2->3) [2013/11/07 14:24:51.977854, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:51.977934, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:51.978017, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:51.978096, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:51.978201, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:51.978301, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2013/11/07 14:24:51.978384, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (3->4) [2013/11/07 14:24:51.978471, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:51.978551, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:51.978635, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:51.978714, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:51.978817, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:51.978931, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2013/11/07 14:24:51.979014, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (4->5) [2013/11/07 14:24:51.979100, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:51.979180, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:51.979265, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:51.979344, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:51.979466, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2013/11/07 14:24:51.979549, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (5->6) [2013/11/07 14:24:51.979634, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:51.979714, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:51.979801, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:51.979880, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:51.979987, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2013/11/07 14:24:51.980069, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (6->7) [2013/11/07 14:24:51.980156, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:51.980236, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:51.980324, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:51.980466, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:51.980575, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:51.980690, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [sprinter1] [2013/11/07 14:24:51.980774, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (7->8) [2013/11/07 14:24:51.980859, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:51.980940, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:51.981030, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:51.981110, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:51.981236, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:51.981379, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:24:51.981465, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (8->7) [2013/11/07 14:24:51.981548, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (7->6) [2013/11/07 14:24:51.981633, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (6->5) [2013/11/07 14:24:51.981715, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (5->4) [2013/11/07 14:24:51.981798, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (4->3) [2013/11/07 14:24:51.981881, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (3->2) [2013/11/07 14:24:51.981965, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 06 01 00 00 00 00 00 00 7B 52 A3 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:51.982114, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000106-0000-0000-7b52-a3947f2c0000 result : WERR_OK [2013/11/07 14:24:51.982453, 2, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/rpc_client/cli_winreg_spoolss.c:626(winreg_create_printer) winreg_create_printer: Skipping, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1 already exists [2013/11/07 14:24:51.982564, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000106-0000-0000-7b52-a3947f2c0000 [2013/11/07 14:24:51.982846, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 06 01 00 00 00 00 00 00 7B 52 A3 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:51.982997, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 06 01 00 00 00 00 00 00 7B 52 A3 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:51.983147, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:24:51.983229, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (2->1) [2013/11/07 14:24:51.983311, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:24:51.983648, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000105-0000-0000-7b52-a3947f2c0000 [2013/11/07 14:24:51.983928, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 05 01 00 00 00 00 00 00 7B 52 A3 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:51.984078, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 05 01 00 00 00 00 00 00 7B 52 A3 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:51.984228, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:24:51.984309, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (1->0) [2013/11/07 14:24:51.984443, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:24:51.984781, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:416(close_policy_by_pipe) Deleted handle list for RPC connection \winreg [2013/11/07 14:24:51.984887, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) spoolss_OpenPrinterEx: struct spoolss_OpenPrinterEx out: struct spoolss_OpenPrinterEx handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000102-0000-0000-7b52-a3947f2c0000 result : WERR_OK [2013/11/07 14:24:51.985214, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1417(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2013/11/07 14:24:51.985326, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (2016, 5001) - sec_ctx_stack_ndx = 0 [2013/11/07 14:24:51.985413, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 176 smbd_smb2_request_pending_queue: req->current_idx = 1 req->in.vector[0].iov_len = 0 req->in.vector[1].iov_len = 0 req->in.vector[2].iov_len = 64 req->in.vector[3].iov_len = 56 req->in.vector[4].iov_len = 192 req->out.vector[0].iov_len = 4 req->out.vector[1].iov_len = 0 req->out.vector[2].iov_len = 64 req->out.vector[3].iov_len = 8 req->out.vector[4].iov_len = 0 [2013/11/07 14:24:51.985907, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:128(smbd_smb2_ioctl_pipe_write_done) smbd_smb2_ioctl_pipe_write_done: received 192 [2013/11/07 14:24:51.985991, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:149(smbd_smb2_ioctl_pipe_write_done) smbd_smb2_ioctl_pipe_write_done: issuing np_read_send of size 1024 [2013/11/07 14:24:51.986076, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) name: \spoolss len: 1024 [2013/11/07 14:24:51.986159, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:347(read_from_internal_pipe) read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 24. [2013/11/07 14:24:51.986255, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0030 (48) auth_length : 0x0000 (0) call_id : 0x00000002 (2) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00000018 (24) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=24 [0000] 00 00 00 00 02 01 00 00 00 00 00 00 7B 52 A3 94 ........ ....{R.. [0010] 7F 2C 00 00 00 00 00 00 .,...... [2013/11/07 14:24:51.987187, 3, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) free_pipe_context: destroying talloc pool of size 61 [2013/11/07 14:24:51.987280, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 48 bytes. There is no more data outstanding [2013/11/07 14:24:51.987375, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:178(smbd_smb2_ioctl_pipe_read_done) smbd_smb2_ioctl_pipe_read_done: np_read_recv nread = 48 is_data_outstanding = 0, status = NT_STATUS_OK [2013/11/07 14:24:51.987463, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl.c:291(smbd_smb2_request_ioctl_done) smbd_smb2_request_ioctl_done: smbd_smb2_ioctl_recv returned 48 status NT_STATUS_OK [2013/11/07 14:24:51.987547, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[48] dyn[yes:48] at ../source3/smbd/smb2_ioctl.c:358 [2013/11/07 14:24:51.987634, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/159/127 [2013/11/07 14:24:51.991888, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) smbd_smb2_request_incoming: idx[1] of 5 vectors [2013/11/07 14:24:51.992199, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) smb2_validate_sequence_number: clearing id 159 (position 159) from bitmap [2013/11/07 14:24:51.992559, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) smbd_smb2_request_dispatch: opcode[SMB2_OP_IOCTL] mid = 159 [2013/11/07 14:24:51.992810, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2013/11/07 14:24:51.993029, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) mid 159, CreditCharge: 1, NeededCharge: 1 [2013/11/07 14:24:51.993235, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl.c:394(smbd_smb2_ioctl_send) smbd_smb2_ioctl: ctl_code[0x0011c017] spoolss, fnum 4247293514 [2013/11/07 14:24:51.993554, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:59(smb2_ioctl_named_pipe) smbd_smb2_ioctl_send: np_write_send of size 4156 [2013/11/07 14:24:51.993757, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 4156 [2013/11/07 14:24:51.993961, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 4156 [2013/11/07 14:24:51.994162, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 4156 [2013/11/07 14:24:51.994364, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) fill_rpc_header: data_to_copy = 4156, len_needed_to_complete_hdr = 16, receive_len = 0 [2013/11/07 14:24:51.994569, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 16 [2013/11/07 14:24:51.994766, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 4140 [2013/11/07 14:24:51.994963, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 4140 [2013/11/07 14:24:51.995177, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 0 [2013/11/07 14:24:51.995420, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 4140 [2013/11/07 14:24:51.995620, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 4140, incoming data = 4140 [2013/11/07 14:24:51.995831, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) PDU is in Little Endian format! [2013/11/07 14:24:51.996056, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x103c (4156) auth_length : 0x0000 (0) call_id : 0x00000003 (3) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x00001024 (4132) context_id : 0x0000 (0) opnum : 0x0008 (8) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=4132 [0000] 00 00 00 00 02 01 00 00 00 00 00 00 7B 52 A3 94 ........ ....{R.. [0010] 7F 2C 00 00 02 00 00 00 00 00 02 00 00 10 00 00 .,...... ........ [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1020] 00 10 00 00 .... [2013/11/07 14:24:52.020178, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) Processing packet type 0 [2013/11/07 14:24:52.020266, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1472(dcesrv_auth_request) Checking request auth. [2013/11/07 14:24:52.020359, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(2016, 5001) : sec_ctx_stack_ndx = 1 [2013/11/07 14:24:52.020475, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (2016, 5001) - sec_ctx_stack_ndx = 1 [2013/11/07 14:24:52.020560, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (7): SID[ 0]: S-1-5-21-1094127309-486540266-3527182606-1118 SID[ 1]: S-1-5-21-1094127309-486540266-3527182606-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-32-545 SID[ 6]: S-1-5-32-554 Privileges (0x 800000): Privilege[ 0]: SeChangeNotifyPrivilege Rights (0x 400): Right[ 0]: SeRemoteInteractiveLogonRight [2013/11/07 14:24:52.021046, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 2016 Primary group is 5001 and contains 6 supplementary groups Group[ 0]: 5001 Group[ 1]: 5012 Group[ 2]: 5032 Group[ 3]: 5010 Group[ 4]: 5067 Group[ 5]: 5052 [2013/11/07 14:24:52.021402, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1324(api_pipe_request) Requested \spoolss rpc service [2013/11/07 14:24:52.021488, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1356(api_rpcTNP) api_rpcTNP: \spoolss op 0x8 - api_rpcTNP: rpc command: SPOOLSS_GETPRINTER [2013/11/07 14:24:52.021575, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1390(api_rpcTNP) api_rpc_cmds[8].fn == 0xb766e000 [2013/11/07 14:24:52.021678, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) spoolss_GetPrinter: struct spoolss_GetPrinter in: struct spoolss_GetPrinter handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000102-0000-0000-7b52-a3947f2c0000 level : 0x00000002 (2) buffer : * buffer : DATA_BLOB length=4096 [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ offered : 0x00001000 (4096) [2013/11/07 14:24:52.038573, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 02 01 00 00 00 00 00 00 7B 52 A3 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:52.038726, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 02 01 00 00 00 00 00 00 7B 52 A3 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:52.038875, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:489(get_printer_snum) short name:sprinter1 [2013/11/07 14:24:52.039053, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) Create pipe requested \winreg [2013/11/07 14:24:52.039147, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:221(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \winreg [2013/11/07 14:24:52.039230, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg [2013/11/07 14:24:52.039370, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) Created internal pipe \winreg [2013/11/07 14:24:52.039485, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:24:52.039996, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2013/11/07 14:24:52.040081, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(2016, 5001) : sec_ctx_stack_ndx = 2 [2013/11/07 14:24:52.040169, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:485(push_conn_ctx) push_conn_ctx(2620291195) : conn_ctx_stack_ndx = 0 [2013/11/07 14:24:52.040251, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/11/07 14:24:52.040331, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/11/07 14:24:52.040466, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/11/07 14:24:52.040712, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (2016, 5001) - sec_ctx_stack_ndx = 1 [2013/11/07 14:24:52.040815, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:866(regdb_open) regdb_open: registry db opened. refcount reset (1) [2013/11/07 14:24:52.040902, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2013/11/07 14:24:52.040982, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2013/11/07 14:24:52.041066, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:52.041145, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM] [2013/11/07 14:24:52.041274, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2013/11/07 14:24:52.041414, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:24:52.041503, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 07 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:52.041656, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000107-0000-0000-7b52-a4947f2c0000 result : WERR_OK [2013/11/07 14:24:52.042020, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000107-0000-0000-7b52-a4947f2c0000 keyname: struct winreg_String name_len : 0x008c (140) name_size : 0x008c (140) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:24:52.043030, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 07 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:52.043201, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2013/11/07 14:24:52.043283, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (1->2) [2013/11/07 14:24:52.043367, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2013/11/07 14:24:52.043447, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2013/11/07 14:24:52.043531, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:52.043610, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE] [2013/11/07 14:24:52.043721, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2013/11/07 14:24:52.043822, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2013/11/07 14:24:52.043905, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (2->3) [2013/11/07 14:24:52.043988, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:52.044068, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:52.044152, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:52.044231, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:52.044336, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:52.044480, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2013/11/07 14:24:52.044564, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (3->4) [2013/11/07 14:24:52.044648, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:52.044727, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:52.044811, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:52.044890, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:52.044991, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:52.045112, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2013/11/07 14:24:52.045193, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (4->5) [2013/11/07 14:24:52.045292, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:52.045375, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:52.045463, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:52.045541, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:52.045667, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2013/11/07 14:24:52.045749, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (5->6) [2013/11/07 14:24:52.045834, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:52.045916, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:52.046005, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:52.046084, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:52.046193, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2013/11/07 14:24:52.046275, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (6->7) [2013/11/07 14:24:52.046362, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:52.046442, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:52.046530, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:52.046608, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:52.046712, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:52.046828, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [sprinter1] [2013/11/07 14:24:52.046910, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (7->8) [2013/11/07 14:24:52.046996, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:52.047077, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:52.047164, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:52.047243, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:52.047368, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:52.047471, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:24:52.047557, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (8->7) [2013/11/07 14:24:52.047640, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (7->6) [2013/11/07 14:24:52.047725, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (6->5) [2013/11/07 14:24:52.047807, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (5->4) [2013/11/07 14:24:52.047889, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (4->3) [2013/11/07 14:24:52.047972, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (3->2) [2013/11/07 14:24:52.048056, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 08 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:52.048205, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000108-0000-0000-7b52-a4947f2c0000 result : WERR_OK [2013/11/07 14:24:52.048592, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey in: struct winreg_QueryInfoKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000108-0000-0000-7b52-a4947f2c0000 classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL [2013/11/07 14:24:52.049077, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 08 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:52.049313, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' (ops 0xb6d86bc0) [2013/11/07 14:24:52.049399, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:52.049520, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[0]: name[Attributes] len[4] [2013/11/07 14:24:52.049606, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[1]: name[Description] len[2] [2013/11/07 14:24:52.049689, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[2]: name[Datatype] len[8] [2013/11/07 14:24:52.049773, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[3]: name[Default Priority] len[4] [2013/11/07 14:24:52.049857, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[4]: name[Port] len[38] [2013/11/07 14:24:52.049941, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[5]: name[Name] len[20] [2013/11/07 14:24:52.050025, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[6]: name[Print Processor] len[18] [2013/11/07 14:24:52.050110, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[7]: name[Priority] len[4] [2013/11/07 14:24:52.050194, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[8]: name[Security] len[248] [2013/11/07 14:24:52.050279, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[9]: name[Share Name] len[20] [2013/11/07 14:24:52.050364, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[10]: name[StartTime] len[4] [2013/11/07 14:24:52.050449, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[11]: name[UntilTime] len[4] [2013/11/07 14:24:52.050547, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[12]: name[ChangeID] len[4] [2013/11/07 14:24:52.050633, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:52.050738, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey out: struct winreg_QueryInfoKey classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL num_subkeys : * num_subkeys : 0x00000003 (3) max_subkeylen : * max_subkeylen : 0x00000022 (34) max_classlen : * max_classlen : 0x00000000 (0) num_values : * num_values : 0x0000000d (13) max_valnamelen : * max_valnamelen : 0x00000022 (34) max_valbufsize : * max_valbufsize : 0x000000f8 (248) secdescsize : * secdescsize : 0x00000078 (120) last_changed_time : * last_changed_time : NTTIME(0) result : WERR_OK [2013/11/07 14:24:52.051725, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000108-0000-0000-7b52-a4947f2c0000 enum_index : 0x00000000 (0) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:52.052612, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 08 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:52.052761, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:52.052850, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0016 (22) size : 0x0024 (36) name : * name : 'Attributes' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x48 (72) [1] : 0x10 (16) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:52.053768, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000108-0000-0000-7b52-a4947f2c0000 enum_index : 0x00000001 (1) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:52.054606, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 08 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:52.054754, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:52.054841, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0018 (24) size : 0x0024 (36) name : * name : 'Description' type : * type : REG_SZ (1) value : * value: ARRAY(2) [0] : 0x00 (0) [1] : 0x00 (0) size : * size : 0x00000002 (2) length : * length : 0x00000002 (2) result : WERR_OK [2013/11/07 14:24:52.055633, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000108-0000-0000-7b52-a4947f2c0000 enum_index : 0x00000002 (2) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:52.056522, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 08 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:52.056674, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:52.056761, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Datatype' type : * type : REG_SZ (1) value : * value: ARRAY(8) [0] : 0x52 (82) [1] : 0x00 (0) [2] : 0x41 (65) [3] : 0x00 (0) [4] : 0x57 (87) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) size : * size : 0x00000008 (8) length : * length : 0x00000008 (8) result : WERR_OK [2013/11/07 14:24:52.057846, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000108-0000-0000-7b52-a4947f2c0000 enum_index : 0x00000003 (3) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:52.058706, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 08 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:52.058855, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:52.058942, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0022 (34) size : 0x0024 (36) name : * name : 'Default Priority' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:52.059805, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000108-0000-0000-7b52-a4947f2c0000 enum_index : 0x00000004 (4) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:52.060688, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 08 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:52.060837, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:52.060924, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x000a (10) size : 0x0024 (36) name : * name : 'Port' type : * type : REG_SZ (1) value : * value: ARRAY(38) [0] : 0x53 (83) [1] : 0x00 (0) [2] : 0x61 (97) [3] : 0x00 (0) [4] : 0x6d (109) [5] : 0x00 (0) [6] : 0x62 (98) [7] : 0x00 (0) [8] : 0x61 (97) [9] : 0x00 (0) [10] : 0x20 (32) [11] : 0x00 (0) [12] : 0x50 (80) [13] : 0x00 (0) [14] : 0x72 (114) [15] : 0x00 (0) [16] : 0x69 (105) [17] : 0x00 (0) [18] : 0x6e (110) [19] : 0x00 (0) [20] : 0x74 (116) [21] : 0x00 (0) [22] : 0x65 (101) [23] : 0x00 (0) [24] : 0x72 (114) [25] : 0x00 (0) [26] : 0x20 (32) [27] : 0x00 (0) [28] : 0x50 (80) [29] : 0x00 (0) [30] : 0x6f (111) [31] : 0x00 (0) [32] : 0x72 (114) [33] : 0x00 (0) [34] : 0x74 (116) [35] : 0x00 (0) [36] : 0x00 (0) [37] : 0x00 (0) size : * size : 0x00000026 (38) length : * length : 0x00000026 (38) result : WERR_OK [2013/11/07 14:24:52.063115, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000108-0000-0000-7b52-a4947f2c0000 enum_index : 0x00000005 (5) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:52.063995, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 08 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:52.064147, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:52.064234, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x000a (10) size : 0x0024 (36) name : * name : 'Name' type : * type : REG_SZ (1) value : * value: ARRAY(20) [0] : 0x73 (115) [1] : 0x00 (0) [2] : 0x70 (112) [3] : 0x00 (0) [4] : 0x72 (114) [5] : 0x00 (0) [6] : 0x69 (105) [7] : 0x00 (0) [8] : 0x6e (110) [9] : 0x00 (0) [10] : 0x74 (116) [11] : 0x00 (0) [12] : 0x65 (101) [13] : 0x00 (0) [14] : 0x72 (114) [15] : 0x00 (0) [16] : 0x31 (49) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) size : * size : 0x00000014 (20) length : * length : 0x00000014 (20) result : WERR_OK [2013/11/07 14:24:52.065814, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000108-0000-0000-7b52-a4947f2c0000 enum_index : 0x00000006 (6) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:52.066673, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 08 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:52.066822, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:52.066909, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0020 (32) size : 0x0024 (36) name : * name : 'Print Processor' type : * type : REG_SZ (1) value : * value: ARRAY(18) [0] : 0x77 (119) [1] : 0x00 (0) [2] : 0x69 (105) [3] : 0x00 (0) [4] : 0x6e (110) [5] : 0x00 (0) [6] : 0x70 (112) [7] : 0x00 (0) [8] : 0x72 (114) [9] : 0x00 (0) [10] : 0x69 (105) [11] : 0x00 (0) [12] : 0x6e (110) [13] : 0x00 (0) [14] : 0x74 (116) [15] : 0x00 (0) [16] : 0x00 (0) [17] : 0x00 (0) size : * size : 0x00000012 (18) length : * length : 0x00000012 (18) result : WERR_OK [2013/11/07 14:24:52.068303, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000108-0000-0000-7b52-a4947f2c0000 enum_index : 0x00000007 (7) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:52.069176, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 08 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:52.069352, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:52.069439, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Priority' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:52.070305, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000108-0000-0000-7b52-a4947f2c0000 enum_index : 0x00000008 (8) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:52.071152, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 08 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:52.071300, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:52.071386, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Security' type : * type : REG_BINARY (3) value : * value: ARRAY(248) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0xc4 (196) [55] : 0x00 (0) [56] : 0x07 (7) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x24 (36) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x05 (5) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x15 (21) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0xcd (205) [101] : 0x0e (14) [102] : 0x37 (55) [103] : 0x41 (65) [104] : 0xea (234) [105] : 0x03 (3) [106] : 0x00 (0) [107] : 0x1d (29) [108] : 0x0e (14) [109] : 0x89 (137) [110] : 0x3c (60) [111] : 0xd2 (210) [112] : 0x00 (0) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x02 (2) [118] : 0x24 (36) [119] : 0x00 (0) [120] : 0x0c (12) [121] : 0x00 (0) [122] : 0x0f (15) [123] : 0x10 (16) [124] : 0x01 (1) [125] : 0x05 (5) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x05 (5) [132] : 0x15 (21) [133] : 0x00 (0) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0xcd (205) [137] : 0x0e (14) [138] : 0x37 (55) [139] : 0x41 (65) [140] : 0xea (234) [141] : 0x03 (3) [142] : 0x00 (0) [143] : 0x1d (29) [144] : 0x0e (14) [145] : 0x89 (137) [146] : 0x3c (60) [147] : 0xd2 (210) [148] : 0x00 (0) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x09 (9) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x20 (32) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x02 (2) [178] : 0x18 (24) [179] : 0x00 (0) [180] : 0x0c (12) [181] : 0x00 (0) [182] : 0x0f (15) [183] : 0x10 (16) [184] : 0x01 (1) [185] : 0x02 (2) [186] : 0x00 (0) [187] : 0x00 (0) [188] : 0x00 (0) [189] : 0x00 (0) [190] : 0x00 (0) [191] : 0x05 (5) [192] : 0x20 (32) [193] : 0x00 (0) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x20 (32) [197] : 0x02 (2) [198] : 0x00 (0) [199] : 0x00 (0) [200] : 0x00 (0) [201] : 0x09 (9) [202] : 0x18 (24) [203] : 0x00 (0) [204] : 0x0c (12) [205] : 0x00 (0) [206] : 0x0f (15) [207] : 0x10 (16) [208] : 0x01 (1) [209] : 0x02 (2) [210] : 0x00 (0) [211] : 0x00 (0) [212] : 0x00 (0) [213] : 0x00 (0) [214] : 0x00 (0) [215] : 0x05 (5) [216] : 0x20 (32) [217] : 0x00 (0) [218] : 0x00 (0) [219] : 0x00 (0) [220] : 0x26 (38) [221] : 0x02 (2) [222] : 0x00 (0) [223] : 0x00 (0) [224] : 0x00 (0) [225] : 0x02 (2) [226] : 0x18 (24) [227] : 0x00 (0) [228] : 0x0c (12) [229] : 0x00 (0) [230] : 0x0f (15) [231] : 0x10 (16) [232] : 0x01 (1) [233] : 0x02 (2) [234] : 0x00 (0) [235] : 0x00 (0) [236] : 0x00 (0) [237] : 0x00 (0) [238] : 0x00 (0) [239] : 0x05 (5) [240] : 0x20 (32) [241] : 0x00 (0) [242] : 0x00 (0) [243] : 0x00 (0) [244] : 0x26 (38) [245] : 0x02 (2) [246] : 0x00 (0) [247] : 0x00 (0) size : * size : 0x000000f8 (248) length : * length : 0x000000f8 (248) result : WERR_OK [2013/11/07 14:24:52.081744, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000108-0000-0000-7b52-a4947f2c0000 enum_index : 0x00000009 (9) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:52.082595, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 08 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:52.082757, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:52.082845, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0016 (22) size : 0x0024 (36) name : * name : 'Share Name' type : * type : REG_SZ (1) value : * value: ARRAY(20) [0] : 0x73 (115) [1] : 0x00 (0) [2] : 0x70 (112) [3] : 0x00 (0) [4] : 0x72 (114) [5] : 0x00 (0) [6] : 0x69 (105) [7] : 0x00 (0) [8] : 0x6e (110) [9] : 0x00 (0) [10] : 0x74 (116) [11] : 0x00 (0) [12] : 0x65 (101) [13] : 0x00 (0) [14] : 0x72 (114) [15] : 0x00 (0) [16] : 0x31 (49) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) size : * size : 0x00000014 (20) length : * length : 0x00000014 (20) result : WERR_OK [2013/11/07 14:24:52.084318, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000108-0000-0000-7b52-a4947f2c0000 enum_index : 0x0000000a (10) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:52.085193, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 08 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:52.085355, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:52.085456, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0014 (20) size : 0x0024 (36) name : * name : 'StartTime' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:52.086321, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000108-0000-0000-7b52-a4947f2c0000 enum_index : 0x0000000b (11) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:52.087185, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 08 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:52.087334, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:52.087421, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0014 (20) size : 0x0024 (36) name : * name : 'UntilTime' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:52.088331, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000108-0000-0000-7b52-a4947f2c0000 enum_index : 0x0000000c (12) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:52.089217, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 08 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:52.089396, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:52.089486, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'ChangeID' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x33 (51) [1] : 0xac (172) [2] : 0x0e (14) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:52.090408, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000108-0000-0000-7b52-a4947f2c0000 value_name : * value_name: struct winreg_String name_len : 0x0020 (32) name_size : 0x0020 (32) name : * name : 'Default DevMode' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2013/11/07 14:24:52.091194, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 08 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:52.091343, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:52.091425, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2013/11/07 14:24:52.091513, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:316(_winreg_QueryValue) _winreg_QueryValue: reg_queryvalue failed with: WERR_BADFILE [2013/11/07 14:24:52.091594, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) result : WERR_BADFILE [2013/11/07 14:24:52.092055, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:24:52.092590, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2013/11/07 14:24:52.092673, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (2->3) [2013/11/07 14:24:52.092758, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2013/11/07 14:24:52.092839, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2013/11/07 14:24:52.092922, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:52.093001, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM] [2013/11/07 14:24:52.093123, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2013/11/07 14:24:52.093241, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:24:52.093343, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[3] [0000] 00 00 00 00 09 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:52.093497, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000109-0000-0000-7b52-a4947f2c0000 result : WERR_OK [2013/11/07 14:24:52.093842, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000109-0000-0000-7b52-a4947f2c0000 keyname: struct winreg_String name_len : 0x008c (140) name_size : 0x008c (140) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:24:52.094844, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 09 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:52.095000, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2013/11/07 14:24:52.095082, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (3->4) [2013/11/07 14:24:52.095166, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2013/11/07 14:24:52.095246, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2013/11/07 14:24:52.095329, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:52.095408, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE] [2013/11/07 14:24:52.095531, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2013/11/07 14:24:52.095631, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2013/11/07 14:24:52.095713, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (4->5) [2013/11/07 14:24:52.095797, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:52.095877, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:52.095961, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:52.096039, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:52.096145, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:52.096245, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2013/11/07 14:24:52.096328, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (5->6) [2013/11/07 14:24:52.096442, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:52.096522, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:52.096607, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:52.096686, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:52.096788, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:52.096889, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2013/11/07 14:24:52.096970, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (6->7) [2013/11/07 14:24:52.097056, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:52.097135, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:52.097221, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:52.097327, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:52.097451, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2013/11/07 14:24:52.097534, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (7->8) [2013/11/07 14:24:52.097621, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:52.097701, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:52.097789, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:52.097868, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:52.097976, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2013/11/07 14:24:52.098059, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (8->9) [2013/11/07 14:24:52.098143, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:52.098225, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:52.098315, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:52.098394, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:52.098500, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:52.098602, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [sprinter1] [2013/11/07 14:24:52.098686, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (9->10) [2013/11/07 14:24:52.098771, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:52.098852, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:52.098953, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:52.099033, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:52.099146, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:52.099249, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:24:52.099412, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (10->9) [2013/11/07 14:24:52.099498, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (9->8) [2013/11/07 14:24:52.099582, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (8->7) [2013/11/07 14:24:52.099664, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (7->6) [2013/11/07 14:24:52.099748, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (6->5) [2013/11/07 14:24:52.099831, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (5->4) [2013/11/07 14:24:52.099915, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[4] [0000] 00 00 00 00 0A 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:52.100067, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000010a-0000-0000-7b52-a4947f2c0000 result : WERR_OK [2013/11/07 14:24:52.100443, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000010a-0000-0000-7b52-a4947f2c0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2013/11/07 14:24:52.101237, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0A 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:52.101423, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:52.101506, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2013/11/07 14:24:52.101588, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' (ops 0xb6d86bc0) [2013/11/07 14:24:52.101672, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:52.101784, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[0]: name[Attributes] len[4] [2013/11/07 14:24:52.101869, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[1]: name[Description] len[2] [2013/11/07 14:24:52.101953, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[2]: name[Datatype] len[8] [2013/11/07 14:24:52.102036, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[3]: name[Default Priority] len[4] [2013/11/07 14:24:52.102120, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[4]: name[Port] len[38] [2013/11/07 14:24:52.102204, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[5]: name[Name] len[20] [2013/11/07 14:24:52.102288, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[6]: name[Print Processor] len[18] [2013/11/07 14:24:52.102372, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[7]: name[Priority] len[4] [2013/11/07 14:24:52.102457, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[8]: name[Security] len[248] [2013/11/07 14:24:52.102541, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[9]: name[Share Name] len[20] [2013/11/07 14:24:52.102626, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[10]: name[StartTime] len[4] [2013/11/07 14:24:52.102710, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[11]: name[UntilTime] len[4] [2013/11/07 14:24:52.102795, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[12]: name[ChangeID] len[4] [2013/11/07 14:24:52.102896, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : NULL data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x00000000 (0) result : WERR_OK [2013/11/07 14:24:52.103350, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000010a-0000-0000-7b52-a4947f2c0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_BINARY (3) data : * data: ARRAY(0) data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x00000000 (0) [2013/11/07 14:24:52.104239, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0A 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:52.104415, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:52.104501, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2013/11/07 14:24:52.104589, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : * data: ARRAY(248) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0xc4 (196) [55] : 0x00 (0) [56] : 0x07 (7) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x24 (36) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x05 (5) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x15 (21) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0xcd (205) [101] : 0x0e (14) [102] : 0x37 (55) [103] : 0x41 (65) [104] : 0xea (234) [105] : 0x03 (3) [106] : 0x00 (0) [107] : 0x1d (29) [108] : 0x0e (14) [109] : 0x89 (137) [110] : 0x3c (60) [111] : 0xd2 (210) [112] : 0x00 (0) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x02 (2) [118] : 0x24 (36) [119] : 0x00 (0) [120] : 0x0c (12) [121] : 0x00 (0) [122] : 0x0f (15) [123] : 0x10 (16) [124] : 0x01 (1) [125] : 0x05 (5) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x05 (5) [132] : 0x15 (21) [133] : 0x00 (0) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0xcd (205) [137] : 0x0e (14) [138] : 0x37 (55) [139] : 0x41 (65) [140] : 0xea (234) [141] : 0x03 (3) [142] : 0x00 (0) [143] : 0x1d (29) [144] : 0x0e (14) [145] : 0x89 (137) [146] : 0x3c (60) [147] : 0xd2 (210) [148] : 0x00 (0) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x09 (9) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x20 (32) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x02 (2) [178] : 0x18 (24) [179] : 0x00 (0) [180] : 0x0c (12) [181] : 0x00 (0) [182] : 0x0f (15) [183] : 0x10 (16) [184] : 0x01 (1) [185] : 0x02 (2) [186] : 0x00 (0) [187] : 0x00 (0) [188] : 0x00 (0) [189] : 0x00 (0) [190] : 0x00 (0) [191] : 0x05 (5) [192] : 0x20 (32) [193] : 0x00 (0) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x20 (32) [197] : 0x02 (2) [198] : 0x00 (0) [199] : 0x00 (0) [200] : 0x00 (0) [201] : 0x09 (9) [202] : 0x18 (24) [203] : 0x00 (0) [204] : 0x0c (12) [205] : 0x00 (0) [206] : 0x0f (15) [207] : 0x10 (16) [208] : 0x01 (1) [209] : 0x02 (2) [210] : 0x00 (0) [211] : 0x00 (0) [212] : 0x00 (0) [213] : 0x00 (0) [214] : 0x00 (0) [215] : 0x05 (5) [216] : 0x20 (32) [217] : 0x00 (0) [218] : 0x00 (0) [219] : 0x00 (0) [220] : 0x26 (38) [221] : 0x02 (2) [222] : 0x00 (0) [223] : 0x00 (0) [224] : 0x00 (0) [225] : 0x02 (2) [226] : 0x18 (24) [227] : 0x00 (0) [228] : 0x0c (12) [229] : 0x00 (0) [230] : 0x0f (15) [231] : 0x10 (16) [232] : 0x01 (1) [233] : 0x02 (2) [234] : 0x00 (0) [235] : 0x00 (0) [236] : 0x00 (0) [237] : 0x00 (0) [238] : 0x00 (0) [239] : 0x05 (5) [240] : 0x20 (32) [241] : 0x00 (0) [242] : 0x00 (0) [243] : 0x00 (0) [244] : 0x26 (38) [245] : 0x02 (2) [246] : 0x00 (0) [247] : 0x00 (0) data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x000000f8 (248) result : WERR_OK [2013/11/07 14:24:52.115081, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000010a-0000-0000-7b52-a4947f2c0000 [2013/11/07 14:24:52.115369, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0A 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:52.115521, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0A 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:52.115669, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:24:52.115756, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (4->3) [2013/11/07 14:24:52.115840, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:24:52.116178, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000109-0000-0000-7b52-a4947f2c0000 [2013/11/07 14:24:52.116491, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 09 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:52.116659, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 09 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:52.116808, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:24:52.116891, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (3->2) [2013/11/07 14:24:52.116973, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:24:52.117344, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000108-0000-0000-7b52-a4947f2c0000 [2013/11/07 14:24:52.117625, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 08 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:52.117773, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 08 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:52.117920, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:24:52.118008, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (2->1) [2013/11/07 14:24:52.118090, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:24:52.118425, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000107-0000-0000-7b52-a4947f2c0000 [2013/11/07 14:24:52.118705, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 07 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:52.118871, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 07 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:52.119021, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:24:52.119105, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (1->0) [2013/11/07 14:24:52.119211, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:24:52.119552, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:416(close_policy_by_pipe) Deleted handle list for RPC connection \winreg [2013/11/07 14:24:52.119772, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) spoolss_GetPrinter: struct spoolss_GetPrinter out: struct spoolss_GetPrinter info : * info : union spoolss_PrinterInfo(case 2) info2: struct spoolss_PrinterInfo2 servername : * servername : '\\SLAVER' printername : * printername : '\\SLAVER\sprinter1' sharename : * sharename : 'sprinter1' portname : * portname : 'Samba Printer Port' drivername : * drivername : '' comment : * comment : '' location : * location : '' devmode : * devmode: struct spoolss_DeviceMode devicename : '\\SLAVER\sprinter1' specversion : DMSPEC_NT4_AND_ABOVE (1025) driverversion : 0x0400 (1024) size : 0x00dc (220) __driverextra_length : 0x0000 (0) fields : 0x00014713 (83731) 1: DEVMODE_ORIENTATION 1: DEVMODE_PAPERSIZE 0: DEVMODE_PAPERLENGTH 0: DEVMODE_PAPERWIDTH 1: DEVMODE_SCALE 0: DEVMODE_POSITION 0: DEVMODE_NUP 1: DEVMODE_COPIES 1: DEVMODE_DEFAULTSOURCE 1: DEVMODE_PRINTQUALITY 0: DEVMODE_COLOR 0: DEVMODE_DUPLEX 0: DEVMODE_YRESOLUTION 1: DEVMODE_TTOPTION 0: DEVMODE_COLLATE 1: DEVMODE_FORMNAME 0: DEVMODE_LOGPIXELS 0: DEVMODE_BITSPERPEL 0: DEVMODE_PELSWIDTH 0: DEVMODE_PELSHEIGHT 0: DEVMODE_DISPLAYFLAGS 0: DEVMODE_DISPLAYFREQUENCY 0: DEVMODE_ICMMETHOD 0: DEVMODE_ICMINTENT 0: DEVMODE_MEDIATYPE 0: DEVMODE_DITHERTYPE 0: DEVMODE_PANNINGWIDTH 0: DEVMODE_PANNINGHEIGHT orientation : DMORIENT_PORTRAIT (1) papersize : DMPAPER_LETTER (1) paperlength : 0x0000 (0) paperwidth : 0x0000 (0) scale : 0x0064 (100) copies : 0x0001 (1) defaultsource : DMBIN_FORMSOURCE (15) printquality : DMRES_HIGH (65532) color : DMRES_MONOCHROME (1) duplex : DMDUP_SIMPLEX (1) yresolution : 0x0000 (0) ttoption : DMTT_SUBDEV (3) collate : DMCOLLATE_FALSE (0) formname : 'Letter' logpixels : 0x0000 (0) bitsperpel : 0x00000000 (0) pelswidth : 0x00000000 (0) pelsheight : 0x00000000 (0) displayflags : UNKNOWN_ENUM_VALUE (0) displayfrequency : 0x00000000 (0) icmmethod : UNKNOWN_ENUM_VALUE (0) icmintent : UNKNOWN_ENUM_VALUE (0) mediatype : UNKNOWN_ENUM_VALUE (0) dithertype : UNKNOWN_ENUM_VALUE (0) reserved1 : 0x00000000 (0) reserved2 : 0x00000000 (0) panningwidth : 0x00000000 (0) panningheight : 0x00000000 (0) driverextra_data : DATA_BLOB length=0 sepfile : * sepfile : '' printprocessor : * printprocessor : 'winprint' datatype : * datatype : 'RAW' parameters : * parameters : '' secdesc : * secdesc: struct security_descriptor revision : SECURITY_DESCRIPTOR_REVISION_1 (1) type : 0x8004 (32772) 0: SEC_DESC_OWNER_DEFAULTED 0: SEC_DESC_GROUP_DEFAULTED 1: SEC_DESC_DACL_PRESENT 0: SEC_DESC_DACL_DEFAULTED 0: SEC_DESC_SACL_PRESENT 0: SEC_DESC_SACL_DEFAULTED 0: SEC_DESC_DACL_TRUSTED 0: SEC_DESC_SERVER_SECURITY 0: SEC_DESC_DACL_AUTO_INHERIT_REQ 0: SEC_DESC_SACL_AUTO_INHERIT_REQ 0: SEC_DESC_DACL_AUTO_INHERITED 0: SEC_DESC_SACL_AUTO_INHERITED 0: SEC_DESC_DACL_PROTECTED 0: SEC_DESC_SACL_PROTECTED 0: SEC_DESC_RM_CONTROL_VALID 1: SEC_DESC_SELF_RELATIVE owner_sid : * owner_sid : S-1-5-32-544 group_sid : * group_sid : S-1-5-32-544 sacl : NULL dacl : * dacl: struct security_acl revision : SECURITY_ACL_REVISION_NT4 (2) size : 0x00c4 (196) num_aces : 0x00000007 (7) aces: ARRAY(7) aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0014 (20) access_mask : 0x20020008 (537001992) object : union security_ace_object_ctr(case 0) trustee : S-1-1-0 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x09 (9) 1: SEC_ACE_FLAG_OBJECT_INHERIT 0: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 1: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0024 (36) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-21-1094127309-486540266-3527182606-512 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0024 (36) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-21-1094127309-486540266-3527182606-512 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x09 (9) 1: SEC_ACE_FLAG_OBJECT_INHERIT 0: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 1: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-544 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-544 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x09 (9) 1: SEC_ACE_FLAG_OBJECT_INHERIT 0: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 1: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-550 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-550 attributes : 0x00001048 (4168) 0: PRINTER_ATTRIBUTE_QUEUED 0: PRINTER_ATTRIBUTE_DIRECT 0: PRINTER_ATTRIBUTE_DEFAULT 1: PRINTER_ATTRIBUTE_SHARED 0: PRINTER_ATTRIBUTE_NETWORK 0: PRINTER_ATTRIBUTE_HIDDEN 1: PRINTER_ATTRIBUTE_LOCAL 0: PRINTER_ATTRIBUTE_ENABLE_DEVQ 0: PRINTER_ATTRIBUTE_KEEPPRINTEDJOBS 0: PRINTER_ATTRIBUTE_DO_COMPLETE_FIRST 0: PRINTER_ATTRIBUTE_WORK_OFFLINE 0: PRINTER_ATTRIBUTE_ENABLE_BIDI 1: PRINTER_ATTRIBUTE_RAW_ONLY 0: PRINTER_ATTRIBUTE_PUBLISHED 0: PRINTER_ATTRIBUTE_FAX 0: PRINTER_ATTRIBUTE_TS priority : 0x00000001 (1) defaultpriority : 0x00000001 (1) starttime : 0x00000000 (0) untiltime : 0x00000000 (0) status : 0x00000000 (0) 0: PRINTER_STATUS_PAUSED 0: PRINTER_STATUS_ERROR 0: PRINTER_STATUS_PENDING_DELETION 0: PRINTER_STATUS_PAPER_JAM 0: PRINTER_STATUS_PAPER_OUT 0: PRINTER_STATUS_MANUAL_FEED 0: PRINTER_STATUS_PAPER_PROBLEM 0: PRINTER_STATUS_OFFLINE 0: PRINTER_STATUS_IO_ACTIVE 0: PRINTER_STATUS_BUSY 0: PRINTER_STATUS_PRINTING 0: PRINTER_STATUS_OUTPUT_BIN_FULL 0: PRINTER_STATUS_NOT_AVAILABLE 0: PRINTER_STATUS_WAITING 0: PRINTER_STATUS_PROCESSING 0: PRINTER_STATUS_INITIALIZING 0: PRINTER_STATUS_WARMING_UP 0: PRINTER_STATUS_TONER_LOW 0: PRINTER_STATUS_NO_TONER 0: PRINTER_STATUS_PAGE_PUNT 0: PRINTER_STATUS_USER_INTERVENTION 0: PRINTER_STATUS_OUT_OF_MEMORY 0: PRINTER_STATUS_DOOR_OPEN 0: PRINTER_STATUS_SERVER_UNKNOWN 0: PRINTER_STATUS_POWER_SAVE cjobs : 0x00000000 (0) averageppm : 0x00000000 (0) needed : * needed : 0x000002f0 (752) result : WERR_OK [2013/11/07 14:24:52.131278, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1417(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2013/11/07 14:24:52.131400, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (2016, 5001) - sec_ctx_stack_ndx = 0 [2013/11/07 14:24:52.131492, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 4140 smbd_smb2_request_pending_queue: req->current_idx = 1 req->in.vector[0].iov_len = 0 req->in.vector[1].iov_len = 0 req->in.vector[2].iov_len = 64 req->in.vector[3].iov_len = 56 req->in.vector[4].iov_len = 4156 req->out.vector[0].iov_len = 4 req->out.vector[1].iov_len = 0 req->out.vector[2].iov_len = 64 req->out.vector[3].iov_len = 8 req->out.vector[4].iov_len = 0 [2013/11/07 14:24:52.131997, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:128(smbd_smb2_ioctl_pipe_write_done) smbd_smb2_ioctl_pipe_write_done: received 4156 [2013/11/07 14:24:52.132082, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:149(smbd_smb2_ioctl_pipe_write_done) smbd_smb2_ioctl_pipe_write_done: issuing np_read_send of size 1024 [2013/11/07 14:24:52.132166, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) name: \spoolss len: 1024 [2013/11/07 14:24:52.132251, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:347(read_from_internal_pipe) read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 4112. [2013/11/07 14:24:52.132349, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x1028 (4136) auth_length : 0x0000 (0) call_id : 0x00000003 (3) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00001010 (4112) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=4112 [0000] 04 00 02 00 00 10 00 00 EE 0F 00 00 C8 0F 00 00 ........ ........ [0010] B4 0F 00 00 8E 0F 00 00 8C 0F 00 00 8A 0F 00 00 ........ ........ [0020] 88 0F 00 00 8C 0E 00 00 86 0F 00 00 74 0F 00 00 ........ ....t... [0030] 6C 0F 00 00 6A 0F 00 00 94 0D 00 00 48 10 00 00 l...j... ....H... [0040] 01 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 01 00 04 80 ........ ........ [0DA0] D8 00 00 00 E8 00 00 00 00 00 00 00 14 00 00 00 ........ ........ [0DB0] 02 00 C4 00 07 00 00 00 00 02 14 00 08 00 02 20 ........ ....... [0DC0] 01 01 00 00 00 00 00 01 00 00 00 00 00 09 24 00 ........ ......$. [0DD0] 0C 00 0F 10 01 05 00 00 00 00 00 05 15 00 00 00 ........ ........ [0DE0] CD 0E 37 41 EA 03 00 1D 0E 89 3C D2 00 02 00 00 ..7A.... ..<..... [0DF0] 00 02 24 00 0C 00 0F 10 01 05 00 00 00 00 00 05 ..$..... ........ [0E00] 15 00 00 00 CD 0E 37 41 EA 03 00 1D 0E 89 3C D2 ......7A ......<. [0E10] 00 02 00 00 00 09 18 00 0C 00 0F 10 01 02 00 00 ........ ........ [0E20] 00 00 00 05 20 00 00 00 20 02 00 00 00 02 18 00 .... ... ....... [0E30] 0C 00 0F 10 01 02 00 00 00 00 00 05 20 00 00 00 ........ .... ... [0E40] 20 02 00 00 00 09 18 00 0C 00 0F 10 01 02 00 00 ....... ........ [0E50] 00 00 00 05 20 00 00 00 26 02 00 00 00 02 18 00 .... ... &....... [0E60] 0C 00 0F 10 01 02 00 00 00 00 00 05 20 00 00 00 ........ .... ... [0E70] 26 02 00 00 01 02 00 00 00 00 00 05 20 00 00 00 &....... .... ... [0E80] 20 02 00 00 01 02 00 00 00 00 00 05 20 00 00 00 ....... .... ... [0E90] 20 02 00 00 5C 00 5C 00 53 00 4C 00 41 00 56 00 ...\.\. S.L.A.V. [0EA0] 45 00 52 00 5C 00 73 00 70 00 72 00 69 00 6E 00 E.R.\.s. p.r.i.n. [0EB0] 74 00 65 00 72 00 31 00 00 00 00 00 00 00 00 00 t.e.r.1. ........ [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0ED0] 00 00 00 00 01 04 00 04 DC 00 00 00 13 47 01 00 ........ .....G.. [0EE0] 01 00 01 00 00 00 00 00 64 00 01 00 0F 00 FC FF ........ d....... [0EF0] 01 00 01 00 00 00 03 00 00 00 4C 00 65 00 74 00 ........ ..L.e.t. [0F00] 74 00 65 00 72 00 00 00 00 00 00 00 00 00 00 00 t.e.r... ........ [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F70] 00 00 00 00 52 00 41 00 57 00 00 00 77 00 69 00 ....R.A. W...w.i. [0F80] 6E 00 70 00 72 00 69 00 6E 00 74 00 00 00 00 00 n.p.r.i. n.t..... [0F90] 00 00 00 00 00 00 53 00 61 00 6D 00 62 00 61 00 ......S. a.m.b.a. [0FA0] 20 00 50 00 72 00 69 00 6E 00 74 00 65 00 72 00 .P.r.i. n.t.e.r. [0FB0] 20 00 50 00 6F 00 72 00 74 00 00 00 73 00 70 00 .P.o.r. t...s.p. [0FC0] 72 00 69 00 6E 00 74 00 65 00 72 00 31 00 00 00 r.i.n.t. e.r.1... [0FD0] 5C 00 5C 00 53 00 4C 00 41 00 56 00 45 00 52 00 \.\.S.L. A.V.E.R. [0FE0] 5C 00 73 00 70 00 72 00 69 00 6E 00 74 00 65 00 \.s.p.r. i.n.t.e. [0FF0] 72 00 31 00 00 00 5C 00 5C 00 53 00 4C 00 41 00 r.1...\. \.S.L.A. [1000] 56 00 45 00 52 00 00 00 F0 02 00 00 00 00 00 00 V.E.R... ........ [2013/11/07 14:24:52.150792, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 1024 bytes. There is more data outstanding [2013/11/07 14:24:52.150878, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:178(smbd_smb2_ioctl_pipe_read_done) smbd_smb2_ioctl_pipe_read_done: np_read_recv nread = 1024 is_data_outstanding = 1, status = NT_STATUS_OK [2013/11/07 14:24:52.150967, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl.c:291(smbd_smb2_request_ioctl_done) smbd_smb2_request_ioctl_done: smbd_smb2_ioctl_recv returned 1024 status STATUS_BUFFER_OVERFLOW [2013/11/07 14:24:52.151052, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) smbd_smb2_request_done_ex: idx[1] status[STATUS_BUFFER_OVERFLOW] body[48] dyn[yes:1024] at ../source3/smbd/smb2_ioctl.c:358 [2013/11/07 14:24:52.151140, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/160/127 [2013/11/07 14:24:52.152970, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) smbd_smb2_request_incoming: idx[1] of 5 vectors [2013/11/07 14:24:52.153100, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) smb2_validate_sequence_number: clearing id 160 (position 160) from bitmap [2013/11/07 14:24:52.153186, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) smbd_smb2_request_dispatch: opcode[SMB2_OP_READ] mid = 160 [2013/11/07 14:24:52.153314, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2013/11/07 14:24:52.153409, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) mid 160, CreditCharge: 1, NeededCharge: 1 [2013/11/07 14:24:52.153492, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_read.c:400(smbd_smb2_read_send) smbd_smb2_read: spoolss - fnum 4247293514 [2013/11/07 14:24:52.153665, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) name: \spoolss len: 3112 [2013/11/07 14:24:52.153752, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:326(read_from_internal_pipe) read_from_pipe: \spoolss: current_pdu_len = 4136, current_pdu_sent = 1024 returning 3112 bytes. [2013/11/07 14:24:52.153841, 3, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) free_pipe_context: destroying talloc pool of size 1258 smbd_smb2_request_pending_queue: req->current_idx = 1 req->in.vector[0].iov_len = 0 req->in.vector[1].iov_len = 0 req->in.vector[2].iov_len = 64 req->in.vector[3].iov_len = 48 req->in.vector[4].iov_len = 1 req->out.vector[0].iov_len = 4 req->out.vector[1].iov_len = 0 req->out.vector[2].iov_len = 64 req->out.vector[3].iov_len = 8 req->out.vector[4].iov_len = 0 [2013/11/07 14:24:52.154356, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 3112 bytes. There is more data outstanding [2013/11/07 14:24:52.154460, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[16] dyn[yes:3112] at ../source3/smbd/smb2_read.c:154 [2013/11/07 14:24:52.154587, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/161/127 [2013/11/07 14:24:52.158317, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) smbd_smb2_request_incoming: idx[1] of 5 vectors [2013/11/07 14:24:52.158649, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) smb2_validate_sequence_number: clearing id 161 (position 161) from bitmap [2013/11/07 14:24:52.158870, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) smbd_smb2_request_dispatch: opcode[SMB2_OP_IOCTL] mid = 161 [2013/11/07 14:24:52.159114, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2013/11/07 14:24:52.159332, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) mid 161, CreditCharge: 1, NeededCharge: 1 [2013/11/07 14:24:52.159539, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl.c:394(smbd_smb2_ioctl_send) smbd_smb2_ioctl: ctl_code[0x0011c017] spoolss, fnum 4247293514 [2013/11/07 14:24:52.159758, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:59(smb2_ioctl_named_pipe) smbd_smb2_ioctl_send: np_write_send of size 4156 [2013/11/07 14:24:52.159960, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 4156 [2013/11/07 14:24:52.160163, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 4156 [2013/11/07 14:24:52.160363, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 4156 [2013/11/07 14:24:52.160643, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) fill_rpc_header: data_to_copy = 4156, len_needed_to_complete_hdr = 16, receive_len = 0 [2013/11/07 14:24:52.160866, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 16 [2013/11/07 14:24:52.161064, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 4140 [2013/11/07 14:24:52.161262, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 4140 [2013/11/07 14:24:52.161535, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 0 [2013/11/07 14:24:52.161733, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 4140 [2013/11/07 14:24:52.161931, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 4140, incoming data = 4140 [2013/11/07 14:24:52.162187, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) PDU is in Little Endian format! [2013/11/07 14:24:52.162435, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x103c (4156) auth_length : 0x0000 (0) call_id : 0x00000004 (4) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x00001024 (4132) context_id : 0x0000 (0) opnum : 0x0008 (8) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=4132 [0000] 00 00 00 00 02 01 00 00 00 00 00 00 7B 52 A3 94 ........ ....{R.. [0010] 7F 2C 00 00 02 00 00 00 00 00 02 00 00 10 00 00 .,...... ........ [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1020] 00 10 00 00 .... [2013/11/07 14:24:52.187183, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) Processing packet type 0 [2013/11/07 14:24:52.187267, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1472(dcesrv_auth_request) Checking request auth. [2013/11/07 14:24:52.187359, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(2016, 5001) : sec_ctx_stack_ndx = 1 [2013/11/07 14:24:52.187449, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (2016, 5001) - sec_ctx_stack_ndx = 1 [2013/11/07 14:24:52.187534, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (7): SID[ 0]: S-1-5-21-1094127309-486540266-3527182606-1118 SID[ 1]: S-1-5-21-1094127309-486540266-3527182606-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-32-545 SID[ 6]: S-1-5-32-554 Privileges (0x 800000): Privilege[ 0]: SeChangeNotifyPrivilege Rights (0x 400): Right[ 0]: SeRemoteInteractiveLogonRight [2013/11/07 14:24:52.188019, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 2016 Primary group is 5001 and contains 6 supplementary groups Group[ 0]: 5001 Group[ 1]: 5012 Group[ 2]: 5032 Group[ 3]: 5010 Group[ 4]: 5067 Group[ 5]: 5052 [2013/11/07 14:24:52.188366, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1324(api_pipe_request) Requested \spoolss rpc service [2013/11/07 14:24:52.188511, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1356(api_rpcTNP) api_rpcTNP: \spoolss op 0x8 - api_rpcTNP: rpc command: SPOOLSS_GETPRINTER [2013/11/07 14:24:52.188598, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1390(api_rpcTNP) api_rpc_cmds[8].fn == 0xb766e000 [2013/11/07 14:24:52.188688, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) spoolss_GetPrinter: struct spoolss_GetPrinter in: struct spoolss_GetPrinter handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000102-0000-0000-7b52-a3947f2c0000 level : 0x00000002 (2) buffer : * buffer : DATA_BLOB length=4096 [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ offered : 0x00001000 (4096) [2013/11/07 14:24:52.205701, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 02 01 00 00 00 00 00 00 7B 52 A3 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:52.205872, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 02 01 00 00 00 00 00 00 7B 52 A3 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:52.206021, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:489(get_printer_snum) short name:sprinter1 [2013/11/07 14:24:52.206200, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) Create pipe requested \winreg [2013/11/07 14:24:52.206293, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:221(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \winreg [2013/11/07 14:24:52.206377, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg [2013/11/07 14:24:52.206520, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) Created internal pipe \winreg [2013/11/07 14:24:52.206637, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:24:52.207150, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2013/11/07 14:24:52.207236, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(2016, 5001) : sec_ctx_stack_ndx = 2 [2013/11/07 14:24:52.207324, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:485(push_conn_ctx) push_conn_ctx(2620291195) : conn_ctx_stack_ndx = 0 [2013/11/07 14:24:52.207406, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/11/07 14:24:52.207487, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/11/07 14:24:52.207567, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/11/07 14:24:52.207816, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (2016, 5001) - sec_ctx_stack_ndx = 1 [2013/11/07 14:24:52.207903, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:866(regdb_open) regdb_open: registry db opened. refcount reset (1) [2013/11/07 14:24:52.207990, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2013/11/07 14:24:52.208071, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2013/11/07 14:24:52.208171, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:52.208250, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM] [2013/11/07 14:24:52.208378, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2013/11/07 14:24:52.208545, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:24:52.208634, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 0B 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:52.208788, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000010b-0000-0000-7b52-a4947f2c0000 result : WERR_OK [2013/11/07 14:24:52.209151, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000010b-0000-0000-7b52-a4947f2c0000 keyname: struct winreg_String name_len : 0x008c (140) name_size : 0x008c (140) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:24:52.210207, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0B 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:52.210367, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2013/11/07 14:24:52.210450, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (1->2) [2013/11/07 14:24:52.210534, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2013/11/07 14:24:52.210631, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2013/11/07 14:24:52.210715, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:52.210794, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE] [2013/11/07 14:24:52.210906, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2013/11/07 14:24:52.211007, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2013/11/07 14:24:52.211089, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (2->3) [2013/11/07 14:24:52.211173, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:52.211252, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:52.211336, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:52.211415, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:52.211522, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:52.211622, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2013/11/07 14:24:52.211703, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (3->4) [2013/11/07 14:24:52.211787, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:52.211867, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:52.211950, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:52.212029, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:52.212131, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:52.212234, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2013/11/07 14:24:52.212316, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (4->5) [2013/11/07 14:24:52.212450, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:52.212536, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:52.212624, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:52.212703, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:52.212831, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2013/11/07 14:24:52.212914, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (5->6) [2013/11/07 14:24:52.212999, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:52.213081, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:52.213170, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:52.213250, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:52.213373, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2013/11/07 14:24:52.213455, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (6->7) [2013/11/07 14:24:52.213542, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:52.213622, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:52.213710, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:52.213789, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:52.213893, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:52.213996, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [sprinter1] [2013/11/07 14:24:52.214079, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (7->8) [2013/11/07 14:24:52.214179, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:52.214259, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:52.214347, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:52.214426, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:52.214552, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:52.214826, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:24:52.214915, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (8->7) [2013/11/07 14:24:52.214999, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (7->6) [2013/11/07 14:24:52.215085, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (6->5) [2013/11/07 14:24:52.215168, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (5->4) [2013/11/07 14:24:52.215250, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (4->3) [2013/11/07 14:24:52.215334, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (3->2) [2013/11/07 14:24:52.215419, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 0C 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:52.215571, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000010c-0000-0000-7b52-a4947f2c0000 result : WERR_OK [2013/11/07 14:24:52.215930, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey in: struct winreg_QueryInfoKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000010c-0000-0000-7b52-a4947f2c0000 classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL [2013/11/07 14:24:52.216460, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0C 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:52.216620, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' (ops 0xb6d86bc0) [2013/11/07 14:24:52.216704, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:52.216825, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[0]: name[Attributes] len[4] [2013/11/07 14:24:52.216911, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[1]: name[Description] len[2] [2013/11/07 14:24:52.216994, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[2]: name[Datatype] len[8] [2013/11/07 14:24:52.217078, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[3]: name[Default Priority] len[4] [2013/11/07 14:24:52.217162, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[4]: name[Port] len[38] [2013/11/07 14:24:52.217246, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[5]: name[Name] len[20] [2013/11/07 14:24:52.217347, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[6]: name[Print Processor] len[18] [2013/11/07 14:24:52.217431, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[7]: name[Priority] len[4] [2013/11/07 14:24:52.217516, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[8]: name[Security] len[248] [2013/11/07 14:24:52.217601, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[9]: name[Share Name] len[20] [2013/11/07 14:24:52.217686, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[10]: name[StartTime] len[4] [2013/11/07 14:24:52.217771, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[11]: name[UntilTime] len[4] [2013/11/07 14:24:52.217856, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[12]: name[ChangeID] len[4] [2013/11/07 14:24:52.217941, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:52.218062, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey out: struct winreg_QueryInfoKey classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL num_subkeys : * num_subkeys : 0x00000003 (3) max_subkeylen : * max_subkeylen : 0x00000022 (34) max_classlen : * max_classlen : 0x00000000 (0) num_values : * num_values : 0x0000000d (13) max_valnamelen : * max_valnamelen : 0x00000022 (34) max_valbufsize : * max_valbufsize : 0x000000f8 (248) secdescsize : * secdescsize : 0x00000078 (120) last_changed_time : * last_changed_time : NTTIME(0) result : WERR_OK [2013/11/07 14:24:52.219059, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000010c-0000-0000-7b52-a4947f2c0000 enum_index : 0x00000000 (0) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:52.219911, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0C 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:52.220062, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:52.220150, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0016 (22) size : 0x0024 (36) name : * name : 'Attributes' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x48 (72) [1] : 0x10 (16) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:52.221094, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000010c-0000-0000-7b52-a4947f2c0000 enum_index : 0x00000001 (1) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:52.221970, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0C 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:52.222120, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:52.222211, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0018 (24) size : 0x0024 (36) name : * name : 'Description' type : * type : REG_SZ (1) value : * value: ARRAY(2) [0] : 0x00 (0) [1] : 0x00 (0) size : * size : 0x00000002 (2) length : * length : 0x00000002 (2) result : WERR_OK [2013/11/07 14:24:52.223010, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000010c-0000-0000-7b52-a4947f2c0000 enum_index : 0x00000002 (2) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:52.223872, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0C 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:52.224023, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:52.224110, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Datatype' type : * type : REG_SZ (1) value : * value: ARRAY(8) [0] : 0x52 (82) [1] : 0x00 (0) [2] : 0x41 (65) [3] : 0x00 (0) [4] : 0x57 (87) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) size : * size : 0x00000008 (8) length : * length : 0x00000008 (8) result : WERR_OK [2013/11/07 14:24:52.225172, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000010c-0000-0000-7b52-a4947f2c0000 enum_index : 0x00000003 (3) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:52.226030, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0C 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:52.226179, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:52.226281, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0022 (34) size : 0x0024 (36) name : * name : 'Default Priority' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:52.227146, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000010c-0000-0000-7b52-a4947f2c0000 enum_index : 0x00000004 (4) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:52.228002, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0C 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:52.228151, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:52.228237, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x000a (10) size : 0x0024 (36) name : * name : 'Port' type : * type : REG_SZ (1) value : * value: ARRAY(38) [0] : 0x53 (83) [1] : 0x00 (0) [2] : 0x61 (97) [3] : 0x00 (0) [4] : 0x6d (109) [5] : 0x00 (0) [6] : 0x62 (98) [7] : 0x00 (0) [8] : 0x61 (97) [9] : 0x00 (0) [10] : 0x20 (32) [11] : 0x00 (0) [12] : 0x50 (80) [13] : 0x00 (0) [14] : 0x72 (114) [15] : 0x00 (0) [16] : 0x69 (105) [17] : 0x00 (0) [18] : 0x6e (110) [19] : 0x00 (0) [20] : 0x74 (116) [21] : 0x00 (0) [22] : 0x65 (101) [23] : 0x00 (0) [24] : 0x72 (114) [25] : 0x00 (0) [26] : 0x20 (32) [27] : 0x00 (0) [28] : 0x50 (80) [29] : 0x00 (0) [30] : 0x6f (111) [31] : 0x00 (0) [32] : 0x72 (114) [33] : 0x00 (0) [34] : 0x74 (116) [35] : 0x00 (0) [36] : 0x00 (0) [37] : 0x00 (0) size : * size : 0x00000026 (38) length : * length : 0x00000026 (38) result : WERR_OK [2013/11/07 14:24:52.230460, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000010c-0000-0000-7b52-a4947f2c0000 enum_index : 0x00000005 (5) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:52.231304, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0C 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:52.231455, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:52.231559, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x000a (10) size : 0x0024 (36) name : * name : 'Name' type : * type : REG_SZ (1) value : * value: ARRAY(20) [0] : 0x73 (115) [1] : 0x00 (0) [2] : 0x70 (112) [3] : 0x00 (0) [4] : 0x72 (114) [5] : 0x00 (0) [6] : 0x69 (105) [7] : 0x00 (0) [8] : 0x6e (110) [9] : 0x00 (0) [10] : 0x74 (116) [11] : 0x00 (0) [12] : 0x65 (101) [13] : 0x00 (0) [14] : 0x72 (114) [15] : 0x00 (0) [16] : 0x31 (49) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) size : * size : 0x00000014 (20) length : * length : 0x00000014 (20) result : WERR_OK [2013/11/07 14:24:52.233113, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000010c-0000-0000-7b52-a4947f2c0000 enum_index : 0x00000006 (6) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:52.233987, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0C 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:52.234136, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:52.234239, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0020 (32) size : 0x0024 (36) name : * name : 'Print Processor' type : * type : REG_SZ (1) value : * value: ARRAY(18) [0] : 0x77 (119) [1] : 0x00 (0) [2] : 0x69 (105) [3] : 0x00 (0) [4] : 0x6e (110) [5] : 0x00 (0) [6] : 0x70 (112) [7] : 0x00 (0) [8] : 0x72 (114) [9] : 0x00 (0) [10] : 0x69 (105) [11] : 0x00 (0) [12] : 0x6e (110) [13] : 0x00 (0) [14] : 0x74 (116) [15] : 0x00 (0) [16] : 0x00 (0) [17] : 0x00 (0) size : * size : 0x00000012 (18) length : * length : 0x00000012 (18) result : WERR_OK [2013/11/07 14:24:52.235640, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000010c-0000-0000-7b52-a4947f2c0000 enum_index : 0x00000007 (7) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:52.236515, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0C 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:52.236664, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:52.236750, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Priority' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:52.237645, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000010c-0000-0000-7b52-a4947f2c0000 enum_index : 0x00000008 (8) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:52.238493, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0C 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:52.238642, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:52.238728, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Security' type : * type : REG_BINARY (3) value : * value: ARRAY(248) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0xc4 (196) [55] : 0x00 (0) [56] : 0x07 (7) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x24 (36) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x05 (5) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x15 (21) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0xcd (205) [101] : 0x0e (14) [102] : 0x37 (55) [103] : 0x41 (65) [104] : 0xea (234) [105] : 0x03 (3) [106] : 0x00 (0) [107] : 0x1d (29) [108] : 0x0e (14) [109] : 0x89 (137) [110] : 0x3c (60) [111] : 0xd2 (210) [112] : 0x00 (0) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x02 (2) [118] : 0x24 (36) [119] : 0x00 (0) [120] : 0x0c (12) [121] : 0x00 (0) [122] : 0x0f (15) [123] : 0x10 (16) [124] : 0x01 (1) [125] : 0x05 (5) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x05 (5) [132] : 0x15 (21) [133] : 0x00 (0) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0xcd (205) [137] : 0x0e (14) [138] : 0x37 (55) [139] : 0x41 (65) [140] : 0xea (234) [141] : 0x03 (3) [142] : 0x00 (0) [143] : 0x1d (29) [144] : 0x0e (14) [145] : 0x89 (137) [146] : 0x3c (60) [147] : 0xd2 (210) [148] : 0x00 (0) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x09 (9) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x20 (32) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x02 (2) [178] : 0x18 (24) [179] : 0x00 (0) [180] : 0x0c (12) [181] : 0x00 (0) [182] : 0x0f (15) [183] : 0x10 (16) [184] : 0x01 (1) [185] : 0x02 (2) [186] : 0x00 (0) [187] : 0x00 (0) [188] : 0x00 (0) [189] : 0x00 (0) [190] : 0x00 (0) [191] : 0x05 (5) [192] : 0x20 (32) [193] : 0x00 (0) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x20 (32) [197] : 0x02 (2) [198] : 0x00 (0) [199] : 0x00 (0) [200] : 0x00 (0) [201] : 0x09 (9) [202] : 0x18 (24) [203] : 0x00 (0) [204] : 0x0c (12) [205] : 0x00 (0) [206] : 0x0f (15) [207] : 0x10 (16) [208] : 0x01 (1) [209] : 0x02 (2) [210] : 0x00 (0) [211] : 0x00 (0) [212] : 0x00 (0) [213] : 0x00 (0) [214] : 0x00 (0) [215] : 0x05 (5) [216] : 0x20 (32) [217] : 0x00 (0) [218] : 0x00 (0) [219] : 0x00 (0) [220] : 0x26 (38) [221] : 0x02 (2) [222] : 0x00 (0) [223] : 0x00 (0) [224] : 0x00 (0) [225] : 0x02 (2) [226] : 0x18 (24) [227] : 0x00 (0) [228] : 0x0c (12) [229] : 0x00 (0) [230] : 0x0f (15) [231] : 0x10 (16) [232] : 0x01 (1) [233] : 0x02 (2) [234] : 0x00 (0) [235] : 0x00 (0) [236] : 0x00 (0) [237] : 0x00 (0) [238] : 0x00 (0) [239] : 0x05 (5) [240] : 0x20 (32) [241] : 0x00 (0) [242] : 0x00 (0) [243] : 0x00 (0) [244] : 0x26 (38) [245] : 0x02 (2) [246] : 0x00 (0) [247] : 0x00 (0) size : * size : 0x000000f8 (248) length : * length : 0x000000f8 (248) result : WERR_OK [2013/11/07 14:24:52.249107, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000010c-0000-0000-7b52-a4947f2c0000 enum_index : 0x00000009 (9) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:52.250032, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0C 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:52.250183, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:52.250270, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0016 (22) size : 0x0024 (36) name : * name : 'Share Name' type : * type : REG_SZ (1) value : * value: ARRAY(20) [0] : 0x73 (115) [1] : 0x00 (0) [2] : 0x70 (112) [3] : 0x00 (0) [4] : 0x72 (114) [5] : 0x00 (0) [6] : 0x69 (105) [7] : 0x00 (0) [8] : 0x6e (110) [9] : 0x00 (0) [10] : 0x74 (116) [11] : 0x00 (0) [12] : 0x65 (101) [13] : 0x00 (0) [14] : 0x72 (114) [15] : 0x00 (0) [16] : 0x31 (49) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) size : * size : 0x00000014 (20) length : * length : 0x00000014 (20) result : WERR_OK [2013/11/07 14:24:52.251760, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000010c-0000-0000-7b52-a4947f2c0000 enum_index : 0x0000000a (10) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:52.252634, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0C 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:52.252784, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:52.252872, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0014 (20) size : 0x0024 (36) name : * name : 'StartTime' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:52.253760, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000010c-0000-0000-7b52-a4947f2c0000 enum_index : 0x0000000b (11) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:52.254619, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0C 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:52.254767, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:52.254853, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0014 (20) size : 0x0024 (36) name : * name : 'UntilTime' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:52.255721, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000010c-0000-0000-7b52-a4947f2c0000 enum_index : 0x0000000c (12) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:52.256620, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0C 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:52.256768, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:52.256853, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'ChangeID' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x33 (51) [1] : 0xac (172) [2] : 0x0e (14) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:52.257799, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000010c-0000-0000-7b52-a4947f2c0000 value_name : * value_name: struct winreg_String name_len : 0x0020 (32) name_size : 0x0020 (32) name : * name : 'Default DevMode' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2013/11/07 14:24:52.258568, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0C 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:52.258730, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:52.258812, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2013/11/07 14:24:52.258900, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:316(_winreg_QueryValue) _winreg_QueryValue: reg_queryvalue failed with: WERR_BADFILE [2013/11/07 14:24:52.258980, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) result : WERR_BADFILE [2013/11/07 14:24:52.259438, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:24:52.259943, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2013/11/07 14:24:52.260025, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (2->3) [2013/11/07 14:24:52.260110, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2013/11/07 14:24:52.260190, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2013/11/07 14:24:52.260273, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:52.260351, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM] [2013/11/07 14:24:52.260498, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2013/11/07 14:24:52.260599, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:24:52.260687, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[3] [0000] 00 00 00 00 0D 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:52.260854, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000010d-0000-0000-7b52-a4947f2c0000 result : WERR_OK [2013/11/07 14:24:52.261198, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000010d-0000-0000-7b52-a4947f2c0000 keyname: struct winreg_String name_len : 0x008c (140) name_size : 0x008c (140) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:24:52.262210, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0D 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:52.262366, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2013/11/07 14:24:52.262448, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (3->4) [2013/11/07 14:24:52.262533, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2013/11/07 14:24:52.262612, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2013/11/07 14:24:52.262696, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:52.262774, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE] [2013/11/07 14:24:52.262884, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2013/11/07 14:24:52.262984, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2013/11/07 14:24:52.263066, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (4->5) [2013/11/07 14:24:52.263163, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:52.263243, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:52.263326, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:52.263405, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:52.263510, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:52.263609, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2013/11/07 14:24:52.263692, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (5->6) [2013/11/07 14:24:52.263776, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:52.263855, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:52.263938, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:52.264016, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:52.264118, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:52.264218, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2013/11/07 14:24:52.264300, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (6->7) [2013/11/07 14:24:52.264409, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:52.264493, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:52.264579, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:52.264658, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:52.264781, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2013/11/07 14:24:52.264877, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (7->8) [2013/11/07 14:24:52.264964, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:52.265044, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:52.265132, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:52.265211, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:52.265332, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2013/11/07 14:24:52.265415, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (8->9) [2013/11/07 14:24:52.265499, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:52.265581, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:52.265670, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:52.265749, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:52.265855, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:52.265957, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [sprinter1] [2013/11/07 14:24:52.266040, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (9->10) [2013/11/07 14:24:52.266134, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:52.266215, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:52.266302, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:52.266381, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:52.266494, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:52.266610, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:24:52.266694, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (10->9) [2013/11/07 14:24:52.266778, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (9->8) [2013/11/07 14:24:52.266862, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (8->7) [2013/11/07 14:24:52.266945, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (7->6) [2013/11/07 14:24:52.267028, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (6->5) [2013/11/07 14:24:52.267111, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (5->4) [2013/11/07 14:24:52.267195, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[4] [0000] 00 00 00 00 0E 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:52.267346, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000010e-0000-0000-7b52-a4947f2c0000 result : WERR_OK [2013/11/07 14:24:52.267698, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000010e-0000-0000-7b52-a4947f2c0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2013/11/07 14:24:52.268497, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0E 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:52.268649, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:52.268744, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2013/11/07 14:24:52.268828, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' (ops 0xb6d86bc0) [2013/11/07 14:24:52.268911, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:52.269017, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[0]: name[Attributes] len[4] [2013/11/07 14:24:52.269102, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[1]: name[Description] len[2] [2013/11/07 14:24:52.269187, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[2]: name[Datatype] len[8] [2013/11/07 14:24:52.269271, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[3]: name[Default Priority] len[4] [2013/11/07 14:24:52.269390, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[4]: name[Port] len[38] [2013/11/07 14:24:52.269474, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[5]: name[Name] len[20] [2013/11/07 14:24:52.269558, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[6]: name[Print Processor] len[18] [2013/11/07 14:24:52.269643, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[7]: name[Priority] len[4] [2013/11/07 14:24:52.269728, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[8]: name[Security] len[248] [2013/11/07 14:24:52.269813, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[9]: name[Share Name] len[20] [2013/11/07 14:24:52.269898, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[10]: name[StartTime] len[4] [2013/11/07 14:24:52.269983, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[11]: name[UntilTime] len[4] [2013/11/07 14:24:52.270068, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[12]: name[ChangeID] len[4] [2013/11/07 14:24:52.270155, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : NULL data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x00000000 (0) result : WERR_OK [2013/11/07 14:24:52.270629, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000010e-0000-0000-7b52-a4947f2c0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_BINARY (3) data : * data: ARRAY(0) data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x00000000 (0) [2013/11/07 14:24:52.271438, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0E 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:52.271590, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:52.271672, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2013/11/07 14:24:52.271759, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : * data: ARRAY(248) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0xc4 (196) [55] : 0x00 (0) [56] : 0x07 (7) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x24 (36) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x05 (5) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x15 (21) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0xcd (205) [101] : 0x0e (14) [102] : 0x37 (55) [103] : 0x41 (65) [104] : 0xea (234) [105] : 0x03 (3) [106] : 0x00 (0) [107] : 0x1d (29) [108] : 0x0e (14) [109] : 0x89 (137) [110] : 0x3c (60) [111] : 0xd2 (210) [112] : 0x00 (0) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x02 (2) [118] : 0x24 (36) [119] : 0x00 (0) [120] : 0x0c (12) [121] : 0x00 (0) [122] : 0x0f (15) [123] : 0x10 (16) [124] : 0x01 (1) [125] : 0x05 (5) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x05 (5) [132] : 0x15 (21) [133] : 0x00 (0) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0xcd (205) [137] : 0x0e (14) [138] : 0x37 (55) [139] : 0x41 (65) [140] : 0xea (234) [141] : 0x03 (3) [142] : 0x00 (0) [143] : 0x1d (29) [144] : 0x0e (14) [145] : 0x89 (137) [146] : 0x3c (60) [147] : 0xd2 (210) [148] : 0x00 (0) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x09 (9) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x20 (32) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x02 (2) [178] : 0x18 (24) [179] : 0x00 (0) [180] : 0x0c (12) [181] : 0x00 (0) [182] : 0x0f (15) [183] : 0x10 (16) [184] : 0x01 (1) [185] : 0x02 (2) [186] : 0x00 (0) [187] : 0x00 (0) [188] : 0x00 (0) [189] : 0x00 (0) [190] : 0x00 (0) [191] : 0x05 (5) [192] : 0x20 (32) [193] : 0x00 (0) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x20 (32) [197] : 0x02 (2) [198] : 0x00 (0) [199] : 0x00 (0) [200] : 0x00 (0) [201] : 0x09 (9) [202] : 0x18 (24) [203] : 0x00 (0) [204] : 0x0c (12) [205] : 0x00 (0) [206] : 0x0f (15) [207] : 0x10 (16) [208] : 0x01 (1) [209] : 0x02 (2) [210] : 0x00 (0) [211] : 0x00 (0) [212] : 0x00 (0) [213] : 0x00 (0) [214] : 0x00 (0) [215] : 0x05 (5) [216] : 0x20 (32) [217] : 0x00 (0) [218] : 0x00 (0) [219] : 0x00 (0) [220] : 0x26 (38) [221] : 0x02 (2) [222] : 0x00 (0) [223] : 0x00 (0) [224] : 0x00 (0) [225] : 0x02 (2) [226] : 0x18 (24) [227] : 0x00 (0) [228] : 0x0c (12) [229] : 0x00 (0) [230] : 0x0f (15) [231] : 0x10 (16) [232] : 0x01 (1) [233] : 0x02 (2) [234] : 0x00 (0) [235] : 0x00 (0) [236] : 0x00 (0) [237] : 0x00 (0) [238] : 0x00 (0) [239] : 0x05 (5) [240] : 0x20 (32) [241] : 0x00 (0) [242] : 0x00 (0) [243] : 0x00 (0) [244] : 0x26 (38) [245] : 0x02 (2) [246] : 0x00 (0) [247] : 0x00 (0) data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x000000f8 (248) result : WERR_OK [2013/11/07 14:24:52.282061, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000010e-0000-0000-7b52-a4947f2c0000 [2013/11/07 14:24:52.282344, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0E 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:52.282494, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0E 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:52.282641, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:24:52.282727, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (4->3) [2013/11/07 14:24:52.282809, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:24:52.283146, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000010d-0000-0000-7b52-a4947f2c0000 [2013/11/07 14:24:52.283424, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0D 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:52.283575, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0D 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:52.283724, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:24:52.283820, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (3->2) [2013/11/07 14:24:52.283902, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:24:52.284241, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000010c-0000-0000-7b52-a4947f2c0000 [2013/11/07 14:24:52.284552, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0C 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:52.284701, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0C 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:52.284847, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:24:52.284934, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (2->1) [2013/11/07 14:24:52.285016, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:24:52.285369, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000010b-0000-0000-7b52-a4947f2c0000 [2013/11/07 14:24:52.285647, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0B 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:52.285799, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0B 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:52.285949, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:24:52.286047, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (1->0) [2013/11/07 14:24:52.286152, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:24:52.286491, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:416(close_policy_by_pipe) Deleted handle list for RPC connection \winreg [2013/11/07 14:24:52.286708, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) spoolss_GetPrinter: struct spoolss_GetPrinter out: struct spoolss_GetPrinter info : * info : union spoolss_PrinterInfo(case 2) info2: struct spoolss_PrinterInfo2 servername : * servername : '\\SLAVER' printername : * printername : '\\SLAVER\sprinter1' sharename : * sharename : 'sprinter1' portname : * portname : 'Samba Printer Port' drivername : * drivername : '' comment : * comment : '' location : * location : '' devmode : * devmode: struct spoolss_DeviceMode devicename : '\\SLAVER\sprinter1' specversion : DMSPEC_NT4_AND_ABOVE (1025) driverversion : 0x0400 (1024) size : 0x00dc (220) __driverextra_length : 0x0000 (0) fields : 0x00014713 (83731) 1: DEVMODE_ORIENTATION 1: DEVMODE_PAPERSIZE 0: DEVMODE_PAPERLENGTH 0: DEVMODE_PAPERWIDTH 1: DEVMODE_SCALE 0: DEVMODE_POSITION 0: DEVMODE_NUP 1: DEVMODE_COPIES 1: DEVMODE_DEFAULTSOURCE 1: DEVMODE_PRINTQUALITY 0: DEVMODE_COLOR 0: DEVMODE_DUPLEX 0: DEVMODE_YRESOLUTION 1: DEVMODE_TTOPTION 0: DEVMODE_COLLATE 1: DEVMODE_FORMNAME 0: DEVMODE_LOGPIXELS 0: DEVMODE_BITSPERPEL 0: DEVMODE_PELSWIDTH 0: DEVMODE_PELSHEIGHT 0: DEVMODE_DISPLAYFLAGS 0: DEVMODE_DISPLAYFREQUENCY 0: DEVMODE_ICMMETHOD 0: DEVMODE_ICMINTENT 0: DEVMODE_MEDIATYPE 0: DEVMODE_DITHERTYPE 0: DEVMODE_PANNINGWIDTH 0: DEVMODE_PANNINGHEIGHT orientation : DMORIENT_PORTRAIT (1) papersize : DMPAPER_LETTER (1) paperlength : 0x0000 (0) paperwidth : 0x0000 (0) scale : 0x0064 (100) copies : 0x0001 (1) defaultsource : DMBIN_FORMSOURCE (15) printquality : DMRES_HIGH (65532) color : DMRES_MONOCHROME (1) duplex : DMDUP_SIMPLEX (1) yresolution : 0x0000 (0) ttoption : DMTT_SUBDEV (3) collate : DMCOLLATE_FALSE (0) formname : 'Letter' logpixels : 0x0000 (0) bitsperpel : 0x00000000 (0) pelswidth : 0x00000000 (0) pelsheight : 0x00000000 (0) displayflags : UNKNOWN_ENUM_VALUE (0) displayfrequency : 0x00000000 (0) icmmethod : UNKNOWN_ENUM_VALUE (0) icmintent : UNKNOWN_ENUM_VALUE (0) mediatype : UNKNOWN_ENUM_VALUE (0) dithertype : UNKNOWN_ENUM_VALUE (0) reserved1 : 0x00000000 (0) reserved2 : 0x00000000 (0) panningwidth : 0x00000000 (0) panningheight : 0x00000000 (0) driverextra_data : DATA_BLOB length=0 sepfile : * sepfile : '' printprocessor : * printprocessor : 'winprint' datatype : * datatype : 'RAW' parameters : * parameters : '' secdesc : * secdesc: struct security_descriptor revision : SECURITY_DESCRIPTOR_REVISION_1 (1) type : 0x8004 (32772) 0: SEC_DESC_OWNER_DEFAULTED 0: SEC_DESC_GROUP_DEFAULTED 1: SEC_DESC_DACL_PRESENT 0: SEC_DESC_DACL_DEFAULTED 0: SEC_DESC_SACL_PRESENT 0: SEC_DESC_SACL_DEFAULTED 0: SEC_DESC_DACL_TRUSTED 0: SEC_DESC_SERVER_SECURITY 0: SEC_DESC_DACL_AUTO_INHERIT_REQ 0: SEC_DESC_SACL_AUTO_INHERIT_REQ 0: SEC_DESC_DACL_AUTO_INHERITED 0: SEC_DESC_SACL_AUTO_INHERITED 0: SEC_DESC_DACL_PROTECTED 0: SEC_DESC_SACL_PROTECTED 0: SEC_DESC_RM_CONTROL_VALID 1: SEC_DESC_SELF_RELATIVE owner_sid : * owner_sid : S-1-5-32-544 group_sid : * group_sid : S-1-5-32-544 sacl : NULL dacl : * dacl: struct security_acl revision : SECURITY_ACL_REVISION_NT4 (2) size : 0x00c4 (196) num_aces : 0x00000007 (7) aces: ARRAY(7) aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0014 (20) access_mask : 0x20020008 (537001992) object : union security_ace_object_ctr(case 0) trustee : S-1-1-0 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x09 (9) 1: SEC_ACE_FLAG_OBJECT_INHERIT 0: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 1: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0024 (36) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-21-1094127309-486540266-3527182606-512 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0024 (36) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-21-1094127309-486540266-3527182606-512 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x09 (9) 1: SEC_ACE_FLAG_OBJECT_INHERIT 0: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 1: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-544 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-544 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x09 (9) 1: SEC_ACE_FLAG_OBJECT_INHERIT 0: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 1: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-550 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-550 attributes : 0x00001048 (4168) 0: PRINTER_ATTRIBUTE_QUEUED 0: PRINTER_ATTRIBUTE_DIRECT 0: PRINTER_ATTRIBUTE_DEFAULT 1: PRINTER_ATTRIBUTE_SHARED 0: PRINTER_ATTRIBUTE_NETWORK 0: PRINTER_ATTRIBUTE_HIDDEN 1: PRINTER_ATTRIBUTE_LOCAL 0: PRINTER_ATTRIBUTE_ENABLE_DEVQ 0: PRINTER_ATTRIBUTE_KEEPPRINTEDJOBS 0: PRINTER_ATTRIBUTE_DO_COMPLETE_FIRST 0: PRINTER_ATTRIBUTE_WORK_OFFLINE 0: PRINTER_ATTRIBUTE_ENABLE_BIDI 1: PRINTER_ATTRIBUTE_RAW_ONLY 0: PRINTER_ATTRIBUTE_PUBLISHED 0: PRINTER_ATTRIBUTE_FAX 0: PRINTER_ATTRIBUTE_TS priority : 0x00000001 (1) defaultpriority : 0x00000001 (1) starttime : 0x00000000 (0) untiltime : 0x00000000 (0) status : 0x00000000 (0) 0: PRINTER_STATUS_PAUSED 0: PRINTER_STATUS_ERROR 0: PRINTER_STATUS_PENDING_DELETION 0: PRINTER_STATUS_PAPER_JAM 0: PRINTER_STATUS_PAPER_OUT 0: PRINTER_STATUS_MANUAL_FEED 0: PRINTER_STATUS_PAPER_PROBLEM 0: PRINTER_STATUS_OFFLINE 0: PRINTER_STATUS_IO_ACTIVE 0: PRINTER_STATUS_BUSY 0: PRINTER_STATUS_PRINTING 0: PRINTER_STATUS_OUTPUT_BIN_FULL 0: PRINTER_STATUS_NOT_AVAILABLE 0: PRINTER_STATUS_WAITING 0: PRINTER_STATUS_PROCESSING 0: PRINTER_STATUS_INITIALIZING 0: PRINTER_STATUS_WARMING_UP 0: PRINTER_STATUS_TONER_LOW 0: PRINTER_STATUS_NO_TONER 0: PRINTER_STATUS_PAGE_PUNT 0: PRINTER_STATUS_USER_INTERVENTION 0: PRINTER_STATUS_OUT_OF_MEMORY 0: PRINTER_STATUS_DOOR_OPEN 0: PRINTER_STATUS_SERVER_UNKNOWN 0: PRINTER_STATUS_POWER_SAVE cjobs : 0x00000000 (0) averageppm : 0x00000000 (0) needed : * needed : 0x000002f0 (752) result : WERR_OK [2013/11/07 14:24:52.298113, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1417(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2013/11/07 14:24:52.298233, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (2016, 5001) - sec_ctx_stack_ndx = 0 [2013/11/07 14:24:52.298325, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 4140 smbd_smb2_request_pending_queue: req->current_idx = 1 req->in.vector[0].iov_len = 0 req->in.vector[1].iov_len = 0 req->in.vector[2].iov_len = 64 req->in.vector[3].iov_len = 56 req->in.vector[4].iov_len = 4156 req->out.vector[0].iov_len = 4 req->out.vector[1].iov_len = 0 req->out.vector[2].iov_len = 64 req->out.vector[3].iov_len = 8 req->out.vector[4].iov_len = 0 [2013/11/07 14:24:52.298827, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:128(smbd_smb2_ioctl_pipe_write_done) smbd_smb2_ioctl_pipe_write_done: received 4156 [2013/11/07 14:24:52.298912, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:149(smbd_smb2_ioctl_pipe_write_done) smbd_smb2_ioctl_pipe_write_done: issuing np_read_send of size 4136 [2013/11/07 14:24:52.298997, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) name: \spoolss len: 4136 [2013/11/07 14:24:52.299082, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:347(read_from_internal_pipe) read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 4112. [2013/11/07 14:24:52.299180, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x1028 (4136) auth_length : 0x0000 (0) call_id : 0x00000004 (4) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00001010 (4112) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=4112 [0000] 04 00 02 00 00 10 00 00 EE 0F 00 00 C8 0F 00 00 ........ ........ [0010] B4 0F 00 00 8E 0F 00 00 8C 0F 00 00 8A 0F 00 00 ........ ........ [0020] 88 0F 00 00 8C 0E 00 00 86 0F 00 00 74 0F 00 00 ........ ....t... [0030] 6C 0F 00 00 6A 0F 00 00 94 0D 00 00 48 10 00 00 l...j... ....H... [0040] 01 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 01 00 04 80 ........ ........ [0DA0] D8 00 00 00 E8 00 00 00 00 00 00 00 14 00 00 00 ........ ........ [0DB0] 02 00 C4 00 07 00 00 00 00 02 14 00 08 00 02 20 ........ ....... [0DC0] 01 01 00 00 00 00 00 01 00 00 00 00 00 09 24 00 ........ ......$. [0DD0] 0C 00 0F 10 01 05 00 00 00 00 00 05 15 00 00 00 ........ ........ [0DE0] CD 0E 37 41 EA 03 00 1D 0E 89 3C D2 00 02 00 00 ..7A.... ..<..... [0DF0] 00 02 24 00 0C 00 0F 10 01 05 00 00 00 00 00 05 ..$..... ........ [0E00] 15 00 00 00 CD 0E 37 41 EA 03 00 1D 0E 89 3C D2 ......7A ......<. [0E10] 00 02 00 00 00 09 18 00 0C 00 0F 10 01 02 00 00 ........ ........ [0E20] 00 00 00 05 20 00 00 00 20 02 00 00 00 02 18 00 .... ... ....... [0E30] 0C 00 0F 10 01 02 00 00 00 00 00 05 20 00 00 00 ........ .... ... [0E40] 20 02 00 00 00 09 18 00 0C 00 0F 10 01 02 00 00 ....... ........ [0E50] 00 00 00 05 20 00 00 00 26 02 00 00 00 02 18 00 .... ... &....... [0E60] 0C 00 0F 10 01 02 00 00 00 00 00 05 20 00 00 00 ........ .... ... [0E70] 26 02 00 00 01 02 00 00 00 00 00 05 20 00 00 00 &....... .... ... [0E80] 20 02 00 00 01 02 00 00 00 00 00 05 20 00 00 00 ....... .... ... [0E90] 20 02 00 00 5C 00 5C 00 53 00 4C 00 41 00 56 00 ...\.\. S.L.A.V. [0EA0] 45 00 52 00 5C 00 73 00 70 00 72 00 69 00 6E 00 E.R.\.s. p.r.i.n. [0EB0] 74 00 65 00 72 00 31 00 00 00 00 00 00 00 00 00 t.e.r.1. ........ [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0ED0] 00 00 00 00 01 04 00 04 DC 00 00 00 13 47 01 00 ........ .....G.. [0EE0] 01 00 01 00 00 00 00 00 64 00 01 00 0F 00 FC FF ........ d....... [0EF0] 01 00 01 00 00 00 03 00 00 00 4C 00 65 00 74 00 ........ ..L.e.t. [0F00] 74 00 65 00 72 00 00 00 00 00 00 00 00 00 00 00 t.e.r... ........ [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F70] 00 00 00 00 52 00 41 00 57 00 00 00 77 00 69 00 ....R.A. W...w.i. [0F80] 6E 00 70 00 72 00 69 00 6E 00 74 00 00 00 00 00 n.p.r.i. n.t..... [0F90] 00 00 00 00 00 00 53 00 61 00 6D 00 62 00 61 00 ......S. a.m.b.a. [0FA0] 20 00 50 00 72 00 69 00 6E 00 74 00 65 00 72 00 .P.r.i. n.t.e.r. [0FB0] 20 00 50 00 6F 00 72 00 74 00 00 00 73 00 70 00 .P.o.r. t...s.p. [0FC0] 72 00 69 00 6E 00 74 00 65 00 72 00 31 00 00 00 r.i.n.t. e.r.1... [0FD0] 5C 00 5C 00 53 00 4C 00 41 00 56 00 45 00 52 00 \.\.S.L. A.V.E.R. [0FE0] 5C 00 73 00 70 00 72 00 69 00 6E 00 74 00 65 00 \.s.p.r. i.n.t.e. [0FF0] 72 00 31 00 00 00 5C 00 5C 00 53 00 4C 00 41 00 r.1...\. \.S.L.A. [1000] 56 00 45 00 52 00 00 00 F0 02 00 00 00 00 00 00 V.E.R... ........ [2013/11/07 14:24:52.317892, 3, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) free_pipe_context: destroying talloc pool of size 1258 [2013/11/07 14:24:52.318031, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 4136 bytes. There is no more data outstanding [2013/11/07 14:24:52.318115, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:178(smbd_smb2_ioctl_pipe_read_done) smbd_smb2_ioctl_pipe_read_done: np_read_recv nread = 4136 is_data_outstanding = 0, status = NT_STATUS_OK [2013/11/07 14:24:52.318204, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl.c:291(smbd_smb2_request_ioctl_done) smbd_smb2_request_ioctl_done: smbd_smb2_ioctl_recv returned 4136 status NT_STATUS_OK [2013/11/07 14:24:52.318288, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[48] dyn[yes:4136] at ../source3/smbd/smb2_ioctl.c:358 [2013/11/07 14:24:52.318375, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/162/127 [2013/11/07 14:24:52.323451, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) smbd_smb2_request_incoming: idx[1] of 5 vectors [2013/11/07 14:24:52.323807, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) smb2_validate_sequence_number: clearing id 162 (position 162) from bitmap [2013/11/07 14:24:52.324025, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) smbd_smb2_request_dispatch: opcode[SMB2_OP_IOCTL] mid = 162 [2013/11/07 14:24:52.324276, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2013/11/07 14:24:52.324784, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) mid 162, CreditCharge: 1, NeededCharge: 1 [2013/11/07 14:24:52.324991, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl.c:394(smbd_smb2_ioctl_send) smbd_smb2_ioctl: ctl_code[0x0011c017] spoolss, fnum 4247293514 [2013/11/07 14:24:52.325222, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:59(smb2_ioctl_named_pipe) smbd_smb2_ioctl_send: np_write_send of size 44 [2013/11/07 14:24:52.325456, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 44 [2013/11/07 14:24:52.325679, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 44 [2013/11/07 14:24:52.325880, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 44 [2013/11/07 14:24:52.326083, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 [2013/11/07 14:24:52.326363, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 16 [2013/11/07 14:24:52.326578, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 28 [2013/11/07 14:24:52.326777, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 28 [2013/11/07 14:24:52.327033, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 0 [2013/11/07 14:24:52.327232, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 28 [2013/11/07 14:24:52.327430, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 28, incoming data = 28 [2013/11/07 14:24:52.327637, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) PDU is in Little Endian format! [2013/11/07 14:24:52.327861, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x002c (44) auth_length : 0x0000 (0) call_id : 0x00000005 (5) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x00000014 (20) context_id : 0x0000 (0) opnum : 0x001d (29) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=20 [0000] 00 00 00 00 02 01 00 00 00 00 00 00 7B 52 A3 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:52.330483, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) Processing packet type 0 [2013/11/07 14:24:52.330704, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1472(dcesrv_auth_request) Checking request auth. [2013/11/07 14:24:52.330912, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(2016, 5001) : sec_ctx_stack_ndx = 1 [2013/11/07 14:24:52.331135, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (2016, 5001) - sec_ctx_stack_ndx = 1 [2013/11/07 14:24:52.331343, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (7): SID[ 0]: S-1-5-21-1094127309-486540266-3527182606-1118 SID[ 1]: S-1-5-21-1094127309-486540266-3527182606-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-32-545 SID[ 6]: S-1-5-32-554 Privileges (0x 800000): Privilege[ 0]: SeChangeNotifyPrivilege Rights (0x 400): Right[ 0]: SeRemoteInteractiveLogonRight [2013/11/07 14:24:52.332607, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 2016 Primary group is 5001 and contains 6 supplementary groups Group[ 0]: 5001 Group[ 1]: 5012 Group[ 2]: 5032 Group[ 3]: 5010 Group[ 4]: 5067 Group[ 5]: 5052 [2013/11/07 14:24:52.333475, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1324(api_pipe_request) Requested \spoolss rpc service [2013/11/07 14:24:52.333737, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1356(api_rpcTNP) api_rpcTNP: \spoolss op 0x1d - api_rpcTNP: rpc command: SPOOLSS_CLOSEPRINTER [2013/11/07 14:24:52.333956, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1390(api_rpcTNP) api_rpc_cmds[29].fn == 0xb766a170 [2013/11/07 14:24:52.334167, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) spoolss_ClosePrinter: struct spoolss_ClosePrinter in: struct spoolss_ClosePrinter handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000102-0000-0000-7b52-a3947f2c0000 [2013/11/07 14:24:52.334868, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 02 01 00 00 00 00 00 00 7B 52 A3 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:52.335243, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 02 01 00 00 00 00 00 00 7B 52 A3 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:52.335611, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 02 01 00 00 00 00 00 00 7B 52 A3 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:52.335975, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:24:52.336178, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) spoolss_ClosePrinter: struct spoolss_ClosePrinter out: struct spoolss_ClosePrinter handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:24:52.337117, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1417(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2013/11/07 14:24:52.337401, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (2016, 5001) - sec_ctx_stack_ndx = 0 [2013/11/07 14:24:52.337612, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 28 smbd_smb2_request_pending_queue: req->current_idx = 1 req->in.vector[0].iov_len = 0 req->in.vector[1].iov_len = 0 req->in.vector[2].iov_len = 64 req->in.vector[3].iov_len = 56 req->in.vector[4].iov_len = 44 req->out.vector[0].iov_len = 4 req->out.vector[1].iov_len = 0 req->out.vector[2].iov_len = 64 req->out.vector[3].iov_len = 8 req->out.vector[4].iov_len = 0 [2013/11/07 14:24:52.338848, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:128(smbd_smb2_ioctl_pipe_write_done) smbd_smb2_ioctl_pipe_write_done: received 44 [2013/11/07 14:24:52.339054, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:149(smbd_smb2_ioctl_pipe_write_done) smbd_smb2_ioctl_pipe_write_done: issuing np_read_send of size 4136 [2013/11/07 14:24:52.339264, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) name: \spoolss len: 4136 [2013/11/07 14:24:52.339505, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:347(read_from_internal_pipe) read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 24. [2013/11/07 14:24:52.339738, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0030 (48) auth_length : 0x0000 (0) call_id : 0x00000005 (5) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00000018 (24) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=24 [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0010] 00 00 00 00 00 00 00 00 ........ [2013/11/07 14:24:52.341715, 3, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) free_pipe_context: destroying talloc pool of size 25 [2013/11/07 14:24:52.341823, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 48 bytes. There is no more data outstanding [2013/11/07 14:24:52.341904, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:178(smbd_smb2_ioctl_pipe_read_done) smbd_smb2_ioctl_pipe_read_done: np_read_recv nread = 48 is_data_outstanding = 0, status = NT_STATUS_OK [2013/11/07 14:24:52.341991, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl.c:291(smbd_smb2_request_ioctl_done) smbd_smb2_request_ioctl_done: smbd_smb2_ioctl_recv returned 48 status NT_STATUS_OK [2013/11/07 14:24:52.342074, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[48] dyn[yes:48] at ../source3/smbd/smb2_ioctl.c:358 [2013/11/07 14:24:52.342160, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/163/127 [2013/11/07 14:24:52.342348, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) smbd_smb2_request_incoming: idx[1] of 5 vectors [2013/11/07 14:24:52.342439, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) smb2_validate_sequence_number: clearing id 163 (position 163) from bitmap [2013/11/07 14:24:52.342522, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) smbd_smb2_request_dispatch: opcode[SMB2_OP_CREATE] mid = 163 [2013/11/07 14:24:52.342622, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2013/11/07 14:24:52.342714, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_create.c:451(smbd_smb2_create_send) smbd_smb2_create: name[spoolss] [2013/11/07 14:24:52.342809, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap.c:187(dbwrap_check_lock_order) check lock order 1 for /var/run/samba/smbXsrv_open_global.tdb [2013/11/07 14:24:52.342906, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) lock order: 1:/var/run/samba/smbXsrv_open_global.tdb 2: 3: [2013/11/07 14:24:52.342992, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) Locking key C15EC750 [2013/11/07 14:24:52.343088, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap_tdb.c:143(db_tdb_fetch_locked_internal) Allocated locked data 0x0xb8468a78 [2013/11/07 14:24:52.343207, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smbXsrv_open.c:695(smbXsrv_open_global_store) [2013/11/07 14:24:52.343254, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smbXsrv_open.c:697(smbXsrv_open_global_store) smbXsrv_open_global_store: key 'C15EC750' stored [2013/11/07 14:24:52.343336, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) &global_blob: struct smbXsrv_open_globalB version : SMBXSRV_VERSION_0 (0) seqnum : 0x00000001 (1) info : union smbXsrv_open_globalU(case 0) info0 : * info0: struct smbXsrv_open_global0 db_rec : * server_id: struct server_id pid : 0x0000000000002c7f (11391) task_id : 0x00000000 (0) vnn : 0xffffffff (4294967295) unique_id : 0xf0a57ba60aba1420 (-1106342180374834144) open_global_id : 0xc15ec750 (3244214096) open_persistent_id : 0x00000000c15ec750 (3244214096) open_volatile_id : 0x00000000d4e442fe (3571729150) open_owner : S-1-5-21-1094127309-486540266-3527182606-1118 open_time : Do Nov 7 14:24:52 2013 CET create_guid : 00000000-0000-0000-0000-000000000000 client_guid : 4a76dfb5-4795-11e3-be7a-5254003f141e app_instance_id : 00000000-0000-0000-0000-000000000000 disconnect_time : NTTIME(0) durable_timeout_msec : 0x00000000 (0) durable : 0x00 (0) backend_cookie : DATA_BLOB length=0 [2013/11/07 14:24:52.344336, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) Unlocking key C15EC750 [2013/11/07 14:24:52.344469, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor) release lock order 1 for /var/run/samba/smbXsrv_open_global.tdb [2013/11/07 14:24:52.344551, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) lock order: 1: 2: 3: [2013/11/07 14:24:52.344634, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smbXsrv_open.c:862(smbXsrv_open_create) [2013/11/07 14:24:52.344678, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smbXsrv_open.c:870(smbXsrv_open_create) smbXsrv_open_create: global_id (0xc15ec750) stored [2013/11/07 14:24:52.344758, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) &open_blob: struct smbXsrv_openB version : SMBXSRV_VERSION_0 (0) reserved : 0x00000000 (0) info : union smbXsrv_openU(case 0) info0 : * info0: struct smbXsrv_open table : * db_rec : NULL local_id : 0xd4e442fe (3571729150) global : * global: struct smbXsrv_open_global0 db_rec : NULL server_id: struct server_id pid : 0x0000000000002c7f (11391) task_id : 0x00000000 (0) vnn : 0xffffffff (4294967295) unique_id : 0xf0a57ba60aba1420 (-1106342180374834144) open_global_id : 0xc15ec750 (3244214096) open_persistent_id : 0x00000000c15ec750 (3244214096) open_volatile_id : 0x00000000d4e442fe (3571729150) open_owner : S-1-5-21-1094127309-486540266-3527182606-1118 open_time : Do Nov 7 14:24:52 2013 CET create_guid : 00000000-0000-0000-0000-000000000000 client_guid : 4a76dfb5-4795-11e3-be7a-5254003f141e app_instance_id : 00000000-0000-0000-0000-000000000000 disconnect_time : NTTIME(0) durable_timeout_msec : 0x00000000 (0) durable : 0x00 (0) backend_cookie : DATA_BLOB length=0 status : NT_STATUS_OK idle_time : Do Nov 7 14:24:52 2013 CET compat : NULL [2013/11/07 14:24:52.346106, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/files.c:125(file_new) allocated file structure fnum 3571729150 (3 used) [2013/11/07 14:24:52.346197, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/files.c:713(file_name_hash) file_name_hash: /tmp/spoolss hash 0x7d4e46e5 [2013/11/07 14:24:52.346307, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) Create pipe requested \spoolss [2013/11/07 14:24:52.346398, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 11 for pipe \spoolss [2013/11/07 14:24:52.346548, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) Created internal pipe \spoolss [2013/11/07 14:24:52.346633, 8, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/dosmode.c:631(dos_mode) dos_mode: spoolss [2013/11/07 14:24:52.346733, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_create.c:1053(smbd_smb2_create_send) smbd_smb2_create_send: spoolss - fnum 3571729150 [2013/11/07 14:24:52.346836, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[88] dyn[yes:0] at ../source3/smbd/smb2_create.c:369 [2013/11/07 14:24:52.346931, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/164/127 [2013/11/07 14:24:52.348014, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) smbd_smb2_request_incoming: idx[1] of 5 vectors [2013/11/07 14:24:52.348156, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) smb2_validate_sequence_number: clearing id 164 (position 164) from bitmap [2013/11/07 14:24:52.348242, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) smbd_smb2_request_dispatch: opcode[SMB2_OP_CLOSE] mid = 164 [2013/11/07 14:24:52.348361, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2013/11/07 14:24:52.348485, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_close.c:185(smbd_smb2_close) smbd_smb2_close: spoolss - fnum 4247293514 [2013/11/07 14:24:52.348579, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap.c:187(dbwrap_check_lock_order) check lock order 1 for /var/run/samba/smbXsrv_open_global.tdb [2013/11/07 14:24:52.348660, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) lock order: 1:/var/run/samba/smbXsrv_open_global.tdb 2: 3: [2013/11/07 14:24:52.348746, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) Locking key 9D63E5BF [2013/11/07 14:24:52.348839, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap_tdb.c:143(db_tdb_fetch_locked_internal) Allocated locked data 0x0xb854cba8 [2013/11/07 14:24:52.348932, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) Unlocking key 9D63E5BF [2013/11/07 14:24:52.349015, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor) release lock order 1 for /var/run/samba/smbXsrv_open_global.tdb [2013/11/07 14:24:52.349094, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) lock order: 1: 2: 3: [2013/11/07 14:24:52.349199, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/files.c:525(file_free) freed files structure 4247293514 (2 used) [2013/11/07 14:24:52.349447, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[60] dyn[no:0] at ../source3/smbd/smb2_close.c:139 [2013/11/07 14:24:52.349667, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/165/127 [2013/11/07 14:24:52.351364, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) smbd_smb2_request_incoming: idx[1] of 5 vectors [2013/11/07 14:24:52.351633, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) smb2_validate_sequence_number: clearing id 165 (position 165) from bitmap [2013/11/07 14:24:52.351946, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) smbd_smb2_request_dispatch: opcode[SMB2_OP_WRITE] mid = 165 [2013/11/07 14:24:52.352202, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2013/11/07 14:24:52.352478, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) mid 165, CreditCharge: 1, NeededCharge: 1 [2013/11/07 14:24:52.352712, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_write.c:271(smbd_smb2_write_send) smbd_smb2_write: spoolss - fnum 3571729150 [2013/11/07 14:24:52.352929, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 160 [2013/11/07 14:24:52.353131, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 160 [2013/11/07 14:24:52.353387, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 160 [2013/11/07 14:24:52.353633, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) fill_rpc_header: data_to_copy = 160, len_needed_to_complete_hdr = 16, receive_len = 0 [2013/11/07 14:24:52.353839, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 16 [2013/11/07 14:24:52.354037, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 144 [2013/11/07 14:24:52.354235, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 144 [2013/11/07 14:24:52.354441, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 0 [2013/11/07 14:24:52.354639, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 144 [2013/11/07 14:24:52.354837, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 144, incoming data = 144 [2013/11/07 14:24:52.355044, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) PDU is in Little Endian format! [2013/11/07 14:24:52.355267, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_BIND (11) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x00a0 (160) auth_length : 0x0000 (0) call_id : 0x00000002 (2) u : union dcerpc_payload(case 11) bind: struct dcerpc_bind max_xmit_frag : 0x10b8 (4280) max_recv_frag : 0x10b8 (4280) assoc_group_id : 0x00000000 (0) num_contexts : 0x03 (3) ctx_list: ARRAY(3) ctx_list: struct dcerpc_ctx_list context_id : 0x0000 (0) num_transfer_syntaxes : 0x01 (1) abstract_syntax: struct ndr_syntax_id uuid : 12345678-1234-abcd-ef00-0123456789ab if_version : 0x00000001 (1) transfer_syntaxes: ARRAY(1) transfer_syntaxes: struct ndr_syntax_id uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 if_version : 0x00000002 (2) ctx_list: struct dcerpc_ctx_list context_id : 0x0001 (1) num_transfer_syntaxes : 0x01 (1) abstract_syntax: struct ndr_syntax_id uuid : 12345678-1234-abcd-ef00-0123456789ab if_version : 0x00000001 (1) transfer_syntaxes: ARRAY(1) transfer_syntaxes: struct ndr_syntax_id uuid : 71710533-beba-4937-8319-b5dbef9ccc36 if_version : 0x00000001 (1) ctx_list: struct dcerpc_ctx_list context_id : 0x0002 (2) num_transfer_syntaxes : 0x01 (1) abstract_syntax: struct ndr_syntax_id uuid : 12345678-1234-abcd-ef00-0123456789ab if_version : 0x00000001 (1) transfer_syntaxes: ARRAY(1) transfer_syntaxes: struct ndr_syntax_id uuid : 6cb71c2c-9812-4540-0300-000000000000 if_version : 0x00000001 (1) auth_info : DATA_BLOB length=0 [2013/11/07 14:24:52.360513, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) Processing packet type 11 [2013/11/07 14:24:52.360725, 3, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:693(api_pipe_bind_req) api_pipe_bind_req: spoolss -> spoolss rpc service [2013/11/07 14:24:52.360933, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:724(api_pipe_bind_req) api_pipe_bind_req: make response. 724 [2013/11/07 14:24:52.361134, 3, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:342(check_bind_req) check_bind_req for \spoolss [2013/11/07 14:24:52.361365, 3, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:349(check_bind_req) check_bind_req: spoolss -> spoolss rpc service [2013/11/07 14:24:52.361573, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 11 for pipe \spoolss [2013/11/07 14:24:52.361834, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_BIND_ACK (12) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0044 (68) auth_length : 0x0000 (0) call_id : 0x00000002 (2) u : union dcerpc_payload(case 12) bind_ack: struct dcerpc_bind_ack max_xmit_frag : 0x10b8 (4280) max_recv_frag : 0x10b8 (4280) assoc_group_id : 0x000053f0 (21488) secondary_address_size : 0x000e (14) secondary_address : '\PIPE\spoolss' _pad1 : DATA_BLOB length=0 num_results : 0x01 (1) ctx_list: ARRAY(1) ctx_list: struct dcerpc_ack_ctx result : 0x0000 (0) reason : 0x0000 (0) syntax: struct ndr_syntax_id uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 if_version : 0x00000002 (2) auth_info : DATA_BLOB length=0 [2013/11/07 14:24:52.364876, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 144 smbd_smb2_request_pending_queue: req->current_idx = 1 req->in.vector[0].iov_len = 0 req->in.vector[1].iov_len = 0 req->in.vector[2].iov_len = 64 req->in.vector[3].iov_len = 48 req->in.vector[4].iov_len = 160 req->out.vector[0].iov_len = 4 req->out.vector[1].iov_len = 0 req->out.vector[2].iov_len = 64 req->out.vector[3].iov_len = 8 req->out.vector[4].iov_len = 0 [2013/11/07 14:24:52.365761, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[16] dyn[yes:0] at ../source3/smbd/smb2_write.c:150 [2013/11/07 14:24:52.365849, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/166/127 [2013/11/07 14:24:52.366776, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) smbd_smb2_request_incoming: idx[1] of 5 vectors [2013/11/07 14:24:52.366883, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) smb2_validate_sequence_number: clearing id 166 (position 166) from bitmap [2013/11/07 14:24:52.366967, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) smbd_smb2_request_dispatch: opcode[SMB2_OP_READ] mid = 166 [2013/11/07 14:24:52.367063, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2013/11/07 14:24:52.367149, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) mid 166, CreditCharge: 1, NeededCharge: 1 [2013/11/07 14:24:52.367240, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_read.c:400(smbd_smb2_read_send) smbd_smb2_read: spoolss - fnum 3571729150 [2013/11/07 14:24:52.367330, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) name: \spoolss len: 1024 [2013/11/07 14:24:52.367422, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:326(read_from_internal_pipe) read_from_pipe: \spoolss: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. [2013/11/07 14:24:52.367515, 3, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) free_pipe_context: destroying talloc pool of size 25 smbd_smb2_request_pending_queue: req->current_idx = 1 req->in.vector[0].iov_len = 0 req->in.vector[1].iov_len = 0 req->in.vector[2].iov_len = 64 req->in.vector[3].iov_len = 48 req->in.vector[4].iov_len = 1 req->out.vector[0].iov_len = 4 req->out.vector[1].iov_len = 0 req->out.vector[2].iov_len = 64 req->out.vector[3].iov_len = 8 req->out.vector[4].iov_len = 0 [2013/11/07 14:24:52.368005, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 68 bytes. There is no more data outstanding [2013/11/07 14:24:52.368089, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[16] dyn[yes:68] at ../source3/smbd/smb2_read.c:154 [2013/11/07 14:24:52.368173, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/167/127 [2013/11/07 14:24:52.369645, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) smbd_smb2_request_incoming: idx[1] of 5 vectors [2013/11/07 14:24:52.369970, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) smb2_validate_sequence_number: clearing id 167 (position 167) from bitmap [2013/11/07 14:24:52.370227, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) smbd_smb2_request_dispatch: opcode[SMB2_OP_IOCTL] mid = 167 [2013/11/07 14:24:52.370490, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2013/11/07 14:24:52.370707, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) mid 167, CreditCharge: 1, NeededCharge: 1 [2013/11/07 14:24:52.370914, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl.c:394(smbd_smb2_ioctl_send) smbd_smb2_ioctl: ctl_code[0x0011c017] spoolss, fnum 3571729150 [2013/11/07 14:24:52.371130, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:59(smb2_ioctl_named_pipe) smbd_smb2_ioctl_send: np_write_send of size 1452 [2013/11/07 14:24:52.371333, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 1452 [2013/11/07 14:24:52.371537, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 1452 [2013/11/07 14:24:52.371737, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 1452 [2013/11/07 14:24:52.371939, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) fill_rpc_header: data_to_copy = 1452, len_needed_to_complete_hdr = 16, receive_len = 0 [2013/11/07 14:24:52.372144, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 16 [2013/11/07 14:24:52.372341, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 1436 [2013/11/07 14:24:52.372619, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 1436 [2013/11/07 14:24:52.372869, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 0 [2013/11/07 14:24:52.373069, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 1436 [2013/11/07 14:24:52.373266, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 1436, incoming data = 1436 [2013/11/07 14:24:52.373502, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) PDU is in Little Endian format! [2013/11/07 14:24:52.373787, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x05ac (1452) auth_length : 0x0000 (0) call_id : 0x00000002 (2) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x00000594 (1428) context_id : 0x0000 (0) opnum : 0x0045 (69) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=1428 [0000] 00 00 02 00 13 00 00 00 00 00 00 00 13 00 00 00 ........ ........ [0010] 5C 00 5C 00 53 00 4C 00 41 00 56 00 45 00 52 00 \.\.S.L. A.V.E.R. [0020] 5C 00 73 00 70 00 72 00 69 00 6E 00 74 00 65 00 \.s.p.r. i.n.t.e. [0030] 72 00 31 00 00 00 00 00 04 00 02 00 04 00 00 00 r.1..... ........ [0040] 00 00 00 00 04 00 00 00 52 00 41 00 57 00 00 00 ........ R.A.W... [0050] D4 04 00 00 08 00 02 00 D4 04 00 00 5C 00 5C 00 ........ ....\.\. [0060] 53 00 4C 00 41 00 56 00 45 00 52 00 5C 00 73 00 S.L.A.V. E.R.\.s. [0070] 70 00 72 00 69 00 6E 00 74 00 65 00 72 00 31 00 p.r.i.n. t.e.r.1. [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 01 04 03 06 ........ ........ [00A0] DC 00 F8 03 43 AF 00 02 01 00 09 00 9A 0B 34 08 ....C... ......4. [00B0] 64 00 01 00 0F 00 58 02 02 00 01 00 58 02 03 00 d.....X. ....X... [00C0] 01 00 41 00 34 00 00 00 00 00 00 00 00 00 00 00 ..A.4... ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 01 00 00 00 00 00 00 00 01 00 00 00 02 00 00 00 ........ ........ [0120] 01 00 00 00 FF FF FF FF 47 49 53 34 00 00 00 00 ........ GIS4.... [0130] 00 00 00 00 00 00 00 00 44 49 4E 55 22 00 80 01 ........ DINU"... [0140] DC 03 1C 00 7B 11 F1 64 00 00 00 00 00 00 00 00 ....{..d ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 0D 00 00 00 01 00 00 00 00 00 00 00 ........ ........ [0170] 01 00 00 00 00 00 03 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0360] 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 ........ ........ [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0390] 00 00 00 00 80 01 00 00 53 4D 54 4A 00 00 00 00 ........ SMTJ.... [03A0] 10 00 70 01 7B 00 39 00 31 00 32 00 35 00 42 00 ..p.{.9. 1.2.5.B. [03B0] 45 00 32 00 31 00 2D 00 44 00 45 00 41 00 42 00 E.2.1.-. D.E.A.B. [03C0] 2D 00 34 00 44 00 39 00 30 00 2D 00 41 00 31 00 -.4.D.9. 0.-.A.1. [03D0] 43 00 31 00 2D 00 30 00 42 00 32 00 34 00 30 00 C.1.-.0. B.2.4.0. [03E0] 43 00 46 00 42 00 38 00 45 00 46 00 31 00 7D 00 C.F.B.8. E.F.1.}. [03F0] 00 00 49 6E 70 75 74 42 69 6E 00 41 55 54 4F 00 ..InputB in.AUTO. [0400] 52 45 53 44 4C 4C 00 55 6E 69 72 65 73 44 4C 4C RESDLL.U niresDLL [0410] 00 4A 6F 62 4E 55 70 41 6C 6C 44 6F 63 75 6D 65 .JobNUpA llDocume [0420] 6E 74 73 43 6F 6E 74 69 67 75 6F 75 73 6C 79 00 ntsConti guously. [0430] 31 00 4F 72 69 65 6E 74 61 74 69 6F 6E 00 50 4F 1.Orient ation.PO [0440] 52 54 52 41 49 54 00 43 6F 6C 6C 61 74 65 00 4F RTRAIT.C ollate.O [0450] 4E 00 52 65 73 6F 6C 75 74 69 6F 6E 00 72 36 30 N.Resolu tion.r60 [0460] 30 78 36 30 30 00 43 6F 6C 6F 72 4D 6F 64 65 00 0x600.Co lorMode. [0470] 43 6F 6C 6F 72 00 50 61 70 65 72 53 69 7A 65 00 Color.Pa perSize. [0480] 41 34 00 4D 65 64 69 61 54 79 70 65 00 53 54 41 A4.Media Type.STA [0490] 4E 44 41 52 44 00 48 61 6C 66 74 6F 6E 65 00 48 NDARD.Ha lftone.H [04A0] 54 5F 50 41 54 53 49 5A 45 5F 41 55 54 4F 00 50 T_PATSIZ E_AUTO.P [04B0] 61 67 65 42 6F 72 64 65 72 6C 65 73 73 00 4E 6F ageBorde rless.No [04C0] 6E 65 00 50 61 67 65 4F 75 74 70 75 74 51 75 61 ne.PageO utputQua [04D0] 6C 69 74 79 00 41 75 74 6F 6D 61 74 69 63 00 4A lity.Aut omatic.J [04E0] 6F 62 50 61 67 65 4F 72 64 65 72 00 53 74 61 6E obPageOr der.Stan [04F0] 64 61 72 64 00 00 00 00 00 00 00 00 00 00 00 00 dard.... ........ [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0510] 00 00 00 00 1C 00 00 00 56 34 44 4D 01 00 00 00 ........ V4DM.... [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0530] 08 00 00 00 01 00 00 00 01 00 00 00 0C 00 02 00 ........ ........ [0540] 28 00 00 00 10 00 02 00 14 00 02 00 80 25 00 00 (....... .....%.. [0550] 03 00 00 00 00 00 00 00 09 00 00 00 05 00 00 00 ........ ........ [0560] 00 00 00 00 05 00 00 00 57 00 49 00 4E 00 38 00 ........ W.I.N.8. [0570] 00 00 00 00 0A 00 00 00 00 00 00 00 0A 00 00 00 ........ ........ [0580] 46 00 46 00 46 00 5C 00 74 00 65 00 73 00 74 00 F.F.F.\. t.e.s.t. [0590] 38 00 00 00 8... [2013/11/07 14:24:52.382923, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) Processing packet type 0 [2013/11/07 14:24:52.383006, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1472(dcesrv_auth_request) Checking request auth. [2013/11/07 14:24:52.383095, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(2016, 5001) : sec_ctx_stack_ndx = 1 [2013/11/07 14:24:52.383183, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (2016, 5001) - sec_ctx_stack_ndx = 1 [2013/11/07 14:24:52.383281, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (7): SID[ 0]: S-1-5-21-1094127309-486540266-3527182606-1118 SID[ 1]: S-1-5-21-1094127309-486540266-3527182606-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-32-545 SID[ 6]: S-1-5-32-554 Privileges (0x 800000): Privilege[ 0]: SeChangeNotifyPrivilege Rights (0x 400): Right[ 0]: SeRemoteInteractiveLogonRight [2013/11/07 14:24:52.383762, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 2016 Primary group is 5001 and contains 6 supplementary groups Group[ 0]: 5001 Group[ 1]: 5012 Group[ 2]: 5032 Group[ 3]: 5010 Group[ 4]: 5067 Group[ 5]: 5052 [2013/11/07 14:24:52.384107, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1324(api_pipe_request) Requested \spoolss rpc service [2013/11/07 14:24:52.384192, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1356(api_rpcTNP) api_rpcTNP: \spoolss op 0x45 - api_rpcTNP: rpc command: SPOOLSS_OPENPRINTEREX [2013/11/07 14:24:52.384278, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1390(api_rpcTNP) api_rpc_cmds[69].fn == 0xb7662e70 [2013/11/07 14:24:52.384484, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) spoolss_OpenPrinterEx: struct spoolss_OpenPrinterEx in: struct spoolss_OpenPrinterEx printername : * printername : '\\SLAVER\sprinter1' datatype : * datatype : 'RAW' devmode_ctr: struct spoolss_DevmodeContainer _ndr_size : 0x000004d4 (1236) devmode : * devmode: struct spoolss_DeviceMode devicename : '\\SLAVER\sprinter1' specversion : DMSPEC_NT4_AND_ABOVE (1025) driverversion : 0x0603 (1539) size : 0x00dc (220) __driverextra_length : 0x03f8 (1016) fields : 0x0200af43 (33599299) 1: DEVMODE_ORIENTATION 1: DEVMODE_PAPERSIZE 0: DEVMODE_PAPERLENGTH 0: DEVMODE_PAPERWIDTH 0: DEVMODE_SCALE 0: DEVMODE_POSITION 1: DEVMODE_NUP 1: DEVMODE_COPIES 1: DEVMODE_DEFAULTSOURCE 1: DEVMODE_PRINTQUALITY 1: DEVMODE_COLOR 0: DEVMODE_DUPLEX 1: DEVMODE_YRESOLUTION 0: DEVMODE_TTOPTION 1: DEVMODE_COLLATE 0: DEVMODE_FORMNAME 0: DEVMODE_LOGPIXELS 0: DEVMODE_BITSPERPEL 0: DEVMODE_PELSWIDTH 0: DEVMODE_PELSHEIGHT 0: DEVMODE_DISPLAYFLAGS 0: DEVMODE_DISPLAYFREQUENCY 0: DEVMODE_ICMMETHOD 0: DEVMODE_ICMINTENT 1: DEVMODE_MEDIATYPE 0: DEVMODE_DITHERTYPE 0: DEVMODE_PANNINGWIDTH 0: DEVMODE_PANNINGHEIGHT orientation : DMORIENT_PORTRAIT (1) papersize : DMPAPER_A4 (9) paperlength : 0x0b9a (2970) paperwidth : 0x0834 (2100) scale : 0x0064 (100) copies : 0x0001 (1) defaultsource : DMBIN_FORMSOURCE (15) printquality : UNKNOWN_ENUM_VALUE (600) color : DMRES_COLOR (2) duplex : DMDUP_SIMPLEX (1) yresolution : 0x0258 (600) ttoption : DMTT_SUBDEV (3) collate : DMCOLLATE_TRUE (1) formname : 'A4' logpixels : 0x0000 (0) bitsperpel : 0x00000000 (0) pelswidth : 0x00000000 (0) pelsheight : 0x00000000 (0) displayflags : DMNUP_SYSTEM (1) displayfrequency : 0x00000000 (0) icmmethod : DMICMMETHOD_NONE (1) icmintent : DMICM_CONTRAST (2) mediatype : DMMEDIA_STANDARD (1) dithertype : UNKNOWN_ENUM_VALUE (-1) reserved1 : 0x34534947 (877873479) reserved2 : 0x00000000 (0) panningwidth : 0x00000000 (0) panningheight : 0x00000000 (0) driverextra_data : DATA_BLOB length=1016 [0000] 44 49 4E 55 22 00 80 01 DC 03 1C 00 7B 11 F1 64 DINU"... ....{..d [0010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0020] 00 00 00 00 00 00 00 00 00 00 00 00 0D 00 00 00 ........ ........ [0030] 01 00 00 00 00 00 00 00 01 00 00 00 00 00 03 00 ........ ........ [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0230] 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0250] 00 00 00 00 00 00 00 00 00 00 00 00 80 01 00 00 ........ ........ [0260] 53 4D 54 4A 00 00 00 00 10 00 70 01 7B 00 39 00 SMTJ.... ..p.{.9. [0270] 31 00 32 00 35 00 42 00 45 00 32 00 31 00 2D 00 1.2.5.B. E.2.1.-. [0280] 44 00 45 00 41 00 42 00 2D 00 34 00 44 00 39 00 D.E.A.B. -.4.D.9. [0290] 30 00 2D 00 41 00 31 00 43 00 31 00 2D 00 30 00 0.-.A.1. C.1.-.0. [02A0] 42 00 32 00 34 00 30 00 43 00 46 00 42 00 38 00 B.2.4.0. C.F.B.8. [02B0] 45 00 46 00 31 00 7D 00 00 00 49 6E 70 75 74 42 E.F.1.}. ..InputB [02C0] 69 6E 00 41 55 54 4F 00 52 45 53 44 4C 4C 00 55 in.AUTO. RESDLL.U [02D0] 6E 69 72 65 73 44 4C 4C 00 4A 6F 62 4E 55 70 41 niresDLL .JobNUpA [02E0] 6C 6C 44 6F 63 75 6D 65 6E 74 73 43 6F 6E 74 69 llDocume ntsConti [02F0] 67 75 6F 75 73 6C 79 00 31 00 4F 72 69 65 6E 74 guously. 1.Orient [0300] 61 74 69 6F 6E 00 50 4F 52 54 52 41 49 54 00 43 ation.PO RTRAIT.C [0310] 6F 6C 6C 61 74 65 00 4F 4E 00 52 65 73 6F 6C 75 ollate.O N.Resolu [0320] 74 69 6F 6E 00 72 36 30 30 78 36 30 30 00 43 6F tion.r60 0x600.Co [0330] 6C 6F 72 4D 6F 64 65 00 43 6F 6C 6F 72 00 50 61 lorMode. Color.Pa [0340] 70 65 72 53 69 7A 65 00 41 34 00 4D 65 64 69 61 perSize. A4.Media [0350] 54 79 70 65 00 53 54 41 4E 44 41 52 44 00 48 61 Type.STA NDARD.Ha [0360] 6C 66 74 6F 6E 65 00 48 54 5F 50 41 54 53 49 5A lftone.H T_PATSIZ [0370] 45 5F 41 55 54 4F 00 50 61 67 65 42 6F 72 64 65 E_AUTO.P ageBorde [0380] 72 6C 65 73 73 00 4E 6F 6E 65 00 50 61 67 65 4F rless.No ne.PageO [0390] 75 74 70 75 74 51 75 61 6C 69 74 79 00 41 75 74 utputQua lity.Aut [03A0] 6F 6D 61 74 69 63 00 4A 6F 62 50 61 67 65 4F 72 omatic.J obPageOr [03B0] 64 65 72 00 53 74 61 6E 64 61 72 64 00 00 00 00 der.Stan dard.... [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 1C 00 00 00 ........ ........ [03E0] 56 34 44 4D 01 00 00 00 00 00 00 00 00 00 00 00 V4DM.... ........ [03F0] 00 00 00 00 00 00 00 00 ........ access_mask : 0x00000008 (8) 0: SERVER_ACCESS_ADMINISTER 0: SERVER_ACCESS_ENUMERATE 0: PRINTER_ACCESS_ADMINISTER 1: PRINTER_ACCESS_USE 0: JOB_ACCESS_ADMINISTER 0: JOB_ACCESS_READ userlevel_ctr: struct spoolss_UserLevelCtr level : 0x00000001 (1) user_info : union spoolss_UserLevel(case 1) level1 : * level1: struct spoolss_UserLevel1 size : 0x00000028 (40) client : * client : 'WIN8' user : * user : 'FFF\test8' build : 0x00002580 (9600) major : UNKNOWN_ENUM_VALUE (3) minor : SPOOLSS_MINOR_VERSION_0 (0) processor : PROCESSOR_ARCHITECTURE_AMD64 (9) checking name: \\SLAVER\sprinter1 [2013/11/07 14:24:52.392637, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:737(open_printer_hnd) open_printer_hnd: name [\\SLAVER\sprinter1] [2013/11/07 14:24:52.392730, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 0F 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:52.392881, 3, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:506(set_printer_hnd_printertype) Setting printer type=\\SLAVER\sprinter1 Printer is a printer [2013/11/07 14:24:52.392998, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:566(set_printer_hnd_name) Setting printer name=\\SLAVER\sprinter1 (len=18) searching for [sprinter1] [2013/11/07 14:24:52.393156, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=tdb] ../source3/lib/gencache.c:275(gencache_set_data_blob) Did not store value for PRINTERNAME/sprinter1, we already got it set_printer_hnd_name: Printer found: sprinter1 -> sprinter1 [2013/11/07 14:24:52.393273, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:773(open_printer_hnd) 2 printer handles active [2013/11/07 14:24:52.393368, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0F 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:52.393519, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0F 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:52.393668, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:489(get_printer_snum) short name:sprinter1 [2013/11/07 14:24:52.393771, 3, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/access.c:338(allow_access) Allowed connection from 10.200.7.61 (10.200.7.61) [2013/11/07 14:24:52.393993, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/share_access.c:237(user_ok_token) user_ok_token: share sprinter1 is ok for unix user test8 [2013/11/07 14:24:52.394152, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) Create pipe requested \winreg [2013/11/07 14:24:52.394243, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:221(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \winreg [2013/11/07 14:24:52.394326, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg [2013/11/07 14:24:52.394458, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) Created internal pipe \winreg [2013/11/07 14:24:52.394583, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:24:52.395088, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2013/11/07 14:24:52.395173, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(2016, 5001) : sec_ctx_stack_ndx = 2 [2013/11/07 14:24:52.395261, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:485(push_conn_ctx) push_conn_ctx(2620291195) : conn_ctx_stack_ndx = 0 [2013/11/07 14:24:52.395342, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/11/07 14:24:52.395421, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/11/07 14:24:52.395500, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/11/07 14:24:52.395738, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (2016, 5001) - sec_ctx_stack_ndx = 1 [2013/11/07 14:24:52.395823, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:866(regdb_open) regdb_open: registry db opened. refcount reset (1) [2013/11/07 14:24:52.395909, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2013/11/07 14:24:52.395989, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2013/11/07 14:24:52.396072, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:52.396151, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM] [2013/11/07 14:24:52.396278, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2013/11/07 14:24:52.396381, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:24:52.396533, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 10 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:52.396686, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000110-0000-0000-7b52-a4947f2c0000 result : WERR_OK [2013/11/07 14:24:52.397060, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000110-0000-0000-7b52-a4947f2c0000 keyname: struct winreg_String name_len : 0x008c (140) name_size : 0x008c (140) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:24:52.398073, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 10 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:52.398224, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2013/11/07 14:24:52.398306, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (1->2) [2013/11/07 14:24:52.398390, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2013/11/07 14:24:52.398469, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2013/11/07 14:24:52.398553, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:52.398631, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE] [2013/11/07 14:24:52.398744, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2013/11/07 14:24:52.398845, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2013/11/07 14:24:52.398927, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (2->3) [2013/11/07 14:24:52.399011, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:52.399090, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:52.399187, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:52.399267, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:52.399372, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:52.399472, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2013/11/07 14:24:52.399553, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (3->4) [2013/11/07 14:24:52.399637, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:52.399716, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:52.399800, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:52.399878, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:52.399980, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:52.400158, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2013/11/07 14:24:52.400243, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (4->5) [2013/11/07 14:24:52.400328, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:52.400440, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:52.400527, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:52.400606, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:52.400733, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2013/11/07 14:24:52.400816, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (5->6) [2013/11/07 14:24:52.400901, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:52.400983, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:52.401086, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:52.401166, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:52.401276, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2013/11/07 14:24:52.401388, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (6->7) [2013/11/07 14:24:52.401474, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:52.401555, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:52.401643, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:52.401723, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:52.401831, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:52.401935, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [sprinter1] [2013/11/07 14:24:52.402018, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (7->8) [2013/11/07 14:24:52.402104, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:52.402185, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:52.402272, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:52.402351, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:52.402478, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:52.402581, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:24:52.402668, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (8->7) [2013/11/07 14:24:52.402768, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (7->6) [2013/11/07 14:24:52.402852, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (6->5) [2013/11/07 14:24:52.402934, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (5->4) [2013/11/07 14:24:52.403017, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (4->3) [2013/11/07 14:24:52.403100, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (3->2) [2013/11/07 14:24:52.403185, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 11 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:52.403337, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000111-0000-0000-7b52-a4947f2c0000 result : WERR_OK [2013/11/07 14:24:52.403695, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000111-0000-0000-7b52-a4947f2c0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2013/11/07 14:24:52.404588, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 11 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:52.404739, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:52.404822, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2013/11/07 14:24:52.404905, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' (ops 0xb6d86bc0) [2013/11/07 14:24:52.405003, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:52.405127, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[0]: name[Attributes] len[4] [2013/11/07 14:24:52.405214, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[1]: name[Description] len[2] [2013/11/07 14:24:52.405319, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[2]: name[Datatype] len[8] [2013/11/07 14:24:52.405404, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[3]: name[Default Priority] len[4] [2013/11/07 14:24:52.405489, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[4]: name[Port] len[38] [2013/11/07 14:24:52.405574, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[5]: name[Name] len[20] [2013/11/07 14:24:52.405658, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[6]: name[Print Processor] len[18] [2013/11/07 14:24:52.405743, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[7]: name[Priority] len[4] [2013/11/07 14:24:52.405828, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[8]: name[Security] len[248] [2013/11/07 14:24:52.405914, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[9]: name[Share Name] len[20] [2013/11/07 14:24:52.405999, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[10]: name[StartTime] len[4] [2013/11/07 14:24:52.406084, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[11]: name[UntilTime] len[4] [2013/11/07 14:24:52.406169, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[12]: name[ChangeID] len[4] [2013/11/07 14:24:52.406257, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : NULL data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x00000000 (0) result : WERR_OK [2013/11/07 14:24:52.406714, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000111-0000-0000-7b52-a4947f2c0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_BINARY (3) data : * data: ARRAY(0) data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x00000000 (0) [2013/11/07 14:24:52.407539, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 11 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:52.407688, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:52.407770, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2013/11/07 14:24:52.407857, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : * data: ARRAY(248) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0xc4 (196) [55] : 0x00 (0) [56] : 0x07 (7) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x24 (36) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x05 (5) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x15 (21) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0xcd (205) [101] : 0x0e (14) [102] : 0x37 (55) [103] : 0x41 (65) [104] : 0xea (234) [105] : 0x03 (3) [106] : 0x00 (0) [107] : 0x1d (29) [108] : 0x0e (14) [109] : 0x89 (137) [110] : 0x3c (60) [111] : 0xd2 (210) [112] : 0x00 (0) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x02 (2) [118] : 0x24 (36) [119] : 0x00 (0) [120] : 0x0c (12) [121] : 0x00 (0) [122] : 0x0f (15) [123] : 0x10 (16) [124] : 0x01 (1) [125] : 0x05 (5) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x05 (5) [132] : 0x15 (21) [133] : 0x00 (0) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0xcd (205) [137] : 0x0e (14) [138] : 0x37 (55) [139] : 0x41 (65) [140] : 0xea (234) [141] : 0x03 (3) [142] : 0x00 (0) [143] : 0x1d (29) [144] : 0x0e (14) [145] : 0x89 (137) [146] : 0x3c (60) [147] : 0xd2 (210) [148] : 0x00 (0) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x09 (9) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x20 (32) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x02 (2) [178] : 0x18 (24) [179] : 0x00 (0) [180] : 0x0c (12) [181] : 0x00 (0) [182] : 0x0f (15) [183] : 0x10 (16) [184] : 0x01 (1) [185] : 0x02 (2) [186] : 0x00 (0) [187] : 0x00 (0) [188] : 0x00 (0) [189] : 0x00 (0) [190] : 0x00 (0) [191] : 0x05 (5) [192] : 0x20 (32) [193] : 0x00 (0) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x20 (32) [197] : 0x02 (2) [198] : 0x00 (0) [199] : 0x00 (0) [200] : 0x00 (0) [201] : 0x09 (9) [202] : 0x18 (24) [203] : 0x00 (0) [204] : 0x0c (12) [205] : 0x00 (0) [206] : 0x0f (15) [207] : 0x10 (16) [208] : 0x01 (1) [209] : 0x02 (2) [210] : 0x00 (0) [211] : 0x00 (0) [212] : 0x00 (0) [213] : 0x00 (0) [214] : 0x00 (0) [215] : 0x05 (5) [216] : 0x20 (32) [217] : 0x00 (0) [218] : 0x00 (0) [219] : 0x00 (0) [220] : 0x26 (38) [221] : 0x02 (2) [222] : 0x00 (0) [223] : 0x00 (0) [224] : 0x00 (0) [225] : 0x02 (2) [226] : 0x18 (24) [227] : 0x00 (0) [228] : 0x0c (12) [229] : 0x00 (0) [230] : 0x0f (15) [231] : 0x10 (16) [232] : 0x01 (1) [233] : 0x02 (2) [234] : 0x00 (0) [235] : 0x00 (0) [236] : 0x00 (0) [237] : 0x00 (0) [238] : 0x00 (0) [239] : 0x05 (5) [240] : 0x20 (32) [241] : 0x00 (0) [242] : 0x00 (0) [243] : 0x00 (0) [244] : 0x26 (38) [245] : 0x02 (2) [246] : 0x00 (0) [247] : 0x00 (0) data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x000000f8 (248) result : WERR_OK [2013/11/07 14:24:52.418465, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000111-0000-0000-7b52-a4947f2c0000 [2013/11/07 14:24:52.418756, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 11 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:52.418907, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 11 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:52.419055, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:24:52.419142, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (2->1) [2013/11/07 14:24:52.419225, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:24:52.419563, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000110-0000-0000-7b52-a4947f2c0000 [2013/11/07 14:24:52.419843, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 10 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:52.419992, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 10 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:52.420141, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:24:52.420222, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (1->0) [2013/11/07 14:24:52.420323, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:24:52.420731, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:416(close_policy_by_pipe) Deleted handle list for RPC connection \winreg [2013/11/07 14:24:52.420823, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x20020008 to 0x00020008 [2013/11/07 14:24:52.420904, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2013/11/07 14:24:52.420984, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2013/11/07 14:24:52.421064, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2013/11/07 14:24:52.421144, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2013/11/07 14:24:52.421223, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2013/11/07 14:24:52.421334, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2013/11/07 14:24:52.421418, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/printing/nt_printing.c:1844(print_access_check) access check was SUCCESS [2013/11/07 14:24:52.421502, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:1921(_spoolss_OpenPrinterEx) Setting printer access = PRINTER_ACCESS_USE [2013/11/07 14:24:52.421662, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) Create pipe requested \winreg [2013/11/07 14:24:52.421753, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:221(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \winreg [2013/11/07 14:24:52.421836, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg [2013/11/07 14:24:52.421969, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) Created internal pipe \winreg [2013/11/07 14:24:52.422071, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:24:52.422575, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2013/11/07 14:24:52.422660, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(2016, 5001) : sec_ctx_stack_ndx = 2 [2013/11/07 14:24:52.422764, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:485(push_conn_ctx) push_conn_ctx(2620291195) : conn_ctx_stack_ndx = 0 [2013/11/07 14:24:52.422846, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/11/07 14:24:52.422926, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/11/07 14:24:52.423006, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/11/07 14:24:52.423237, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (2016, 5001) - sec_ctx_stack_ndx = 1 [2013/11/07 14:24:52.423322, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:866(regdb_open) regdb_open: registry db opened. refcount reset (1) [2013/11/07 14:24:52.423407, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2013/11/07 14:24:52.423487, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2013/11/07 14:24:52.423569, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:52.423648, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM] [2013/11/07 14:24:52.423771, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2013/11/07 14:24:52.423872, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:24:52.423958, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 12 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:52.424114, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000112-0000-0000-7b52-a4947f2c0000 result : WERR_OK [2013/11/07 14:24:52.424511, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000112-0000-0000-7b52-a4947f2c0000 keyname: struct winreg_String name_len : 0x008c (140) name_size : 0x008c (140) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:24:52.425572, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 12 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:52.425732, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2013/11/07 14:24:52.425815, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (1->2) [2013/11/07 14:24:52.425899, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2013/11/07 14:24:52.425979, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2013/11/07 14:24:52.426062, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:52.426140, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE] [2013/11/07 14:24:52.426253, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2013/11/07 14:24:52.426354, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2013/11/07 14:24:52.426436, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (2->3) [2013/11/07 14:24:52.426521, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:52.426600, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:52.426683, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:52.426762, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:52.426866, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:52.426966, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2013/11/07 14:24:52.427049, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (3->4) [2013/11/07 14:24:52.427142, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:52.427222, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:52.427306, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:52.427384, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:52.427487, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:52.427588, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2013/11/07 14:24:52.427669, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (4->5) [2013/11/07 14:24:52.427754, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:52.427833, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:52.427919, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:52.427997, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:52.428120, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2013/11/07 14:24:52.428202, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (5->6) [2013/11/07 14:24:52.428287, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:52.428368, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:52.428495, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:52.428575, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:52.428684, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2013/11/07 14:24:52.428766, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (6->7) [2013/11/07 14:24:52.428851, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:52.428946, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:52.429034, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:52.429112, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:52.429216, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:52.429345, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [sprinter1] [2013/11/07 14:24:52.429427, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (7->8) [2013/11/07 14:24:52.429513, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:52.429593, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:52.429680, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:52.429759, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:52.429884, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:52.429987, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:24:52.430073, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (8->7) [2013/11/07 14:24:52.430157, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (7->6) [2013/11/07 14:24:52.430241, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (6->5) [2013/11/07 14:24:52.430324, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (5->4) [2013/11/07 14:24:52.430407, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (4->3) [2013/11/07 14:24:52.430489, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (3->2) [2013/11/07 14:24:52.430587, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 13 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:52.430739, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000113-0000-0000-7b52-a4947f2c0000 result : WERR_OK [2013/11/07 14:24:52.431078, 2, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/rpc_client/cli_winreg_spoolss.c:626(winreg_create_printer) winreg_create_printer: Skipping, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1 already exists [2013/11/07 14:24:52.431177, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000113-0000-0000-7b52-a4947f2c0000 [2013/11/07 14:24:52.431457, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 13 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:52.431609, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 13 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:52.431760, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:24:52.431842, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (2->1) [2013/11/07 14:24:52.431924, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:24:52.432261, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000112-0000-0000-7b52-a4947f2c0000 [2013/11/07 14:24:52.432580, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 12 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:52.432732, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 12 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:52.432898, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:24:52.432980, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (1->0) [2013/11/07 14:24:52.433077, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:24:52.433439, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:416(close_policy_by_pipe) Deleted handle list for RPC connection \winreg [2013/11/07 14:24:52.433548, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) spoolss_OpenPrinterEx: struct spoolss_OpenPrinterEx out: struct spoolss_OpenPrinterEx handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000010f-0000-0000-7b52-a4947f2c0000 result : WERR_OK [2013/11/07 14:24:52.433875, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1417(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2013/11/07 14:24:52.433975, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (2016, 5001) - sec_ctx_stack_ndx = 0 [2013/11/07 14:24:52.434061, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 1436 smbd_smb2_request_pending_queue: req->current_idx = 1 req->in.vector[0].iov_len = 0 req->in.vector[1].iov_len = 0 req->in.vector[2].iov_len = 64 req->in.vector[3].iov_len = 56 req->in.vector[4].iov_len = 1452 req->out.vector[0].iov_len = 4 req->out.vector[1].iov_len = 0 req->out.vector[2].iov_len = 64 req->out.vector[3].iov_len = 8 req->out.vector[4].iov_len = 0 [2013/11/07 14:24:52.434558, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:128(smbd_smb2_ioctl_pipe_write_done) smbd_smb2_ioctl_pipe_write_done: received 1452 [2013/11/07 14:24:52.434641, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:149(smbd_smb2_ioctl_pipe_write_done) smbd_smb2_ioctl_pipe_write_done: issuing np_read_send of size 1024 [2013/11/07 14:24:52.434726, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) name: \spoolss len: 1024 [2013/11/07 14:24:52.434809, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:347(read_from_internal_pipe) read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 24. [2013/11/07 14:24:52.434903, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0030 (48) auth_length : 0x0000 (0) call_id : 0x00000002 (2) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00000018 (24) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=24 [0000] 00 00 00 00 0F 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 00 00 00 00 .,...... [2013/11/07 14:24:52.435848, 3, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) free_pipe_context: destroying talloc pool of size 61 [2013/11/07 14:24:52.435940, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 48 bytes. There is no more data outstanding [2013/11/07 14:24:52.436022, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:178(smbd_smb2_ioctl_pipe_read_done) smbd_smb2_ioctl_pipe_read_done: np_read_recv nread = 48 is_data_outstanding = 0, status = NT_STATUS_OK [2013/11/07 14:24:52.436109, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl.c:291(smbd_smb2_request_ioctl_done) smbd_smb2_request_ioctl_done: smbd_smb2_ioctl_recv returned 48 status NT_STATUS_OK [2013/11/07 14:24:52.436193, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[48] dyn[yes:48] at ../source3/smbd/smb2_ioctl.c:358 [2013/11/07 14:24:52.436279, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/168/127 [2013/11/07 14:24:52.459493, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) smbd_smb2_request_incoming: idx[1] of 5 vectors [2013/11/07 14:24:52.459931, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) smb2_validate_sequence_number: clearing id 168 (position 168) from bitmap [2013/11/07 14:24:52.460177, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) smbd_smb2_request_dispatch: opcode[SMB2_OP_IOCTL] mid = 168 [2013/11/07 14:24:52.460584, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2013/11/07 14:24:52.460816, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) mid 168, CreditCharge: 1, NeededCharge: 1 [2013/11/07 14:24:52.461023, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl.c:394(smbd_smb2_ioctl_send) smbd_smb2_ioctl: ctl_code[0x0011c017] spoolss, fnum 3571729150 [2013/11/07 14:24:52.461243, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:59(smb2_ioctl_named_pipe) smbd_smb2_ioctl_send: np_write_send of size 4156 [2013/11/07 14:24:52.461518, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 4156 [2013/11/07 14:24:52.461724, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 4156 [2013/11/07 14:24:52.461924, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 4156 [2013/11/07 14:24:52.462176, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) fill_rpc_header: data_to_copy = 4156, len_needed_to_complete_hdr = 16, receive_len = 0 [2013/11/07 14:24:52.462383, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 16 [2013/11/07 14:24:52.462581, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 4140 [2013/11/07 14:24:52.462779, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 4140 [2013/11/07 14:24:52.462994, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 0 [2013/11/07 14:24:52.463190, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 4140 [2013/11/07 14:24:52.463386, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 4140, incoming data = 4140 [2013/11/07 14:24:52.463595, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) PDU is in Little Endian format! [2013/11/07 14:24:52.463822, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x103c (4156) auth_length : 0x0000 (0) call_id : 0x00000003 (3) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x00001024 (4132) context_id : 0x0000 (0) opnum : 0x0008 (8) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=4132 [0000] 00 00 00 00 0F 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 02 00 00 00 00 00 02 00 00 10 00 00 .,...... ........ [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1020] 00 10 00 00 .... [2013/11/07 14:24:52.488020, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) Processing packet type 0 [2013/11/07 14:24:52.488104, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1472(dcesrv_auth_request) Checking request auth. [2013/11/07 14:24:52.488197, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(2016, 5001) : sec_ctx_stack_ndx = 1 [2013/11/07 14:24:52.488287, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (2016, 5001) - sec_ctx_stack_ndx = 1 [2013/11/07 14:24:52.488371, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (7): SID[ 0]: S-1-5-21-1094127309-486540266-3527182606-1118 SID[ 1]: S-1-5-21-1094127309-486540266-3527182606-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-32-545 SID[ 6]: S-1-5-32-554 Privileges (0x 800000): Privilege[ 0]: SeChangeNotifyPrivilege Rights (0x 400): Right[ 0]: SeRemoteInteractiveLogonRight [2013/11/07 14:24:52.488895, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 2016 Primary group is 5001 and contains 6 supplementary groups Group[ 0]: 5001 Group[ 1]: 5012 Group[ 2]: 5032 Group[ 3]: 5010 Group[ 4]: 5067 Group[ 5]: 5052 [2013/11/07 14:24:52.489241, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1324(api_pipe_request) Requested \spoolss rpc service [2013/11/07 14:24:52.489341, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1356(api_rpcTNP) api_rpcTNP: \spoolss op 0x8 - api_rpcTNP: rpc command: SPOOLSS_GETPRINTER [2013/11/07 14:24:52.489427, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1390(api_rpcTNP) api_rpc_cmds[8].fn == 0xb766e000 [2013/11/07 14:24:52.489517, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) spoolss_GetPrinter: struct spoolss_GetPrinter in: struct spoolss_GetPrinter handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000010f-0000-0000-7b52-a4947f2c0000 level : 0x00000002 (2) buffer : * buffer : DATA_BLOB length=4096 [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ offered : 0x00001000 (4096) [2013/11/07 14:24:52.506952, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0F 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:52.507107, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0F 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:52.507256, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:489(get_printer_snum) short name:sprinter1 [2013/11/07 14:24:52.507426, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) Create pipe requested \winreg [2013/11/07 14:24:52.507519, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:221(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \winreg [2013/11/07 14:24:52.507601, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg [2013/11/07 14:24:52.507741, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) Created internal pipe \winreg [2013/11/07 14:24:52.507857, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:24:52.508367, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2013/11/07 14:24:52.508526, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(2016, 5001) : sec_ctx_stack_ndx = 2 [2013/11/07 14:24:52.508614, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:485(push_conn_ctx) push_conn_ctx(2620291195) : conn_ctx_stack_ndx = 0 [2013/11/07 14:24:52.508695, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/11/07 14:24:52.508775, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/11/07 14:24:52.508854, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/11/07 14:24:52.509104, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (2016, 5001) - sec_ctx_stack_ndx = 1 [2013/11/07 14:24:52.509189, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:866(regdb_open) regdb_open: registry db opened. refcount reset (1) [2013/11/07 14:24:52.509275, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2013/11/07 14:24:52.509387, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2013/11/07 14:24:52.509471, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:52.509550, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM] [2013/11/07 14:24:52.509683, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2013/11/07 14:24:52.509786, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:24:52.509875, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 14 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:52.510027, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000114-0000-0000-7b52-a4947f2c0000 result : WERR_OK [2013/11/07 14:24:52.510388, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000114-0000-0000-7b52-a4947f2c0000 keyname: struct winreg_String name_len : 0x008c (140) name_size : 0x008c (140) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:24:52.511402, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 14 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:52.511556, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2013/11/07 14:24:52.511638, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (1->2) [2013/11/07 14:24:52.511721, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2013/11/07 14:24:52.511800, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2013/11/07 14:24:52.511883, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:52.511962, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE] [2013/11/07 14:24:52.512072, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2013/11/07 14:24:52.512173, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2013/11/07 14:24:52.512254, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (2->3) [2013/11/07 14:24:52.512340, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:52.512462, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:52.512547, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:52.512626, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:52.512733, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:52.512833, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2013/11/07 14:24:52.512928, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (3->4) [2013/11/07 14:24:52.513012, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:52.513091, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:52.513174, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:52.513253, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:52.513369, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:52.513474, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2013/11/07 14:24:52.513556, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (4->5) [2013/11/07 14:24:52.513640, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:52.513719, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:52.513804, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:52.513883, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:52.514008, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2013/11/07 14:24:52.514091, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (5->6) [2013/11/07 14:24:52.514175, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:52.514255, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:52.514344, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:52.514422, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:52.514531, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2013/11/07 14:24:52.514613, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (6->7) [2013/11/07 14:24:52.514713, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:52.514793, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:52.514881, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:52.514960, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:52.515063, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:52.515165, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [sprinter1] [2013/11/07 14:24:52.515247, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (7->8) [2013/11/07 14:24:52.515484, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:52.515567, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:52.515657, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:52.515737, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:52.515868, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:52.515973, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:24:52.516059, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (8->7) [2013/11/07 14:24:52.516143, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (7->6) [2013/11/07 14:24:52.516227, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (6->5) [2013/11/07 14:24:52.516309, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (5->4) [2013/11/07 14:24:52.516426, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (4->3) [2013/11/07 14:24:52.516529, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (3->2) [2013/11/07 14:24:52.516614, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 15 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:52.516763, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000115-0000-0000-7b52-a4947f2c0000 result : WERR_OK [2013/11/07 14:24:52.517120, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey in: struct winreg_QueryInfoKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000115-0000-0000-7b52-a4947f2c0000 classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL [2013/11/07 14:24:52.517609, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 15 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:52.517765, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' (ops 0xb6d86bc0) [2013/11/07 14:24:52.517848, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:52.517969, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[0]: name[Attributes] len[4] [2013/11/07 14:24:52.518054, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[1]: name[Description] len[2] [2013/11/07 14:24:52.518137, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[2]: name[Datatype] len[8] [2013/11/07 14:24:52.518221, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[3]: name[Default Priority] len[4] [2013/11/07 14:24:52.518305, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[4]: name[Port] len[38] [2013/11/07 14:24:52.518389, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[5]: name[Name] len[20] [2013/11/07 14:24:52.518473, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[6]: name[Print Processor] len[18] [2013/11/07 14:24:52.518573, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[7]: name[Priority] len[4] [2013/11/07 14:24:52.518658, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[8]: name[Security] len[248] [2013/11/07 14:24:52.518742, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[9]: name[Share Name] len[20] [2013/11/07 14:24:52.518827, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[10]: name[StartTime] len[4] [2013/11/07 14:24:52.518912, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[11]: name[UntilTime] len[4] [2013/11/07 14:24:52.518996, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[12]: name[ChangeID] len[4] [2013/11/07 14:24:52.519082, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:52.519186, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey out: struct winreg_QueryInfoKey classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL num_subkeys : * num_subkeys : 0x00000003 (3) max_subkeylen : * max_subkeylen : 0x00000022 (34) max_classlen : * max_classlen : 0x00000000 (0) num_values : * num_values : 0x0000000d (13) max_valnamelen : * max_valnamelen : 0x00000022 (34) max_valbufsize : * max_valbufsize : 0x000000f8 (248) secdescsize : * secdescsize : 0x00000078 (120) last_changed_time : * last_changed_time : NTTIME(0) result : WERR_OK [2013/11/07 14:24:52.520167, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000115-0000-0000-7b52-a4947f2c0000 enum_index : 0x00000000 (0) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:52.521069, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 15 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:52.521219, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:52.521340, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0016 (22) size : 0x0024 (36) name : * name : 'Attributes' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x48 (72) [1] : 0x10 (16) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:52.522210, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000115-0000-0000-7b52-a4947f2c0000 enum_index : 0x00000001 (1) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:52.523056, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 15 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:52.523204, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:52.523291, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0018 (24) size : 0x0024 (36) name : * name : 'Description' type : * type : REG_SZ (1) value : * value: ARRAY(2) [0] : 0x00 (0) [1] : 0x00 (0) size : * size : 0x00000002 (2) length : * length : 0x00000002 (2) result : WERR_OK [2013/11/07 14:24:52.524092, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000115-0000-0000-7b52-a4947f2c0000 enum_index : 0x00000002 (2) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:52.524973, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 15 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:52.525122, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:52.525208, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Datatype' type : * type : REG_SZ (1) value : * value: ARRAY(8) [0] : 0x52 (82) [1] : 0x00 (0) [2] : 0x41 (65) [3] : 0x00 (0) [4] : 0x57 (87) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) size : * size : 0x00000008 (8) length : * length : 0x00000008 (8) result : WERR_OK [2013/11/07 14:24:52.526250, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000115-0000-0000-7b52-a4947f2c0000 enum_index : 0x00000003 (3) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:52.527090, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 15 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:52.527242, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:52.527328, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0022 (34) size : 0x0024 (36) name : * name : 'Default Priority' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:52.528190, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000115-0000-0000-7b52-a4947f2c0000 enum_index : 0x00000004 (4) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:52.529148, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 15 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:52.529310, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:52.529400, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x000a (10) size : 0x0024 (36) name : * name : 'Port' type : * type : REG_SZ (1) value : * value: ARRAY(38) [0] : 0x53 (83) [1] : 0x00 (0) [2] : 0x61 (97) [3] : 0x00 (0) [4] : 0x6d (109) [5] : 0x00 (0) [6] : 0x62 (98) [7] : 0x00 (0) [8] : 0x61 (97) [9] : 0x00 (0) [10] : 0x20 (32) [11] : 0x00 (0) [12] : 0x50 (80) [13] : 0x00 (0) [14] : 0x72 (114) [15] : 0x00 (0) [16] : 0x69 (105) [17] : 0x00 (0) [18] : 0x6e (110) [19] : 0x00 (0) [20] : 0x74 (116) [21] : 0x00 (0) [22] : 0x65 (101) [23] : 0x00 (0) [24] : 0x72 (114) [25] : 0x00 (0) [26] : 0x20 (32) [27] : 0x00 (0) [28] : 0x50 (80) [29] : 0x00 (0) [30] : 0x6f (111) [31] : 0x00 (0) [32] : 0x72 (114) [33] : 0x00 (0) [34] : 0x74 (116) [35] : 0x00 (0) [36] : 0x00 (0) [37] : 0x00 (0) size : * size : 0x00000026 (38) length : * length : 0x00000026 (38) result : WERR_OK [2013/11/07 14:24:52.531598, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000115-0000-0000-7b52-a4947f2c0000 enum_index : 0x00000005 (5) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:52.532472, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 15 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:52.532621, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:52.532707, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x000a (10) size : 0x0024 (36) name : * name : 'Name' type : * type : REG_SZ (1) value : * value: ARRAY(20) [0] : 0x73 (115) [1] : 0x00 (0) [2] : 0x70 (112) [3] : 0x00 (0) [4] : 0x72 (114) [5] : 0x00 (0) [6] : 0x69 (105) [7] : 0x00 (0) [8] : 0x6e (110) [9] : 0x00 (0) [10] : 0x74 (116) [11] : 0x00 (0) [12] : 0x65 (101) [13] : 0x00 (0) [14] : 0x72 (114) [15] : 0x00 (0) [16] : 0x31 (49) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) size : * size : 0x00000014 (20) length : * length : 0x00000014 (20) result : WERR_OK [2013/11/07 14:24:52.534220, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000115-0000-0000-7b52-a4947f2c0000 enum_index : 0x00000006 (6) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:52.535078, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 15 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:52.535226, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:52.535313, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0020 (32) size : 0x0024 (36) name : * name : 'Print Processor' type : * type : REG_SZ (1) value : * value: ARRAY(18) [0] : 0x77 (119) [1] : 0x00 (0) [2] : 0x69 (105) [3] : 0x00 (0) [4] : 0x6e (110) [5] : 0x00 (0) [6] : 0x70 (112) [7] : 0x00 (0) [8] : 0x72 (114) [9] : 0x00 (0) [10] : 0x69 (105) [11] : 0x00 (0) [12] : 0x6e (110) [13] : 0x00 (0) [14] : 0x74 (116) [15] : 0x00 (0) [16] : 0x00 (0) [17] : 0x00 (0) size : * size : 0x00000012 (18) length : * length : 0x00000012 (18) result : WERR_OK [2013/11/07 14:24:52.536742, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000115-0000-0000-7b52-a4947f2c0000 enum_index : 0x00000007 (7) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:52.537614, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 15 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:52.537762, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:52.537848, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Priority' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:52.538715, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000115-0000-0000-7b52-a4947f2c0000 enum_index : 0x00000008 (8) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:52.539558, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 15 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:52.539723, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:52.539810, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Security' type : * type : REG_BINARY (3) value : * value: ARRAY(248) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0xc4 (196) [55] : 0x00 (0) [56] : 0x07 (7) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x24 (36) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x05 (5) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x15 (21) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0xcd (205) [101] : 0x0e (14) [102] : 0x37 (55) [103] : 0x41 (65) [104] : 0xea (234) [105] : 0x03 (3) [106] : 0x00 (0) [107] : 0x1d (29) [108] : 0x0e (14) [109] : 0x89 (137) [110] : 0x3c (60) [111] : 0xd2 (210) [112] : 0x00 (0) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x02 (2) [118] : 0x24 (36) [119] : 0x00 (0) [120] : 0x0c (12) [121] : 0x00 (0) [122] : 0x0f (15) [123] : 0x10 (16) [124] : 0x01 (1) [125] : 0x05 (5) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x05 (5) [132] : 0x15 (21) [133] : 0x00 (0) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0xcd (205) [137] : 0x0e (14) [138] : 0x37 (55) [139] : 0x41 (65) [140] : 0xea (234) [141] : 0x03 (3) [142] : 0x00 (0) [143] : 0x1d (29) [144] : 0x0e (14) [145] : 0x89 (137) [146] : 0x3c (60) [147] : 0xd2 (210) [148] : 0x00 (0) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x09 (9) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x20 (32) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x02 (2) [178] : 0x18 (24) [179] : 0x00 (0) [180] : 0x0c (12) [181] : 0x00 (0) [182] : 0x0f (15) [183] : 0x10 (16) [184] : 0x01 (1) [185] : 0x02 (2) [186] : 0x00 (0) [187] : 0x00 (0) [188] : 0x00 (0) [189] : 0x00 (0) [190] : 0x00 (0) [191] : 0x05 (5) [192] : 0x20 (32) [193] : 0x00 (0) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x20 (32) [197] : 0x02 (2) [198] : 0x00 (0) [199] : 0x00 (0) [200] : 0x00 (0) [201] : 0x09 (9) [202] : 0x18 (24) [203] : 0x00 (0) [204] : 0x0c (12) [205] : 0x00 (0) [206] : 0x0f (15) [207] : 0x10 (16) [208] : 0x01 (1) [209] : 0x02 (2) [210] : 0x00 (0) [211] : 0x00 (0) [212] : 0x00 (0) [213] : 0x00 (0) [214] : 0x00 (0) [215] : 0x05 (5) [216] : 0x20 (32) [217] : 0x00 (0) [218] : 0x00 (0) [219] : 0x00 (0) [220] : 0x26 (38) [221] : 0x02 (2) [222] : 0x00 (0) [223] : 0x00 (0) [224] : 0x00 (0) [225] : 0x02 (2) [226] : 0x18 (24) [227] : 0x00 (0) [228] : 0x0c (12) [229] : 0x00 (0) [230] : 0x0f (15) [231] : 0x10 (16) [232] : 0x01 (1) [233] : 0x02 (2) [234] : 0x00 (0) [235] : 0x00 (0) [236] : 0x00 (0) [237] : 0x00 (0) [238] : 0x00 (0) [239] : 0x05 (5) [240] : 0x20 (32) [241] : 0x00 (0) [242] : 0x00 (0) [243] : 0x00 (0) [244] : 0x26 (38) [245] : 0x02 (2) [246] : 0x00 (0) [247] : 0x00 (0) size : * size : 0x000000f8 (248) length : * length : 0x000000f8 (248) result : WERR_OK [2013/11/07 14:24:52.550290, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000115-0000-0000-7b52-a4947f2c0000 enum_index : 0x00000009 (9) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:52.551230, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 15 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:52.551379, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:52.551467, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0016 (22) size : 0x0024 (36) name : * name : 'Share Name' type : * type : REG_SZ (1) value : * value: ARRAY(20) [0] : 0x73 (115) [1] : 0x00 (0) [2] : 0x70 (112) [3] : 0x00 (0) [4] : 0x72 (114) [5] : 0x00 (0) [6] : 0x69 (105) [7] : 0x00 (0) [8] : 0x6e (110) [9] : 0x00 (0) [10] : 0x74 (116) [11] : 0x00 (0) [12] : 0x65 (101) [13] : 0x00 (0) [14] : 0x72 (114) [15] : 0x00 (0) [16] : 0x31 (49) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) size : * size : 0x00000014 (20) length : * length : 0x00000014 (20) result : WERR_OK [2013/11/07 14:24:52.552982, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000115-0000-0000-7b52-a4947f2c0000 enum_index : 0x0000000a (10) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:52.553856, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 15 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:52.554004, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:52.554091, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0014 (20) size : 0x0024 (36) name : * name : 'StartTime' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:52.554952, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000115-0000-0000-7b52-a4947f2c0000 enum_index : 0x0000000b (11) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:52.555808, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 15 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:52.555970, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:52.556057, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0014 (20) size : 0x0024 (36) name : * name : 'UntilTime' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:52.556953, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000115-0000-0000-7b52-a4947f2c0000 enum_index : 0x0000000c (12) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:52.557834, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 15 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:52.557983, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:52.558073, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'ChangeID' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x33 (51) [1] : 0xac (172) [2] : 0x0e (14) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:52.559003, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000115-0000-0000-7b52-a4947f2c0000 value_name : * value_name: struct winreg_String name_len : 0x0020 (32) name_size : 0x0020 (32) name : * name : 'Default DevMode' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2013/11/07 14:24:52.559773, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 15 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:52.559922, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:52.560004, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2013/11/07 14:24:52.560091, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:316(_winreg_QueryValue) _winreg_QueryValue: reg_queryvalue failed with: WERR_BADFILE [2013/11/07 14:24:52.560172, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) result : WERR_BADFILE [2013/11/07 14:24:52.560656, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:24:52.561161, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2013/11/07 14:24:52.561259, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (2->3) [2013/11/07 14:24:52.561357, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2013/11/07 14:24:52.561436, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2013/11/07 14:24:52.561520, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:52.561599, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM] [2013/11/07 14:24:52.561717, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2013/11/07 14:24:52.561820, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:24:52.561908, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[3] [0000] 00 00 00 00 16 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:52.562057, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000116-0000-0000-7b52-a4947f2c0000 result : WERR_OK [2013/11/07 14:24:52.562399, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000116-0000-0000-7b52-a4947f2c0000 keyname: struct winreg_String name_len : 0x008c (140) name_size : 0x008c (140) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:24:52.563399, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 16 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:52.563567, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2013/11/07 14:24:52.563649, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (3->4) [2013/11/07 14:24:52.563732, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2013/11/07 14:24:52.563811, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2013/11/07 14:24:52.563894, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:52.563973, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE] [2013/11/07 14:24:52.564082, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2013/11/07 14:24:52.564181, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2013/11/07 14:24:52.564263, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (4->5) [2013/11/07 14:24:52.564346, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:52.564455, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:52.564539, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:52.564618, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:52.564724, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:52.564824, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2013/11/07 14:24:52.564906, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (5->6) [2013/11/07 14:24:52.564990, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:52.565069, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:52.565153, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:52.565232, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:52.565346, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:52.565460, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2013/11/07 14:24:52.565541, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (6->7) [2013/11/07 14:24:52.565627, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:52.565706, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:52.565791, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:52.565869, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:52.565992, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2013/11/07 14:24:52.566074, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (7->8) [2013/11/07 14:24:52.566161, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:52.566241, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:52.566328, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:52.566407, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:52.566514, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2013/11/07 14:24:52.566596, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (8->9) [2013/11/07 14:24:52.566680, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:52.566762, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:52.566851, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:52.566930, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:52.567035, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:52.567151, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [sprinter1] [2013/11/07 14:24:52.567234, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (9->10) [2013/11/07 14:24:52.567319, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:52.567399, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:52.567486, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:52.567564, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:52.567676, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:52.567778, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:24:52.567862, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (10->9) [2013/11/07 14:24:52.567945, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (9->8) [2013/11/07 14:24:52.568028, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (8->7) [2013/11/07 14:24:52.568111, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (7->6) [2013/11/07 14:24:52.568194, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (6->5) [2013/11/07 14:24:52.568278, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (5->4) [2013/11/07 14:24:52.568361, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[4] [0000] 00 00 00 00 17 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:52.568540, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000117-0000-0000-7b52-a4947f2c0000 result : WERR_OK [2013/11/07 14:24:52.568889, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000117-0000-0000-7b52-a4947f2c0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2013/11/07 14:24:52.569704, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 17 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:52.569853, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:52.569935, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2013/11/07 14:24:52.570018, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' (ops 0xb6d86bc0) [2013/11/07 14:24:52.570101, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:52.570211, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[0]: name[Attributes] len[4] [2013/11/07 14:24:52.570296, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[1]: name[Description] len[2] [2013/11/07 14:24:52.570380, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[2]: name[Datatype] len[8] [2013/11/07 14:24:52.570464, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[3]: name[Default Priority] len[4] [2013/11/07 14:24:52.570548, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[4]: name[Port] len[38] [2013/11/07 14:24:52.570632, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[5]: name[Name] len[20] [2013/11/07 14:24:52.570716, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[6]: name[Print Processor] len[18] [2013/11/07 14:24:52.570800, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[7]: name[Priority] len[4] [2013/11/07 14:24:52.570899, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[8]: name[Security] len[248] [2013/11/07 14:24:52.570983, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[9]: name[Share Name] len[20] [2013/11/07 14:24:52.571068, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[10]: name[StartTime] len[4] [2013/11/07 14:24:52.571153, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[11]: name[UntilTime] len[4] [2013/11/07 14:24:52.571238, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[12]: name[ChangeID] len[4] [2013/11/07 14:24:52.571323, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : NULL data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x00000000 (0) result : WERR_OK [2013/11/07 14:24:52.571775, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000117-0000-0000-7b52-a4947f2c0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_BINARY (3) data : * data: ARRAY(0) data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x00000000 (0) [2013/11/07 14:24:52.572613, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 17 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:52.572762, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:52.572844, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2013/11/07 14:24:52.572931, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : * data: ARRAY(248) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0xc4 (196) [55] : 0x00 (0) [56] : 0x07 (7) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x24 (36) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x05 (5) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x15 (21) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0xcd (205) [101] : 0x0e (14) [102] : 0x37 (55) [103] : 0x41 (65) [104] : 0xea (234) [105] : 0x03 (3) [106] : 0x00 (0) [107] : 0x1d (29) [108] : 0x0e (14) [109] : 0x89 (137) [110] : 0x3c (60) [111] : 0xd2 (210) [112] : 0x00 (0) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x02 (2) [118] : 0x24 (36) [119] : 0x00 (0) [120] : 0x0c (12) [121] : 0x00 (0) [122] : 0x0f (15) [123] : 0x10 (16) [124] : 0x01 (1) [125] : 0x05 (5) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x05 (5) [132] : 0x15 (21) [133] : 0x00 (0) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0xcd (205) [137] : 0x0e (14) [138] : 0x37 (55) [139] : 0x41 (65) [140] : 0xea (234) [141] : 0x03 (3) [142] : 0x00 (0) [143] : 0x1d (29) [144] : 0x0e (14) [145] : 0x89 (137) [146] : 0x3c (60) [147] : 0xd2 (210) [148] : 0x00 (0) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x09 (9) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x20 (32) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x02 (2) [178] : 0x18 (24) [179] : 0x00 (0) [180] : 0x0c (12) [181] : 0x00 (0) [182] : 0x0f (15) [183] : 0x10 (16) [184] : 0x01 (1) [185] : 0x02 (2) [186] : 0x00 (0) [187] : 0x00 (0) [188] : 0x00 (0) [189] : 0x00 (0) [190] : 0x00 (0) [191] : 0x05 (5) [192] : 0x20 (32) [193] : 0x00 (0) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x20 (32) [197] : 0x02 (2) [198] : 0x00 (0) [199] : 0x00 (0) [200] : 0x00 (0) [201] : 0x09 (9) [202] : 0x18 (24) [203] : 0x00 (0) [204] : 0x0c (12) [205] : 0x00 (0) [206] : 0x0f (15) [207] : 0x10 (16) [208] : 0x01 (1) [209] : 0x02 (2) [210] : 0x00 (0) [211] : 0x00 (0) [212] : 0x00 (0) [213] : 0x00 (0) [214] : 0x00 (0) [215] : 0x05 (5) [216] : 0x20 (32) [217] : 0x00 (0) [218] : 0x00 (0) [219] : 0x00 (0) [220] : 0x26 (38) [221] : 0x02 (2) [222] : 0x00 (0) [223] : 0x00 (0) [224] : 0x00 (0) [225] : 0x02 (2) [226] : 0x18 (24) [227] : 0x00 (0) [228] : 0x0c (12) [229] : 0x00 (0) [230] : 0x0f (15) [231] : 0x10 (16) [232] : 0x01 (1) [233] : 0x02 (2) [234] : 0x00 (0) [235] : 0x00 (0) [236] : 0x00 (0) [237] : 0x00 (0) [238] : 0x00 (0) [239] : 0x05 (5) [240] : 0x20 (32) [241] : 0x00 (0) [242] : 0x00 (0) [243] : 0x00 (0) [244] : 0x26 (38) [245] : 0x02 (2) [246] : 0x00 (0) [247] : 0x00 (0) data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x000000f8 (248) result : WERR_OK [2013/11/07 14:24:52.583283, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000117-0000-0000-7b52-a4947f2c0000 [2013/11/07 14:24:52.583566, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 17 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:52.583715, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 17 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:52.583862, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:24:52.583948, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (4->3) [2013/11/07 14:24:52.584044, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:24:52.584381, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000116-0000-0000-7b52-a4947f2c0000 [2013/11/07 14:24:52.584687, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 16 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:52.584840, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 16 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:52.584991, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:24:52.585073, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (3->2) [2013/11/07 14:24:52.585155, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:24:52.585521, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000115-0000-0000-7b52-a4947f2c0000 [2013/11/07 14:24:52.585800, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 15 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:52.585950, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 15 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:52.586100, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:24:52.586187, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (2->1) [2013/11/07 14:24:52.586270, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:24:52.586619, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000114-0000-0000-7b52-a4947f2c0000 [2013/11/07 14:24:52.586897, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 14 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:52.587045, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 14 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:52.587192, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:24:52.587274, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (1->0) [2013/11/07 14:24:52.587378, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:24:52.587715, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:416(close_policy_by_pipe) Deleted handle list for RPC connection \winreg [2013/11/07 14:24:52.587930, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) spoolss_GetPrinter: struct spoolss_GetPrinter out: struct spoolss_GetPrinter info : * info : union spoolss_PrinterInfo(case 2) info2: struct spoolss_PrinterInfo2 servername : * servername : '\\SLAVER' printername : * printername : '\\SLAVER\sprinter1' sharename : * sharename : 'sprinter1' portname : * portname : 'Samba Printer Port' drivername : * drivername : '' comment : * comment : '' location : * location : '' devmode : * devmode: struct spoolss_DeviceMode devicename : '\\SLAVER\sprinter1' specversion : DMSPEC_NT4_AND_ABOVE (1025) driverversion : 0x0400 (1024) size : 0x00dc (220) __driverextra_length : 0x0000 (0) fields : 0x00014713 (83731) 1: DEVMODE_ORIENTATION 1: DEVMODE_PAPERSIZE 0: DEVMODE_PAPERLENGTH 0: DEVMODE_PAPERWIDTH 1: DEVMODE_SCALE 0: DEVMODE_POSITION 0: DEVMODE_NUP 1: DEVMODE_COPIES 1: DEVMODE_DEFAULTSOURCE 1: DEVMODE_PRINTQUALITY 0: DEVMODE_COLOR 0: DEVMODE_DUPLEX 0: DEVMODE_YRESOLUTION 1: DEVMODE_TTOPTION 0: DEVMODE_COLLATE 1: DEVMODE_FORMNAME 0: DEVMODE_LOGPIXELS 0: DEVMODE_BITSPERPEL 0: DEVMODE_PELSWIDTH 0: DEVMODE_PELSHEIGHT 0: DEVMODE_DISPLAYFLAGS 0: DEVMODE_DISPLAYFREQUENCY 0: DEVMODE_ICMMETHOD 0: DEVMODE_ICMINTENT 0: DEVMODE_MEDIATYPE 0: DEVMODE_DITHERTYPE 0: DEVMODE_PANNINGWIDTH 0: DEVMODE_PANNINGHEIGHT orientation : DMORIENT_PORTRAIT (1) papersize : DMPAPER_LETTER (1) paperlength : 0x0000 (0) paperwidth : 0x0000 (0) scale : 0x0064 (100) copies : 0x0001 (1) defaultsource : DMBIN_FORMSOURCE (15) printquality : DMRES_HIGH (65532) color : DMRES_MONOCHROME (1) duplex : DMDUP_SIMPLEX (1) yresolution : 0x0000 (0) ttoption : DMTT_SUBDEV (3) collate : DMCOLLATE_FALSE (0) formname : 'Letter' logpixels : 0x0000 (0) bitsperpel : 0x00000000 (0) pelswidth : 0x00000000 (0) pelsheight : 0x00000000 (0) displayflags : UNKNOWN_ENUM_VALUE (0) displayfrequency : 0x00000000 (0) icmmethod : UNKNOWN_ENUM_VALUE (0) icmintent : UNKNOWN_ENUM_VALUE (0) mediatype : UNKNOWN_ENUM_VALUE (0) dithertype : UNKNOWN_ENUM_VALUE (0) reserved1 : 0x00000000 (0) reserved2 : 0x00000000 (0) panningwidth : 0x00000000 (0) panningheight : 0x00000000 (0) driverextra_data : DATA_BLOB length=0 sepfile : * sepfile : '' printprocessor : * printprocessor : 'winprint' datatype : * datatype : 'RAW' parameters : * parameters : '' secdesc : * secdesc: struct security_descriptor revision : SECURITY_DESCRIPTOR_REVISION_1 (1) type : 0x8004 (32772) 0: SEC_DESC_OWNER_DEFAULTED 0: SEC_DESC_GROUP_DEFAULTED 1: SEC_DESC_DACL_PRESENT 0: SEC_DESC_DACL_DEFAULTED 0: SEC_DESC_SACL_PRESENT 0: SEC_DESC_SACL_DEFAULTED 0: SEC_DESC_DACL_TRUSTED 0: SEC_DESC_SERVER_SECURITY 0: SEC_DESC_DACL_AUTO_INHERIT_REQ 0: SEC_DESC_SACL_AUTO_INHERIT_REQ 0: SEC_DESC_DACL_AUTO_INHERITED 0: SEC_DESC_SACL_AUTO_INHERITED 0: SEC_DESC_DACL_PROTECTED 0: SEC_DESC_SACL_PROTECTED 0: SEC_DESC_RM_CONTROL_VALID 1: SEC_DESC_SELF_RELATIVE owner_sid : * owner_sid : S-1-5-32-544 group_sid : * group_sid : S-1-5-32-544 sacl : NULL dacl : * dacl: struct security_acl revision : SECURITY_ACL_REVISION_NT4 (2) size : 0x00c4 (196) num_aces : 0x00000007 (7) aces: ARRAY(7) aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0014 (20) access_mask : 0x20020008 (537001992) object : union security_ace_object_ctr(case 0) trustee : S-1-1-0 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x09 (9) 1: SEC_ACE_FLAG_OBJECT_INHERIT 0: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 1: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0024 (36) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-21-1094127309-486540266-3527182606-512 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0024 (36) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-21-1094127309-486540266-3527182606-512 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x09 (9) 1: SEC_ACE_FLAG_OBJECT_INHERIT 0: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 1: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-544 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-544 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x09 (9) 1: SEC_ACE_FLAG_OBJECT_INHERIT 0: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 1: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-550 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-550 attributes : 0x00001048 (4168) 0: PRINTER_ATTRIBUTE_QUEUED 0: PRINTER_ATTRIBUTE_DIRECT 0: PRINTER_ATTRIBUTE_DEFAULT 1: PRINTER_ATTRIBUTE_SHARED 0: PRINTER_ATTRIBUTE_NETWORK 0: PRINTER_ATTRIBUTE_HIDDEN 1: PRINTER_ATTRIBUTE_LOCAL 0: PRINTER_ATTRIBUTE_ENABLE_DEVQ 0: PRINTER_ATTRIBUTE_KEEPPRINTEDJOBS 0: PRINTER_ATTRIBUTE_DO_COMPLETE_FIRST 0: PRINTER_ATTRIBUTE_WORK_OFFLINE 0: PRINTER_ATTRIBUTE_ENABLE_BIDI 1: PRINTER_ATTRIBUTE_RAW_ONLY 0: PRINTER_ATTRIBUTE_PUBLISHED 0: PRINTER_ATTRIBUTE_FAX 0: PRINTER_ATTRIBUTE_TS priority : 0x00000001 (1) defaultpriority : 0x00000001 (1) starttime : 0x00000000 (0) untiltime : 0x00000000 (0) status : 0x00000000 (0) 0: PRINTER_STATUS_PAUSED 0: PRINTER_STATUS_ERROR 0: PRINTER_STATUS_PENDING_DELETION 0: PRINTER_STATUS_PAPER_JAM 0: PRINTER_STATUS_PAPER_OUT 0: PRINTER_STATUS_MANUAL_FEED 0: PRINTER_STATUS_PAPER_PROBLEM 0: PRINTER_STATUS_OFFLINE 0: PRINTER_STATUS_IO_ACTIVE 0: PRINTER_STATUS_BUSY 0: PRINTER_STATUS_PRINTING 0: PRINTER_STATUS_OUTPUT_BIN_FULL 0: PRINTER_STATUS_NOT_AVAILABLE 0: PRINTER_STATUS_WAITING 0: PRINTER_STATUS_PROCESSING 0: PRINTER_STATUS_INITIALIZING 0: PRINTER_STATUS_WARMING_UP 0: PRINTER_STATUS_TONER_LOW 0: PRINTER_STATUS_NO_TONER 0: PRINTER_STATUS_PAGE_PUNT 0: PRINTER_STATUS_USER_INTERVENTION 0: PRINTER_STATUS_OUT_OF_MEMORY 0: PRINTER_STATUS_DOOR_OPEN 0: PRINTER_STATUS_SERVER_UNKNOWN 0: PRINTER_STATUS_POWER_SAVE cjobs : 0x00000000 (0) averageppm : 0x00000000 (0) needed : * needed : 0x000002f0 (752) result : WERR_OK [2013/11/07 14:24:52.599318, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1417(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2013/11/07 14:24:52.599441, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (2016, 5001) - sec_ctx_stack_ndx = 0 [2013/11/07 14:24:52.599529, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 4140 smbd_smb2_request_pending_queue: req->current_idx = 1 req->in.vector[0].iov_len = 0 req->in.vector[1].iov_len = 0 req->in.vector[2].iov_len = 64 req->in.vector[3].iov_len = 56 req->in.vector[4].iov_len = 4156 req->out.vector[0].iov_len = 4 req->out.vector[1].iov_len = 0 req->out.vector[2].iov_len = 64 req->out.vector[3].iov_len = 8 req->out.vector[4].iov_len = 0 [2013/11/07 14:24:52.600034, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:128(smbd_smb2_ioctl_pipe_write_done) smbd_smb2_ioctl_pipe_write_done: received 4156 [2013/11/07 14:24:52.600118, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:149(smbd_smb2_ioctl_pipe_write_done) smbd_smb2_ioctl_pipe_write_done: issuing np_read_send of size 1024 [2013/11/07 14:24:52.600216, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) name: \spoolss len: 1024 [2013/11/07 14:24:52.600300, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:347(read_from_internal_pipe) read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 4112. [2013/11/07 14:24:52.600443, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x1028 (4136) auth_length : 0x0000 (0) call_id : 0x00000003 (3) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00001010 (4112) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=4112 [0000] 04 00 02 00 00 10 00 00 EE 0F 00 00 C8 0F 00 00 ........ ........ [0010] B4 0F 00 00 8E 0F 00 00 8C 0F 00 00 8A 0F 00 00 ........ ........ [0020] 88 0F 00 00 8C 0E 00 00 86 0F 00 00 74 0F 00 00 ........ ....t... [0030] 6C 0F 00 00 6A 0F 00 00 94 0D 00 00 48 10 00 00 l...j... ....H... [0040] 01 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 01 00 04 80 ........ ........ [0DA0] D8 00 00 00 E8 00 00 00 00 00 00 00 14 00 00 00 ........ ........ [0DB0] 02 00 C4 00 07 00 00 00 00 02 14 00 08 00 02 20 ........ ....... [0DC0] 01 01 00 00 00 00 00 01 00 00 00 00 00 09 24 00 ........ ......$. [0DD0] 0C 00 0F 10 01 05 00 00 00 00 00 05 15 00 00 00 ........ ........ [0DE0] CD 0E 37 41 EA 03 00 1D 0E 89 3C D2 00 02 00 00 ..7A.... ..<..... [0DF0] 00 02 24 00 0C 00 0F 10 01 05 00 00 00 00 00 05 ..$..... ........ [0E00] 15 00 00 00 CD 0E 37 41 EA 03 00 1D 0E 89 3C D2 ......7A ......<. [0E10] 00 02 00 00 00 09 18 00 0C 00 0F 10 01 02 00 00 ........ ........ [0E20] 00 00 00 05 20 00 00 00 20 02 00 00 00 02 18 00 .... ... ....... [0E30] 0C 00 0F 10 01 02 00 00 00 00 00 05 20 00 00 00 ........ .... ... [0E40] 20 02 00 00 00 09 18 00 0C 00 0F 10 01 02 00 00 ....... ........ [0E50] 00 00 00 05 20 00 00 00 26 02 00 00 00 02 18 00 .... ... &....... [0E60] 0C 00 0F 10 01 02 00 00 00 00 00 05 20 00 00 00 ........ .... ... [0E70] 26 02 00 00 01 02 00 00 00 00 00 05 20 00 00 00 &....... .... ... [0E80] 20 02 00 00 01 02 00 00 00 00 00 05 20 00 00 00 ....... .... ... [0E90] 20 02 00 00 5C 00 5C 00 53 00 4C 00 41 00 56 00 ...\.\. S.L.A.V. [0EA0] 45 00 52 00 5C 00 73 00 70 00 72 00 69 00 6E 00 E.R.\.s. p.r.i.n. [0EB0] 74 00 65 00 72 00 31 00 00 00 00 00 00 00 00 00 t.e.r.1. ........ [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0ED0] 00 00 00 00 01 04 00 04 DC 00 00 00 13 47 01 00 ........ .....G.. [0EE0] 01 00 01 00 00 00 00 00 64 00 01 00 0F 00 FC FF ........ d....... [0EF0] 01 00 01 00 00 00 03 00 00 00 4C 00 65 00 74 00 ........ ..L.e.t. [0F00] 74 00 65 00 72 00 00 00 00 00 00 00 00 00 00 00 t.e.r... ........ [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F70] 00 00 00 00 52 00 41 00 57 00 00 00 77 00 69 00 ....R.A. W...w.i. [0F80] 6E 00 70 00 72 00 69 00 6E 00 74 00 00 00 00 00 n.p.r.i. n.t..... [0F90] 00 00 00 00 00 00 53 00 61 00 6D 00 62 00 61 00 ......S. a.m.b.a. [0FA0] 20 00 50 00 72 00 69 00 6E 00 74 00 65 00 72 00 .P.r.i. n.t.e.r. [0FB0] 20 00 50 00 6F 00 72 00 74 00 00 00 73 00 70 00 .P.o.r. t...s.p. [0FC0] 72 00 69 00 6E 00 74 00 65 00 72 00 31 00 00 00 r.i.n.t. e.r.1... [0FD0] 5C 00 5C 00 53 00 4C 00 41 00 56 00 45 00 52 00 \.\.S.L. A.V.E.R. [0FE0] 5C 00 73 00 70 00 72 00 69 00 6E 00 74 00 65 00 \.s.p.r. i.n.t.e. [0FF0] 72 00 31 00 00 00 5C 00 5C 00 53 00 4C 00 41 00 r.1...\. \.S.L.A. [1000] 56 00 45 00 52 00 00 00 F0 02 00 00 00 00 00 00 V.E.R... ........ [2013/11/07 14:24:52.619055, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 1024 bytes. There is more data outstanding [2013/11/07 14:24:52.619145, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:178(smbd_smb2_ioctl_pipe_read_done) smbd_smb2_ioctl_pipe_read_done: np_read_recv nread = 1024 is_data_outstanding = 1, status = NT_STATUS_OK [2013/11/07 14:24:52.619235, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl.c:291(smbd_smb2_request_ioctl_done) smbd_smb2_request_ioctl_done: smbd_smb2_ioctl_recv returned 1024 status STATUS_BUFFER_OVERFLOW [2013/11/07 14:24:52.619320, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) smbd_smb2_request_done_ex: idx[1] status[STATUS_BUFFER_OVERFLOW] body[48] dyn[yes:1024] at ../source3/smbd/smb2_ioctl.c:358 [2013/11/07 14:24:52.619408, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/169/127 [2013/11/07 14:24:52.620675, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) smbd_smb2_request_incoming: idx[1] of 5 vectors [2013/11/07 14:24:52.620802, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) smb2_validate_sequence_number: clearing id 169 (position 169) from bitmap [2013/11/07 14:24:52.620903, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) smbd_smb2_request_dispatch: opcode[SMB2_OP_READ] mid = 169 [2013/11/07 14:24:52.621009, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2013/11/07 14:24:52.621102, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) mid 169, CreditCharge: 1, NeededCharge: 1 [2013/11/07 14:24:52.621185, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_read.c:400(smbd_smb2_read_send) smbd_smb2_read: spoolss - fnum 3571729150 [2013/11/07 14:24:52.621295, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) name: \spoolss len: 3112 [2013/11/07 14:24:52.621403, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:326(read_from_internal_pipe) read_from_pipe: \spoolss: current_pdu_len = 4136, current_pdu_sent = 1024 returning 3112 bytes. [2013/11/07 14:24:52.621493, 3, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) free_pipe_context: destroying talloc pool of size 1258 smbd_smb2_request_pending_queue: req->current_idx = 1 req->in.vector[0].iov_len = 0 req->in.vector[1].iov_len = 0 req->in.vector[2].iov_len = 64 req->in.vector[3].iov_len = 48 req->in.vector[4].iov_len = 1 req->out.vector[0].iov_len = 4 req->out.vector[1].iov_len = 0 req->out.vector[2].iov_len = 64 req->out.vector[3].iov_len = 8 req->out.vector[4].iov_len = 0 [2013/11/07 14:24:52.622007, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 3112 bytes. There is more data outstanding [2013/11/07 14:24:52.622092, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[16] dyn[yes:3112] at ../source3/smbd/smb2_read.c:154 [2013/11/07 14:24:52.622178, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/170/127 [2013/11/07 14:24:52.624487, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) smbd_smb2_request_incoming: idx[1] of 5 vectors [2013/11/07 14:24:52.624830, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) smb2_validate_sequence_number: clearing id 170 (position 170) from bitmap [2013/11/07 14:24:52.625063, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) smbd_smb2_request_dispatch: opcode[SMB2_OP_IOCTL] mid = 170 [2013/11/07 14:24:52.625410, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2013/11/07 14:24:52.625678, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) mid 170, CreditCharge: 1, NeededCharge: 1 [2013/11/07 14:24:52.625905, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl.c:394(smbd_smb2_ioctl_send) smbd_smb2_ioctl: ctl_code[0x0011c017] spoolss, fnum 3571729150 [2013/11/07 14:24:52.626153, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:59(smb2_ioctl_named_pipe) smbd_smb2_ioctl_send: np_write_send of size 4156 [2013/11/07 14:24:52.626357, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 4156 [2013/11/07 14:24:52.626561, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 4156 [2013/11/07 14:24:52.626761, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 4156 [2013/11/07 14:24:52.626963, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) fill_rpc_header: data_to_copy = 4156, len_needed_to_complete_hdr = 16, receive_len = 0 [2013/11/07 14:24:52.627168, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 16 [2013/11/07 14:24:52.627409, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 4140 [2013/11/07 14:24:52.627612, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 4140 [2013/11/07 14:24:52.627825, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 0 [2013/11/07 14:24:52.628022, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 4140 [2013/11/07 14:24:52.628219, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 4140, incoming data = 4140 [2013/11/07 14:24:52.628490, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) PDU is in Little Endian format! [2013/11/07 14:24:52.628729, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x103c (4156) auth_length : 0x0000 (0) call_id : 0x00000004 (4) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x00001024 (4132) context_id : 0x0000 (0) opnum : 0x0008 (8) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=4132 [0000] 00 00 00 00 0F 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 02 00 00 00 00 00 02 00 00 10 00 00 .,...... ........ [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1020] 00 10 00 00 .... [2013/11/07 14:24:52.647844, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) Processing packet type 0 [2013/11/07 14:24:52.647928, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1472(dcesrv_auth_request) Checking request auth. [2013/11/07 14:24:52.648020, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(2016, 5001) : sec_ctx_stack_ndx = 1 [2013/11/07 14:24:52.648110, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (2016, 5001) - sec_ctx_stack_ndx = 1 [2013/11/07 14:24:52.648193, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (7): SID[ 0]: S-1-5-21-1094127309-486540266-3527182606-1118 SID[ 1]: S-1-5-21-1094127309-486540266-3527182606-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-32-545 SID[ 6]: S-1-5-32-554 Privileges (0x 800000): Privilege[ 0]: SeChangeNotifyPrivilege Rights (0x 400): Right[ 0]: SeRemoteInteractiveLogonRight [2013/11/07 14:24:52.648700, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 2016 Primary group is 5001 and contains 6 supplementary groups Group[ 0]: 5001 Group[ 1]: 5012 Group[ 2]: 5032 Group[ 3]: 5010 Group[ 4]: 5067 Group[ 5]: 5052 [2013/11/07 14:24:52.649061, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1324(api_pipe_request) Requested \spoolss rpc service [2013/11/07 14:24:52.649149, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1356(api_rpcTNP) api_rpcTNP: \spoolss op 0x8 - api_rpcTNP: rpc command: SPOOLSS_GETPRINTER [2013/11/07 14:24:52.649235, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1390(api_rpcTNP) api_rpc_cmds[8].fn == 0xb766e000 [2013/11/07 14:24:52.649338, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) spoolss_GetPrinter: struct spoolss_GetPrinter in: struct spoolss_GetPrinter handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000010f-0000-0000-7b52-a4947f2c0000 level : 0x00000002 (2) buffer : * buffer : DATA_BLOB length=4096 [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ offered : 0x00001000 (4096) [2013/11/07 14:24:52.666817, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0F 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:52.666973, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0F 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:52.667122, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:489(get_printer_snum) short name:sprinter1 [2013/11/07 14:24:52.667308, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) Create pipe requested \winreg [2013/11/07 14:24:52.667403, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:221(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \winreg [2013/11/07 14:24:52.667486, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg [2013/11/07 14:24:52.667629, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) Created internal pipe \winreg [2013/11/07 14:24:52.667745, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:24:52.668256, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2013/11/07 14:24:52.668341, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(2016, 5001) : sec_ctx_stack_ndx = 2 [2013/11/07 14:24:52.668485, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:485(push_conn_ctx) push_conn_ctx(2620291195) : conn_ctx_stack_ndx = 0 [2013/11/07 14:24:52.668567, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/11/07 14:24:52.668663, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/11/07 14:24:52.668743, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/11/07 14:24:52.668993, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (2016, 5001) - sec_ctx_stack_ndx = 1 [2013/11/07 14:24:52.669079, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:866(regdb_open) regdb_open: registry db opened. refcount reset (1) [2013/11/07 14:24:52.669165, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2013/11/07 14:24:52.669245, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2013/11/07 14:24:52.669344, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:52.669423, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM] [2013/11/07 14:24:52.669553, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2013/11/07 14:24:52.669656, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:24:52.669744, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 18 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:52.669897, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000118-0000-0000-7b52-a4947f2c0000 result : WERR_OK [2013/11/07 14:24:52.670258, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000118-0000-0000-7b52-a4947f2c0000 keyname: struct winreg_String name_len : 0x008c (140) name_size : 0x008c (140) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:24:52.671273, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 18 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:52.671427, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2013/11/07 14:24:52.671509, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (1->2) [2013/11/07 14:24:52.671592, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2013/11/07 14:24:52.671671, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2013/11/07 14:24:52.671755, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:52.671834, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE] [2013/11/07 14:24:52.671944, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2013/11/07 14:24:52.672044, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2013/11/07 14:24:52.672126, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (2->3) [2013/11/07 14:24:52.672210, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:52.672289, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:52.672372, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:52.672493, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:52.672599, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:52.672699, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2013/11/07 14:24:52.672781, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (3->4) [2013/11/07 14:24:52.672865, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:52.672944, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:52.673042, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:52.673121, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:52.673222, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:52.673341, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2013/11/07 14:24:52.673423, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (4->5) [2013/11/07 14:24:52.673507, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:52.673586, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:52.673671, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:52.673750, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:52.673875, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2013/11/07 14:24:52.673958, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (5->6) [2013/11/07 14:24:52.674042, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:52.674122, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:52.674210, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:52.674289, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:52.674397, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2013/11/07 14:24:52.674479, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (6->7) [2013/11/07 14:24:52.674566, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:52.674646, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:52.674747, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:52.674827, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:52.674930, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:52.675032, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [sprinter1] [2013/11/07 14:24:52.675115, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (7->8) [2013/11/07 14:24:52.675200, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:52.675281, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:52.675370, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:52.675449, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:52.675575, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:52.675679, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:24:52.675764, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (8->7) [2013/11/07 14:24:52.675847, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (7->6) [2013/11/07 14:24:52.675931, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (6->5) [2013/11/07 14:24:52.676013, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (5->4) [2013/11/07 14:24:52.676096, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (4->3) [2013/11/07 14:24:52.676178, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (3->2) [2013/11/07 14:24:52.676261, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 19 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:52.676448, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000119-0000-0000-7b52-a4947f2c0000 result : WERR_OK [2013/11/07 14:24:52.676811, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey in: struct winreg_QueryInfoKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000119-0000-0000-7b52-a4947f2c0000 classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL [2013/11/07 14:24:52.677314, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 19 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:52.677472, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' (ops 0xb6d86bc0) [2013/11/07 14:24:52.677556, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:52.677679, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[0]: name[Attributes] len[4] [2013/11/07 14:24:52.677764, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[1]: name[Description] len[2] [2013/11/07 14:24:52.677848, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[2]: name[Datatype] len[8] [2013/11/07 14:24:52.677932, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[3]: name[Default Priority] len[4] [2013/11/07 14:24:52.678016, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[4]: name[Port] len[38] [2013/11/07 14:24:52.678101, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[5]: name[Name] len[20] [2013/11/07 14:24:52.678185, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[6]: name[Print Processor] len[18] [2013/11/07 14:24:52.678270, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[7]: name[Priority] len[4] [2013/11/07 14:24:52.678354, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[8]: name[Security] len[248] [2013/11/07 14:24:52.678453, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[9]: name[Share Name] len[20] [2013/11/07 14:24:52.678539, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[10]: name[StartTime] len[4] [2013/11/07 14:24:52.678624, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[11]: name[UntilTime] len[4] [2013/11/07 14:24:52.678709, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[12]: name[ChangeID] len[4] [2013/11/07 14:24:52.678794, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:52.678899, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey out: struct winreg_QueryInfoKey classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL num_subkeys : * num_subkeys : 0x00000003 (3) max_subkeylen : * max_subkeylen : 0x00000022 (34) max_classlen : * max_classlen : 0x00000000 (0) num_values : * num_values : 0x0000000d (13) max_valnamelen : * max_valnamelen : 0x00000022 (34) max_valbufsize : * max_valbufsize : 0x000000f8 (248) secdescsize : * secdescsize : 0x00000078 (120) last_changed_time : * last_changed_time : NTTIME(0) result : WERR_OK [2013/11/07 14:24:52.679880, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000119-0000-0000-7b52-a4947f2c0000 enum_index : 0x00000000 (0) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:52.680766, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 19 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:52.680916, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:52.681018, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0016 (22) size : 0x0024 (36) name : * name : 'Attributes' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x48 (72) [1] : 0x10 (16) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:52.681899, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000119-0000-0000-7b52-a4947f2c0000 enum_index : 0x00000001 (1) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:52.682743, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 19 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:52.682892, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:52.682978, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0018 (24) size : 0x0024 (36) name : * name : 'Description' type : * type : REG_SZ (1) value : * value: ARRAY(2) [0] : 0x00 (0) [1] : 0x00 (0) size : * size : 0x00000002 (2) length : * length : 0x00000002 (2) result : WERR_OK [2013/11/07 14:24:52.683776, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000119-0000-0000-7b52-a4947f2c0000 enum_index : 0x00000002 (2) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:52.684649, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 19 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:52.684798, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:52.684885, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Datatype' type : * type : REG_SZ (1) value : * value: ARRAY(8) [0] : 0x52 (82) [1] : 0x00 (0) [2] : 0x41 (65) [3] : 0x00 (0) [4] : 0x57 (87) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) size : * size : 0x00000008 (8) length : * length : 0x00000008 (8) result : WERR_OK [2013/11/07 14:24:52.685915, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000119-0000-0000-7b52-a4947f2c0000 enum_index : 0x00000003 (3) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:52.686774, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 19 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:52.686926, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:52.687013, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0022 (34) size : 0x0024 (36) name : * name : 'Default Priority' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:52.687876, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000119-0000-0000-7b52-a4947f2c0000 enum_index : 0x00000004 (4) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:52.688758, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 19 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:52.688920, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:52.689006, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x000a (10) size : 0x0024 (36) name : * name : 'Port' type : * type : REG_SZ (1) value : * value: ARRAY(38) [0] : 0x53 (83) [1] : 0x00 (0) [2] : 0x61 (97) [3] : 0x00 (0) [4] : 0x6d (109) [5] : 0x00 (0) [6] : 0x62 (98) [7] : 0x00 (0) [8] : 0x61 (97) [9] : 0x00 (0) [10] : 0x20 (32) [11] : 0x00 (0) [12] : 0x50 (80) [13] : 0x00 (0) [14] : 0x72 (114) [15] : 0x00 (0) [16] : 0x69 (105) [17] : 0x00 (0) [18] : 0x6e (110) [19] : 0x00 (0) [20] : 0x74 (116) [21] : 0x00 (0) [22] : 0x65 (101) [23] : 0x00 (0) [24] : 0x72 (114) [25] : 0x00 (0) [26] : 0x20 (32) [27] : 0x00 (0) [28] : 0x50 (80) [29] : 0x00 (0) [30] : 0x6f (111) [31] : 0x00 (0) [32] : 0x72 (114) [33] : 0x00 (0) [34] : 0x74 (116) [35] : 0x00 (0) [36] : 0x00 (0) [37] : 0x00 (0) size : * size : 0x00000026 (38) length : * length : 0x00000026 (38) result : WERR_OK [2013/11/07 14:24:52.691237, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000119-0000-0000-7b52-a4947f2c0000 enum_index : 0x00000005 (5) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:52.692100, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 19 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:52.692248, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:52.692334, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x000a (10) size : 0x0024 (36) name : * name : 'Name' type : * type : REG_SZ (1) value : * value: ARRAY(20) [0] : 0x73 (115) [1] : 0x00 (0) [2] : 0x70 (112) [3] : 0x00 (0) [4] : 0x72 (114) [5] : 0x00 (0) [6] : 0x69 (105) [7] : 0x00 (0) [8] : 0x6e (110) [9] : 0x00 (0) [10] : 0x74 (116) [11] : 0x00 (0) [12] : 0x65 (101) [13] : 0x00 (0) [14] : 0x72 (114) [15] : 0x00 (0) [16] : 0x31 (49) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) size : * size : 0x00000014 (20) length : * length : 0x00000014 (20) result : WERR_OK [2013/11/07 14:24:52.693864, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000119-0000-0000-7b52-a4947f2c0000 enum_index : 0x00000006 (6) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:52.694723, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 19 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:52.694871, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:52.694958, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0020 (32) size : 0x0024 (36) name : * name : 'Print Processor' type : * type : REG_SZ (1) value : * value: ARRAY(18) [0] : 0x77 (119) [1] : 0x00 (0) [2] : 0x69 (105) [3] : 0x00 (0) [4] : 0x6e (110) [5] : 0x00 (0) [6] : 0x70 (112) [7] : 0x00 (0) [8] : 0x72 (114) [9] : 0x00 (0) [10] : 0x69 (105) [11] : 0x00 (0) [12] : 0x6e (110) [13] : 0x00 (0) [14] : 0x74 (116) [15] : 0x00 (0) [16] : 0x00 (0) [17] : 0x00 (0) size : * size : 0x00000012 (18) length : * length : 0x00000012 (18) result : WERR_OK [2013/11/07 14:24:52.696356, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000119-0000-0000-7b52-a4947f2c0000 enum_index : 0x00000007 (7) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:52.697241, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 19 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:52.697402, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:52.697488, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Priority' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:52.698357, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000119-0000-0000-7b52-a4947f2c0000 enum_index : 0x00000008 (8) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:52.699198, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 19 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:52.699349, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:52.699436, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Security' type : * type : REG_BINARY (3) value : * value: ARRAY(248) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0xc4 (196) [55] : 0x00 (0) [56] : 0x07 (7) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x24 (36) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x05 (5) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x15 (21) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0xcd (205) [101] : 0x0e (14) [102] : 0x37 (55) [103] : 0x41 (65) [104] : 0xea (234) [105] : 0x03 (3) [106] : 0x00 (0) [107] : 0x1d (29) [108] : 0x0e (14) [109] : 0x89 (137) [110] : 0x3c (60) [111] : 0xd2 (210) [112] : 0x00 (0) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x02 (2) [118] : 0x24 (36) [119] : 0x00 (0) [120] : 0x0c (12) [121] : 0x00 (0) [122] : 0x0f (15) [123] : 0x10 (16) [124] : 0x01 (1) [125] : 0x05 (5) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x05 (5) [132] : 0x15 (21) [133] : 0x00 (0) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0xcd (205) [137] : 0x0e (14) [138] : 0x37 (55) [139] : 0x41 (65) [140] : 0xea (234) [141] : 0x03 (3) [142] : 0x00 (0) [143] : 0x1d (29) [144] : 0x0e (14) [145] : 0x89 (137) [146] : 0x3c (60) [147] : 0xd2 (210) [148] : 0x00 (0) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x09 (9) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x20 (32) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x02 (2) [178] : 0x18 (24) [179] : 0x00 (0) [180] : 0x0c (12) [181] : 0x00 (0) [182] : 0x0f (15) [183] : 0x10 (16) [184] : 0x01 (1) [185] : 0x02 (2) [186] : 0x00 (0) [187] : 0x00 (0) [188] : 0x00 (0) [189] : 0x00 (0) [190] : 0x00 (0) [191] : 0x05 (5) [192] : 0x20 (32) [193] : 0x00 (0) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x20 (32) [197] : 0x02 (2) [198] : 0x00 (0) [199] : 0x00 (0) [200] : 0x00 (0) [201] : 0x09 (9) [202] : 0x18 (24) [203] : 0x00 (0) [204] : 0x0c (12) [205] : 0x00 (0) [206] : 0x0f (15) [207] : 0x10 (16) [208] : 0x01 (1) [209] : 0x02 (2) [210] : 0x00 (0) [211] : 0x00 (0) [212] : 0x00 (0) [213] : 0x00 (0) [214] : 0x00 (0) [215] : 0x05 (5) [216] : 0x20 (32) [217] : 0x00 (0) [218] : 0x00 (0) [219] : 0x00 (0) [220] : 0x26 (38) [221] : 0x02 (2) [222] : 0x00 (0) [223] : 0x00 (0) [224] : 0x00 (0) [225] : 0x02 (2) [226] : 0x18 (24) [227] : 0x00 (0) [228] : 0x0c (12) [229] : 0x00 (0) [230] : 0x0f (15) [231] : 0x10 (16) [232] : 0x01 (1) [233] : 0x02 (2) [234] : 0x00 (0) [235] : 0x00 (0) [236] : 0x00 (0) [237] : 0x00 (0) [238] : 0x00 (0) [239] : 0x05 (5) [240] : 0x20 (32) [241] : 0x00 (0) [242] : 0x00 (0) [243] : 0x00 (0) [244] : 0x26 (38) [245] : 0x02 (2) [246] : 0x00 (0) [247] : 0x00 (0) size : * size : 0x000000f8 (248) length : * length : 0x000000f8 (248) result : WERR_OK [2013/11/07 14:24:52.710040, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000119-0000-0000-7b52-a4947f2c0000 enum_index : 0x00000009 (9) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:52.710912, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 19 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:52.711060, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:52.711148, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0016 (22) size : 0x0024 (36) name : * name : 'Share Name' type : * type : REG_SZ (1) value : * value: ARRAY(20) [0] : 0x73 (115) [1] : 0x00 (0) [2] : 0x70 (112) [3] : 0x00 (0) [4] : 0x72 (114) [5] : 0x00 (0) [6] : 0x69 (105) [7] : 0x00 (0) [8] : 0x6e (110) [9] : 0x00 (0) [10] : 0x74 (116) [11] : 0x00 (0) [12] : 0x65 (101) [13] : 0x00 (0) [14] : 0x72 (114) [15] : 0x00 (0) [16] : 0x31 (49) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) size : * size : 0x00000014 (20) length : * length : 0x00000014 (20) result : WERR_OK [2013/11/07 14:24:52.712663, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000119-0000-0000-7b52-a4947f2c0000 enum_index : 0x0000000a (10) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:52.713549, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 19 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:52.713697, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:52.713788, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0014 (20) size : 0x0024 (36) name : * name : 'StartTime' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:52.714649, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000119-0000-0000-7b52-a4947f2c0000 enum_index : 0x0000000b (11) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:52.715506, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 19 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:52.715654, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:52.715871, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0014 (20) size : 0x0024 (36) name : * name : 'UntilTime' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:52.716804, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000119-0000-0000-7b52-a4947f2c0000 enum_index : 0x0000000c (12) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:52.717680, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 19 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:52.717829, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:52.717915, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'ChangeID' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x33 (51) [1] : 0xac (172) [2] : 0x0e (14) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:52.718834, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000119-0000-0000-7b52-a4947f2c0000 value_name : * value_name: struct winreg_String name_len : 0x0020 (32) name_size : 0x0020 (32) name : * name : 'Default DevMode' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2013/11/07 14:24:52.719619, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 19 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:52.719769, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:52.719851, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2013/11/07 14:24:52.719938, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:316(_winreg_QueryValue) _winreg_QueryValue: reg_queryvalue failed with: WERR_BADFILE [2013/11/07 14:24:52.720019, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) result : WERR_BADFILE [2013/11/07 14:24:52.720505, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:24:52.721010, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2013/11/07 14:24:52.721093, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (2->3) [2013/11/07 14:24:52.721178, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2013/11/07 14:24:52.721257, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2013/11/07 14:24:52.721368, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:52.721447, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM] [2013/11/07 14:24:52.721566, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2013/11/07 14:24:52.721669, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:24:52.721757, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[3] [0000] 00 00 00 00 1A 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:52.721906, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000011a-0000-0000-7b52-a4947f2c0000 result : WERR_OK [2013/11/07 14:24:52.722249, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000011a-0000-0000-7b52-a4947f2c0000 keyname: struct winreg_String name_len : 0x008c (140) name_size : 0x008c (140) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:24:52.723249, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1A 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:52.723403, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2013/11/07 14:24:52.723485, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (3->4) [2013/11/07 14:24:52.723568, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2013/11/07 14:24:52.723662, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2013/11/07 14:24:52.723745, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:52.723824, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE] [2013/11/07 14:24:52.723933, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2013/11/07 14:24:52.724033, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2013/11/07 14:24:52.724114, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (4->5) [2013/11/07 14:24:52.724198, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:52.724277, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:52.724361, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:52.724469, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:52.724576, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:52.724676, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2013/11/07 14:24:52.724759, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (5->6) [2013/11/07 14:24:52.724843, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:52.724922, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:52.725006, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:52.725084, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:52.725186, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:52.725320, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2013/11/07 14:24:52.725404, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (6->7) [2013/11/07 14:24:52.725503, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:52.725583, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:52.725668, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:52.725747, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:52.725870, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2013/11/07 14:24:52.725952, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (7->8) [2013/11/07 14:24:52.726039, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:52.726119, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:52.726207, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:52.726285, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:52.726392, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2013/11/07 14:24:52.726474, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (8->9) [2013/11/07 14:24:52.726559, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:52.726640, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:52.726730, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:52.726809, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:52.726914, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:52.727016, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [sprinter1] [2013/11/07 14:24:52.727099, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (9->10) [2013/11/07 14:24:52.727198, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:52.727279, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:52.727366, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:52.727445, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:52.727557, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:52.727659, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:24:52.727744, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (10->9) [2013/11/07 14:24:52.727828, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (9->8) [2013/11/07 14:24:52.727911, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (8->7) [2013/11/07 14:24:52.727994, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (7->6) [2013/11/07 14:24:52.728077, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (6->5) [2013/11/07 14:24:52.728161, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (5->4) [2013/11/07 14:24:52.728245, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[4] [0000] 00 00 00 00 1B 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:52.728422, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000011b-0000-0000-7b52-a4947f2c0000 result : WERR_OK [2013/11/07 14:24:52.728776, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000011b-0000-0000-7b52-a4947f2c0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2013/11/07 14:24:52.729576, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1B 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:52.729725, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:52.729807, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2013/11/07 14:24:52.729889, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' (ops 0xb6d86bc0) [2013/11/07 14:24:52.729972, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:52.730079, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[0]: name[Attributes] len[4] [2013/11/07 14:24:52.730163, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[1]: name[Description] len[2] [2013/11/07 14:24:52.730247, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[2]: name[Datatype] len[8] [2013/11/07 14:24:52.730330, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[3]: name[Default Priority] len[4] [2013/11/07 14:24:52.730414, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[4]: name[Port] len[38] [2013/11/07 14:24:52.730499, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[5]: name[Name] len[20] [2013/11/07 14:24:52.730583, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[6]: name[Print Processor] len[18] [2013/11/07 14:24:52.730667, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[7]: name[Priority] len[4] [2013/11/07 14:24:52.730752, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[8]: name[Security] len[248] [2013/11/07 14:24:52.730837, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[9]: name[Share Name] len[20] [2013/11/07 14:24:52.730936, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[10]: name[StartTime] len[4] [2013/11/07 14:24:52.731023, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[11]: name[UntilTime] len[4] [2013/11/07 14:24:52.731107, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[12]: name[ChangeID] len[4] [2013/11/07 14:24:52.731193, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : NULL data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x00000000 (0) result : WERR_OK [2013/11/07 14:24:52.731644, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000011b-0000-0000-7b52-a4947f2c0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_BINARY (3) data : * data: ARRAY(0) data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x00000000 (0) [2013/11/07 14:24:52.732486, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1B 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:52.732635, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:52.732717, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2013/11/07 14:24:52.732805, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : * data: ARRAY(248) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0xc4 (196) [55] : 0x00 (0) [56] : 0x07 (7) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x24 (36) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x05 (5) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x15 (21) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0xcd (205) [101] : 0x0e (14) [102] : 0x37 (55) [103] : 0x41 (65) [104] : 0xea (234) [105] : 0x03 (3) [106] : 0x00 (0) [107] : 0x1d (29) [108] : 0x0e (14) [109] : 0x89 (137) [110] : 0x3c (60) [111] : 0xd2 (210) [112] : 0x00 (0) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x02 (2) [118] : 0x24 (36) [119] : 0x00 (0) [120] : 0x0c (12) [121] : 0x00 (0) [122] : 0x0f (15) [123] : 0x10 (16) [124] : 0x01 (1) [125] : 0x05 (5) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x05 (5) [132] : 0x15 (21) [133] : 0x00 (0) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0xcd (205) [137] : 0x0e (14) [138] : 0x37 (55) [139] : 0x41 (65) [140] : 0xea (234) [141] : 0x03 (3) [142] : 0x00 (0) [143] : 0x1d (29) [144] : 0x0e (14) [145] : 0x89 (137) [146] : 0x3c (60) [147] : 0xd2 (210) [148] : 0x00 (0) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x09 (9) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x20 (32) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x02 (2) [178] : 0x18 (24) [179] : 0x00 (0) [180] : 0x0c (12) [181] : 0x00 (0) [182] : 0x0f (15) [183] : 0x10 (16) [184] : 0x01 (1) [185] : 0x02 (2) [186] : 0x00 (0) [187] : 0x00 (0) [188] : 0x00 (0) [189] : 0x00 (0) [190] : 0x00 (0) [191] : 0x05 (5) [192] : 0x20 (32) [193] : 0x00 (0) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x20 (32) [197] : 0x02 (2) [198] : 0x00 (0) [199] : 0x00 (0) [200] : 0x00 (0) [201] : 0x09 (9) [202] : 0x18 (24) [203] : 0x00 (0) [204] : 0x0c (12) [205] : 0x00 (0) [206] : 0x0f (15) [207] : 0x10 (16) [208] : 0x01 (1) [209] : 0x02 (2) [210] : 0x00 (0) [211] : 0x00 (0) [212] : 0x00 (0) [213] : 0x00 (0) [214] : 0x00 (0) [215] : 0x05 (5) [216] : 0x20 (32) [217] : 0x00 (0) [218] : 0x00 (0) [219] : 0x00 (0) [220] : 0x26 (38) [221] : 0x02 (2) [222] : 0x00 (0) [223] : 0x00 (0) [224] : 0x00 (0) [225] : 0x02 (2) [226] : 0x18 (24) [227] : 0x00 (0) [228] : 0x0c (12) [229] : 0x00 (0) [230] : 0x0f (15) [231] : 0x10 (16) [232] : 0x01 (1) [233] : 0x02 (2) [234] : 0x00 (0) [235] : 0x00 (0) [236] : 0x00 (0) [237] : 0x00 (0) [238] : 0x00 (0) [239] : 0x05 (5) [240] : 0x20 (32) [241] : 0x00 (0) [242] : 0x00 (0) [243] : 0x00 (0) [244] : 0x26 (38) [245] : 0x02 (2) [246] : 0x00 (0) [247] : 0x00 (0) data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x000000f8 (248) result : WERR_OK [2013/11/07 14:24:52.743090, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000011b-0000-0000-7b52-a4947f2c0000 [2013/11/07 14:24:52.743373, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1B 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:52.743523, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1B 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:52.743670, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:24:52.743756, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (4->3) [2013/11/07 14:24:52.743839, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:24:52.744175, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000011a-0000-0000-7b52-a4947f2c0000 [2013/11/07 14:24:52.744496, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1A 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:52.744649, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1A 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:52.744800, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:24:52.744883, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (3->2) [2013/11/07 14:24:52.744964, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:24:52.745316, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000119-0000-0000-7b52-a4947f2c0000 [2013/11/07 14:24:52.745595, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 19 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:52.745746, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 19 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:52.745895, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:24:52.745984, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (2->1) [2013/11/07 14:24:52.746067, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:24:52.746401, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000118-0000-0000-7b52-a4947f2c0000 [2013/11/07 14:24:52.746694, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 18 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:52.746842, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 18 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:52.746988, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:24:52.747070, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (1->0) [2013/11/07 14:24:52.747175, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:24:52.747512, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:416(close_policy_by_pipe) Deleted handle list for RPC connection \winreg [2013/11/07 14:24:52.747727, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) spoolss_GetPrinter: struct spoolss_GetPrinter out: struct spoolss_GetPrinter info : * info : union spoolss_PrinterInfo(case 2) info2: struct spoolss_PrinterInfo2 servername : * servername : '\\SLAVER' printername : * printername : '\\SLAVER\sprinter1' sharename : * sharename : 'sprinter1' portname : * portname : 'Samba Printer Port' drivername : * drivername : '' comment : * comment : '' location : * location : '' devmode : * devmode: struct spoolss_DeviceMode devicename : '\\SLAVER\sprinter1' specversion : DMSPEC_NT4_AND_ABOVE (1025) driverversion : 0x0400 (1024) size : 0x00dc (220) __driverextra_length : 0x0000 (0) fields : 0x00014713 (83731) 1: DEVMODE_ORIENTATION 1: DEVMODE_PAPERSIZE 0: DEVMODE_PAPERLENGTH 0: DEVMODE_PAPERWIDTH 1: DEVMODE_SCALE 0: DEVMODE_POSITION 0: DEVMODE_NUP 1: DEVMODE_COPIES 1: DEVMODE_DEFAULTSOURCE 1: DEVMODE_PRINTQUALITY 0: DEVMODE_COLOR 0: DEVMODE_DUPLEX 0: DEVMODE_YRESOLUTION 1: DEVMODE_TTOPTION 0: DEVMODE_COLLATE 1: DEVMODE_FORMNAME 0: DEVMODE_LOGPIXELS 0: DEVMODE_BITSPERPEL 0: DEVMODE_PELSWIDTH 0: DEVMODE_PELSHEIGHT 0: DEVMODE_DISPLAYFLAGS 0: DEVMODE_DISPLAYFREQUENCY 0: DEVMODE_ICMMETHOD 0: DEVMODE_ICMINTENT 0: DEVMODE_MEDIATYPE 0: DEVMODE_DITHERTYPE 0: DEVMODE_PANNINGWIDTH 0: DEVMODE_PANNINGHEIGHT orientation : DMORIENT_PORTRAIT (1) papersize : DMPAPER_LETTER (1) paperlength : 0x0000 (0) paperwidth : 0x0000 (0) scale : 0x0064 (100) copies : 0x0001 (1) defaultsource : DMBIN_FORMSOURCE (15) printquality : DMRES_HIGH (65532) color : DMRES_MONOCHROME (1) duplex : DMDUP_SIMPLEX (1) yresolution : 0x0000 (0) ttoption : DMTT_SUBDEV (3) collate : DMCOLLATE_FALSE (0) formname : 'Letter' logpixels : 0x0000 (0) bitsperpel : 0x00000000 (0) pelswidth : 0x00000000 (0) pelsheight : 0x00000000 (0) displayflags : UNKNOWN_ENUM_VALUE (0) displayfrequency : 0x00000000 (0) icmmethod : UNKNOWN_ENUM_VALUE (0) icmintent : UNKNOWN_ENUM_VALUE (0) mediatype : UNKNOWN_ENUM_VALUE (0) dithertype : UNKNOWN_ENUM_VALUE (0) reserved1 : 0x00000000 (0) reserved2 : 0x00000000 (0) panningwidth : 0x00000000 (0) panningheight : 0x00000000 (0) driverextra_data : DATA_BLOB length=0 sepfile : * sepfile : '' printprocessor : * printprocessor : 'winprint' datatype : * datatype : 'RAW' parameters : * parameters : '' secdesc : * secdesc: struct security_descriptor revision : SECURITY_DESCRIPTOR_REVISION_1 (1) type : 0x8004 (32772) 0: SEC_DESC_OWNER_DEFAULTED 0: SEC_DESC_GROUP_DEFAULTED 1: SEC_DESC_DACL_PRESENT 0: SEC_DESC_DACL_DEFAULTED 0: SEC_DESC_SACL_PRESENT 0: SEC_DESC_SACL_DEFAULTED 0: SEC_DESC_DACL_TRUSTED 0: SEC_DESC_SERVER_SECURITY 0: SEC_DESC_DACL_AUTO_INHERIT_REQ 0: SEC_DESC_SACL_AUTO_INHERIT_REQ 0: SEC_DESC_DACL_AUTO_INHERITED 0: SEC_DESC_SACL_AUTO_INHERITED 0: SEC_DESC_DACL_PROTECTED 0: SEC_DESC_SACL_PROTECTED 0: SEC_DESC_RM_CONTROL_VALID 1: SEC_DESC_SELF_RELATIVE owner_sid : * owner_sid : S-1-5-32-544 group_sid : * group_sid : S-1-5-32-544 sacl : NULL dacl : * dacl: struct security_acl revision : SECURITY_ACL_REVISION_NT4 (2) size : 0x00c4 (196) num_aces : 0x00000007 (7) aces: ARRAY(7) aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0014 (20) access_mask : 0x20020008 (537001992) object : union security_ace_object_ctr(case 0) trustee : S-1-1-0 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x09 (9) 1: SEC_ACE_FLAG_OBJECT_INHERIT 0: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 1: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0024 (36) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-21-1094127309-486540266-3527182606-512 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0024 (36) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-21-1094127309-486540266-3527182606-512 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x09 (9) 1: SEC_ACE_FLAG_OBJECT_INHERIT 0: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 1: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-544 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-544 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x09 (9) 1: SEC_ACE_FLAG_OBJECT_INHERIT 0: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 1: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-550 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-550 attributes : 0x00001048 (4168) 0: PRINTER_ATTRIBUTE_QUEUED 0: PRINTER_ATTRIBUTE_DIRECT 0: PRINTER_ATTRIBUTE_DEFAULT 1: PRINTER_ATTRIBUTE_SHARED 0: PRINTER_ATTRIBUTE_NETWORK 0: PRINTER_ATTRIBUTE_HIDDEN 1: PRINTER_ATTRIBUTE_LOCAL 0: PRINTER_ATTRIBUTE_ENABLE_DEVQ 0: PRINTER_ATTRIBUTE_KEEPPRINTEDJOBS 0: PRINTER_ATTRIBUTE_DO_COMPLETE_FIRST 0: PRINTER_ATTRIBUTE_WORK_OFFLINE 0: PRINTER_ATTRIBUTE_ENABLE_BIDI 1: PRINTER_ATTRIBUTE_RAW_ONLY 0: PRINTER_ATTRIBUTE_PUBLISHED 0: PRINTER_ATTRIBUTE_FAX 0: PRINTER_ATTRIBUTE_TS priority : 0x00000001 (1) defaultpriority : 0x00000001 (1) starttime : 0x00000000 (0) untiltime : 0x00000000 (0) status : 0x00000000 (0) 0: PRINTER_STATUS_PAUSED 0: PRINTER_STATUS_ERROR 0: PRINTER_STATUS_PENDING_DELETION 0: PRINTER_STATUS_PAPER_JAM 0: PRINTER_STATUS_PAPER_OUT 0: PRINTER_STATUS_MANUAL_FEED 0: PRINTER_STATUS_PAPER_PROBLEM 0: PRINTER_STATUS_OFFLINE 0: PRINTER_STATUS_IO_ACTIVE 0: PRINTER_STATUS_BUSY 0: PRINTER_STATUS_PRINTING 0: PRINTER_STATUS_OUTPUT_BIN_FULL 0: PRINTER_STATUS_NOT_AVAILABLE 0: PRINTER_STATUS_WAITING 0: PRINTER_STATUS_PROCESSING 0: PRINTER_STATUS_INITIALIZING 0: PRINTER_STATUS_WARMING_UP 0: PRINTER_STATUS_TONER_LOW 0: PRINTER_STATUS_NO_TONER 0: PRINTER_STATUS_PAGE_PUNT 0: PRINTER_STATUS_USER_INTERVENTION 0: PRINTER_STATUS_OUT_OF_MEMORY 0: PRINTER_STATUS_DOOR_OPEN 0: PRINTER_STATUS_SERVER_UNKNOWN 0: PRINTER_STATUS_POWER_SAVE cjobs : 0x00000000 (0) averageppm : 0x00000000 (0) needed : * needed : 0x000002f0 (752) result : WERR_OK [2013/11/07 14:24:52.759225, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1417(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2013/11/07 14:24:52.759353, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (2016, 5001) - sec_ctx_stack_ndx = 0 [2013/11/07 14:24:52.759440, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 4140 smbd_smb2_request_pending_queue: req->current_idx = 1 req->in.vector[0].iov_len = 0 req->in.vector[1].iov_len = 0 req->in.vector[2].iov_len = 64 req->in.vector[3].iov_len = 56 req->in.vector[4].iov_len = 4156 req->out.vector[0].iov_len = 4 req->out.vector[1].iov_len = 0 req->out.vector[2].iov_len = 64 req->out.vector[3].iov_len = 8 req->out.vector[4].iov_len = 0 [2013/11/07 14:24:52.759945, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:128(smbd_smb2_ioctl_pipe_write_done) smbd_smb2_ioctl_pipe_write_done: received 4156 [2013/11/07 14:24:52.760030, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:149(smbd_smb2_ioctl_pipe_write_done) smbd_smb2_ioctl_pipe_write_done: issuing np_read_send of size 4136 [2013/11/07 14:24:52.760116, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) name: \spoolss len: 4136 [2013/11/07 14:24:52.760199, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:347(read_from_internal_pipe) read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 4112. [2013/11/07 14:24:52.760310, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x1028 (4136) auth_length : 0x0000 (0) call_id : 0x00000004 (4) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00001010 (4112) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=4112 [0000] 04 00 02 00 00 10 00 00 EE 0F 00 00 C8 0F 00 00 ........ ........ [0010] B4 0F 00 00 8E 0F 00 00 8C 0F 00 00 8A 0F 00 00 ........ ........ [0020] 88 0F 00 00 8C 0E 00 00 86 0F 00 00 74 0F 00 00 ........ ....t... [0030] 6C 0F 00 00 6A 0F 00 00 94 0D 00 00 48 10 00 00 l...j... ....H... [0040] 01 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 01 00 04 80 ........ ........ [0DA0] D8 00 00 00 E8 00 00 00 00 00 00 00 14 00 00 00 ........ ........ [0DB0] 02 00 C4 00 07 00 00 00 00 02 14 00 08 00 02 20 ........ ....... [0DC0] 01 01 00 00 00 00 00 01 00 00 00 00 00 09 24 00 ........ ......$. [0DD0] 0C 00 0F 10 01 05 00 00 00 00 00 05 15 00 00 00 ........ ........ [0DE0] CD 0E 37 41 EA 03 00 1D 0E 89 3C D2 00 02 00 00 ..7A.... ..<..... [0DF0] 00 02 24 00 0C 00 0F 10 01 05 00 00 00 00 00 05 ..$..... ........ [0E00] 15 00 00 00 CD 0E 37 41 EA 03 00 1D 0E 89 3C D2 ......7A ......<. [0E10] 00 02 00 00 00 09 18 00 0C 00 0F 10 01 02 00 00 ........ ........ [0E20] 00 00 00 05 20 00 00 00 20 02 00 00 00 02 18 00 .... ... ....... [0E30] 0C 00 0F 10 01 02 00 00 00 00 00 05 20 00 00 00 ........ .... ... [0E40] 20 02 00 00 00 09 18 00 0C 00 0F 10 01 02 00 00 ....... ........ [0E50] 00 00 00 05 20 00 00 00 26 02 00 00 00 02 18 00 .... ... &....... [0E60] 0C 00 0F 10 01 02 00 00 00 00 00 05 20 00 00 00 ........ .... ... [0E70] 26 02 00 00 01 02 00 00 00 00 00 05 20 00 00 00 &....... .... ... [0E80] 20 02 00 00 01 02 00 00 00 00 00 05 20 00 00 00 ....... .... ... [0E90] 20 02 00 00 5C 00 5C 00 53 00 4C 00 41 00 56 00 ...\.\. S.L.A.V. [0EA0] 45 00 52 00 5C 00 73 00 70 00 72 00 69 00 6E 00 E.R.\.s. p.r.i.n. [0EB0] 74 00 65 00 72 00 31 00 00 00 00 00 00 00 00 00 t.e.r.1. ........ [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0ED0] 00 00 00 00 01 04 00 04 DC 00 00 00 13 47 01 00 ........ .....G.. [0EE0] 01 00 01 00 00 00 00 00 64 00 01 00 0F 00 FC FF ........ d....... [0EF0] 01 00 01 00 00 00 03 00 00 00 4C 00 65 00 74 00 ........ ..L.e.t. [0F00] 74 00 65 00 72 00 00 00 00 00 00 00 00 00 00 00 t.e.r... ........ [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F70] 00 00 00 00 52 00 41 00 57 00 00 00 77 00 69 00 ....R.A. W...w.i. [0F80] 6E 00 70 00 72 00 69 00 6E 00 74 00 00 00 00 00 n.p.r.i. n.t..... [0F90] 00 00 00 00 00 00 53 00 61 00 6D 00 62 00 61 00 ......S. a.m.b.a. [0FA0] 20 00 50 00 72 00 69 00 6E 00 74 00 65 00 72 00 .P.r.i. n.t.e.r. [0FB0] 20 00 50 00 6F 00 72 00 74 00 00 00 73 00 70 00 .P.o.r. t...s.p. [0FC0] 72 00 69 00 6E 00 74 00 65 00 72 00 31 00 00 00 r.i.n.t. e.r.1... [0FD0] 5C 00 5C 00 53 00 4C 00 41 00 56 00 45 00 52 00 \.\.S.L. A.V.E.R. [0FE0] 5C 00 73 00 70 00 72 00 69 00 6E 00 74 00 65 00 \.s.p.r. i.n.t.e. [0FF0] 72 00 31 00 00 00 5C 00 5C 00 53 00 4C 00 41 00 r.1...\. \.S.L.A. [1000] 56 00 45 00 52 00 00 00 F0 02 00 00 00 00 00 00 V.E.R... ........ [2013/11/07 14:24:52.778840, 3, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) free_pipe_context: destroying talloc pool of size 1258 [2013/11/07 14:24:52.778959, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 4136 bytes. There is no more data outstanding [2013/11/07 14:24:52.779042, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:178(smbd_smb2_ioctl_pipe_read_done) smbd_smb2_ioctl_pipe_read_done: np_read_recv nread = 4136 is_data_outstanding = 0, status = NT_STATUS_OK [2013/11/07 14:24:52.779132, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl.c:291(smbd_smb2_request_ioctl_done) smbd_smb2_request_ioctl_done: smbd_smb2_ioctl_recv returned 4136 status NT_STATUS_OK [2013/11/07 14:24:52.779216, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[48] dyn[yes:4136] at ../source3/smbd/smb2_ioctl.c:358 [2013/11/07 14:24:52.779303, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/171/127 [2013/11/07 14:24:52.783859, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) smbd_smb2_request_incoming: idx[1] of 5 vectors [2013/11/07 14:24:52.784199, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) smb2_validate_sequence_number: clearing id 171 (position 171) from bitmap [2013/11/07 14:24:52.784482, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) smbd_smb2_request_dispatch: opcode[SMB2_OP_IOCTL] mid = 171 [2013/11/07 14:24:52.784780, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2013/11/07 14:24:52.785002, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) mid 171, CreditCharge: 1, NeededCharge: 1 [2013/11/07 14:24:52.785225, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl.c:394(smbd_smb2_ioctl_send) smbd_smb2_ioctl: ctl_code[0x0011c017] spoolss, fnum 3571729150 [2013/11/07 14:24:52.785550, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:59(smb2_ioctl_named_pipe) smbd_smb2_ioctl_send: np_write_send of size 4156 [2013/11/07 14:24:52.785758, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 4156 [2013/11/07 14:24:52.785963, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 4156 [2013/11/07 14:24:52.786212, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 4156 [2013/11/07 14:24:52.786417, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) fill_rpc_header: data_to_copy = 4156, len_needed_to_complete_hdr = 16, receive_len = 0 [2013/11/07 14:24:52.786634, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 16 [2013/11/07 14:24:52.786833, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 4140 [2013/11/07 14:24:52.787031, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 4140 [2013/11/07 14:24:52.787245, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 0 [2013/11/07 14:24:52.787442, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 4140 [2013/11/07 14:24:52.787651, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 4140, incoming data = 4140 [2013/11/07 14:24:52.787861, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) PDU is in Little Endian format! [2013/11/07 14:24:52.788088, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x103c (4156) auth_length : 0x0000 (0) call_id : 0x00000005 (5) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x00001024 (4132) context_id : 0x0000 (0) opnum : 0x0008 (8) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=4132 [0000] 00 00 00 00 0F 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 02 00 00 00 00 00 02 00 00 10 00 00 .,...... ........ [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1020] 00 10 00 00 .... [2013/11/07 14:24:52.812429, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) Processing packet type 0 [2013/11/07 14:24:52.812517, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1472(dcesrv_auth_request) Checking request auth. [2013/11/07 14:24:52.812610, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(2016, 5001) : sec_ctx_stack_ndx = 1 [2013/11/07 14:24:52.812701, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (2016, 5001) - sec_ctx_stack_ndx = 1 [2013/11/07 14:24:52.812785, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (7): SID[ 0]: S-1-5-21-1094127309-486540266-3527182606-1118 SID[ 1]: S-1-5-21-1094127309-486540266-3527182606-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-32-545 SID[ 6]: S-1-5-32-554 Privileges (0x 800000): Privilege[ 0]: SeChangeNotifyPrivilege Rights (0x 400): Right[ 0]: SeRemoteInteractiveLogonRight [2013/11/07 14:24:52.813310, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 2016 Primary group is 5001 and contains 6 supplementary groups Group[ 0]: 5001 Group[ 1]: 5012 Group[ 2]: 5032 Group[ 3]: 5010 Group[ 4]: 5067 Group[ 5]: 5052 [2013/11/07 14:24:52.813661, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1324(api_pipe_request) Requested \spoolss rpc service [2013/11/07 14:24:52.813750, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1356(api_rpcTNP) api_rpcTNP: \spoolss op 0x8 - api_rpcTNP: rpc command: SPOOLSS_GETPRINTER [2013/11/07 14:24:52.813835, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1390(api_rpcTNP) api_rpc_cmds[8].fn == 0xb766e000 [2013/11/07 14:24:52.813925, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) spoolss_GetPrinter: struct spoolss_GetPrinter in: struct spoolss_GetPrinter handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000010f-0000-0000-7b52-a4947f2c0000 level : 0x00000002 (2) buffer : * buffer : DATA_BLOB length=4096 [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ offered : 0x00001000 (4096) [2013/11/07 14:24:52.831450, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0F 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:52.831608, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0F 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:52.831757, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:489(get_printer_snum) short name:sprinter1 [2013/11/07 14:24:52.831943, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) Create pipe requested \winreg [2013/11/07 14:24:52.832038, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:221(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \winreg [2013/11/07 14:24:52.832121, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg [2013/11/07 14:24:52.832264, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) Created internal pipe \winreg [2013/11/07 14:24:52.832380, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:24:52.832959, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2013/11/07 14:24:52.833045, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(2016, 5001) : sec_ctx_stack_ndx = 2 [2013/11/07 14:24:52.833133, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:485(push_conn_ctx) push_conn_ctx(2620291195) : conn_ctx_stack_ndx = 0 [2013/11/07 14:24:52.833214, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/11/07 14:24:52.833323, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/11/07 14:24:52.833404, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/11/07 14:24:52.833658, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (2016, 5001) - sec_ctx_stack_ndx = 1 [2013/11/07 14:24:52.833744, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:866(regdb_open) regdb_open: registry db opened. refcount reset (1) [2013/11/07 14:24:52.833831, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2013/11/07 14:24:52.833911, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2013/11/07 14:24:52.833994, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:52.834073, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM] [2013/11/07 14:24:52.834202, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2013/11/07 14:24:52.834306, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:24:52.834395, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 1C 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:52.834547, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000011c-0000-0000-7b52-a4947f2c0000 result : WERR_OK [2013/11/07 14:24:52.834909, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000011c-0000-0000-7b52-a4947f2c0000 keyname: struct winreg_String name_len : 0x008c (140) name_size : 0x008c (140) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:24:52.835921, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1C 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:52.836075, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2013/11/07 14:24:52.836157, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (1->2) [2013/11/07 14:24:52.836240, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2013/11/07 14:24:52.836318, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2013/11/07 14:24:52.836442, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:52.836524, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE] [2013/11/07 14:24:52.836636, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2013/11/07 14:24:52.836737, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2013/11/07 14:24:52.836819, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (2->3) [2013/11/07 14:24:52.836903, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:52.836982, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:52.837065, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:52.837144, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:52.837248, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:52.837376, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2013/11/07 14:24:52.837458, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (3->4) [2013/11/07 14:24:52.837542, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:52.837621, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:52.837704, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:52.837783, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:52.837884, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:52.837988, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2013/11/07 14:24:52.838069, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (4->5) [2013/11/07 14:24:52.838153, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:52.838232, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:52.838317, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:52.838396, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:52.838520, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2013/11/07 14:24:52.838603, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (5->6) [2013/11/07 14:24:52.838687, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:52.838768, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:52.838856, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:52.838935, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:52.839043, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2013/11/07 14:24:52.839140, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (6->7) [2013/11/07 14:24:52.839226, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:52.839306, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:52.839394, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:52.839472, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:52.839576, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:52.839678, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [sprinter1] [2013/11/07 14:24:52.839760, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (7->8) [2013/11/07 14:24:52.839845, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:52.839926, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:52.840014, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:52.840094, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:52.840220, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:52.840325, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:24:52.840447, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (8->7) [2013/11/07 14:24:52.840532, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (7->6) [2013/11/07 14:24:52.840617, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (6->5) [2013/11/07 14:24:52.840699, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (5->4) [2013/11/07 14:24:52.840795, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (4->3) [2013/11/07 14:24:52.840878, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (3->2) [2013/11/07 14:24:52.840962, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 1D 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:52.841110, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000011d-0000-0000-7b52-a4947f2c0000 result : WERR_OK [2013/11/07 14:24:52.841476, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey in: struct winreg_QueryInfoKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000011d-0000-0000-7b52-a4947f2c0000 classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL [2013/11/07 14:24:52.841947, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1D 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:52.842103, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' (ops 0xb6d86bc0) [2013/11/07 14:24:52.842186, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:52.842305, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[0]: name[Attributes] len[4] [2013/11/07 14:24:52.842390, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[1]: name[Description] len[2] [2013/11/07 14:24:52.842473, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[2]: name[Datatype] len[8] [2013/11/07 14:24:52.842557, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[3]: name[Default Priority] len[4] [2013/11/07 14:24:52.842641, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[4]: name[Port] len[38] [2013/11/07 14:24:52.842726, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[5]: name[Name] len[20] [2013/11/07 14:24:52.842824, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[6]: name[Print Processor] len[18] [2013/11/07 14:24:52.842908, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[7]: name[Priority] len[4] [2013/11/07 14:24:52.842993, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[8]: name[Security] len[248] [2013/11/07 14:24:52.843077, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[9]: name[Share Name] len[20] [2013/11/07 14:24:52.843161, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[10]: name[StartTime] len[4] [2013/11/07 14:24:52.843246, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[11]: name[UntilTime] len[4] [2013/11/07 14:24:52.843331, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[12]: name[ChangeID] len[4] [2013/11/07 14:24:52.843416, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:52.843520, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey out: struct winreg_QueryInfoKey classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL num_subkeys : * num_subkeys : 0x00000003 (3) max_subkeylen : * max_subkeylen : 0x00000022 (34) max_classlen : * max_classlen : 0x00000000 (0) num_values : * num_values : 0x0000000d (13) max_valnamelen : * max_valnamelen : 0x00000022 (34) max_valbufsize : * max_valbufsize : 0x000000f8 (248) secdescsize : * secdescsize : 0x00000078 (120) last_changed_time : * last_changed_time : NTTIME(0) result : WERR_OK [2013/11/07 14:24:52.844538, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000011d-0000-0000-7b52-a4947f2c0000 enum_index : 0x00000000 (0) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:52.845431, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1D 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:52.845580, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:52.845673, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0016 (22) size : 0x0024 (36) name : * name : 'Attributes' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x48 (72) [1] : 0x10 (16) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:52.846540, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000011d-0000-0000-7b52-a4947f2c0000 enum_index : 0x00000001 (1) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:52.847433, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1D 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:52.847582, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:52.847669, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0018 (24) size : 0x0024 (36) name : * name : 'Description' type : * type : REG_SZ (1) value : * value: ARRAY(2) [0] : 0x00 (0) [1] : 0x00 (0) size : * size : 0x00000002 (2) length : * length : 0x00000002 (2) result : WERR_OK [2013/11/07 14:24:52.848503, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000011d-0000-0000-7b52-a4947f2c0000 enum_index : 0x00000002 (2) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:52.849361, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1D 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:52.849509, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:52.849596, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Datatype' type : * type : REG_SZ (1) value : * value: ARRAY(8) [0] : 0x52 (82) [1] : 0x00 (0) [2] : 0x41 (65) [3] : 0x00 (0) [4] : 0x57 (87) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) size : * size : 0x00000008 (8) length : * length : 0x00000008 (8) result : WERR_OK [2013/11/07 14:24:52.850623, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000011d-0000-0000-7b52-a4947f2c0000 enum_index : 0x00000003 (3) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:52.851464, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1D 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:52.851685, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:52.851777, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0022 (34) size : 0x0024 (36) name : * name : 'Default Priority' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:52.852670, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000011d-0000-0000-7b52-a4947f2c0000 enum_index : 0x00000004 (4) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:52.853555, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1D 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:52.853704, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:52.853790, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x000a (10) size : 0x0024 (36) name : * name : 'Port' type : * type : REG_SZ (1) value : * value: ARRAY(38) [0] : 0x53 (83) [1] : 0x00 (0) [2] : 0x61 (97) [3] : 0x00 (0) [4] : 0x6d (109) [5] : 0x00 (0) [6] : 0x62 (98) [7] : 0x00 (0) [8] : 0x61 (97) [9] : 0x00 (0) [10] : 0x20 (32) [11] : 0x00 (0) [12] : 0x50 (80) [13] : 0x00 (0) [14] : 0x72 (114) [15] : 0x00 (0) [16] : 0x69 (105) [17] : 0x00 (0) [18] : 0x6e (110) [19] : 0x00 (0) [20] : 0x74 (116) [21] : 0x00 (0) [22] : 0x65 (101) [23] : 0x00 (0) [24] : 0x72 (114) [25] : 0x00 (0) [26] : 0x20 (32) [27] : 0x00 (0) [28] : 0x50 (80) [29] : 0x00 (0) [30] : 0x6f (111) [31] : 0x00 (0) [32] : 0x72 (114) [33] : 0x00 (0) [34] : 0x74 (116) [35] : 0x00 (0) [36] : 0x00 (0) [37] : 0x00 (0) size : * size : 0x00000026 (38) length : * length : 0x00000026 (38) result : WERR_OK [2013/11/07 14:24:52.855985, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000011d-0000-0000-7b52-a4947f2c0000 enum_index : 0x00000005 (5) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:52.856858, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1D 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:52.857006, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:52.857092, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x000a (10) size : 0x0024 (36) name : * name : 'Name' type : * type : REG_SZ (1) value : * value: ARRAY(20) [0] : 0x73 (115) [1] : 0x00 (0) [2] : 0x70 (112) [3] : 0x00 (0) [4] : 0x72 (114) [5] : 0x00 (0) [6] : 0x69 (105) [7] : 0x00 (0) [8] : 0x6e (110) [9] : 0x00 (0) [10] : 0x74 (116) [11] : 0x00 (0) [12] : 0x65 (101) [13] : 0x00 (0) [14] : 0x72 (114) [15] : 0x00 (0) [16] : 0x31 (49) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) size : * size : 0x00000014 (20) length : * length : 0x00000014 (20) result : WERR_OK [2013/11/07 14:24:52.858619, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000011d-0000-0000-7b52-a4947f2c0000 enum_index : 0x00000006 (6) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:52.859464, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1D 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:52.859612, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:52.859699, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0020 (32) size : 0x0024 (36) name : * name : 'Print Processor' type : * type : REG_SZ (1) value : * value: ARRAY(18) [0] : 0x77 (119) [1] : 0x00 (0) [2] : 0x69 (105) [3] : 0x00 (0) [4] : 0x6e (110) [5] : 0x00 (0) [6] : 0x70 (112) [7] : 0x00 (0) [8] : 0x72 (114) [9] : 0x00 (0) [10] : 0x69 (105) [11] : 0x00 (0) [12] : 0x6e (110) [13] : 0x00 (0) [14] : 0x74 (116) [15] : 0x00 (0) [16] : 0x00 (0) [17] : 0x00 (0) size : * size : 0x00000012 (18) length : * length : 0x00000012 (18) result : WERR_OK [2013/11/07 14:24:52.861127, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000011d-0000-0000-7b52-a4947f2c0000 enum_index : 0x00000007 (7) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:52.861999, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1D 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:52.862147, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:52.862233, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Priority' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:52.863099, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000011d-0000-0000-7b52-a4947f2c0000 enum_index : 0x00000008 (8) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:52.863952, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1D 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:52.864103, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:52.864190, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Security' type : * type : REG_BINARY (3) value : * value: ARRAY(248) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0xc4 (196) [55] : 0x00 (0) [56] : 0x07 (7) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x24 (36) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x05 (5) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x15 (21) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0xcd (205) [101] : 0x0e (14) [102] : 0x37 (55) [103] : 0x41 (65) [104] : 0xea (234) [105] : 0x03 (3) [106] : 0x00 (0) [107] : 0x1d (29) [108] : 0x0e (14) [109] : 0x89 (137) [110] : 0x3c (60) [111] : 0xd2 (210) [112] : 0x00 (0) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x02 (2) [118] : 0x24 (36) [119] : 0x00 (0) [120] : 0x0c (12) [121] : 0x00 (0) [122] : 0x0f (15) [123] : 0x10 (16) [124] : 0x01 (1) [125] : 0x05 (5) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x05 (5) [132] : 0x15 (21) [133] : 0x00 (0) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0xcd (205) [137] : 0x0e (14) [138] : 0x37 (55) [139] : 0x41 (65) [140] : 0xea (234) [141] : 0x03 (3) [142] : 0x00 (0) [143] : 0x1d (29) [144] : 0x0e (14) [145] : 0x89 (137) [146] : 0x3c (60) [147] : 0xd2 (210) [148] : 0x00 (0) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x09 (9) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x20 (32) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x02 (2) [178] : 0x18 (24) [179] : 0x00 (0) [180] : 0x0c (12) [181] : 0x00 (0) [182] : 0x0f (15) [183] : 0x10 (16) [184] : 0x01 (1) [185] : 0x02 (2) [186] : 0x00 (0) [187] : 0x00 (0) [188] : 0x00 (0) [189] : 0x00 (0) [190] : 0x00 (0) [191] : 0x05 (5) [192] : 0x20 (32) [193] : 0x00 (0) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x20 (32) [197] : 0x02 (2) [198] : 0x00 (0) [199] : 0x00 (0) [200] : 0x00 (0) [201] : 0x09 (9) [202] : 0x18 (24) [203] : 0x00 (0) [204] : 0x0c (12) [205] : 0x00 (0) [206] : 0x0f (15) [207] : 0x10 (16) [208] : 0x01 (1) [209] : 0x02 (2) [210] : 0x00 (0) [211] : 0x00 (0) [212] : 0x00 (0) [213] : 0x00 (0) [214] : 0x00 (0) [215] : 0x05 (5) [216] : 0x20 (32) [217] : 0x00 (0) [218] : 0x00 (0) [219] : 0x00 (0) [220] : 0x26 (38) [221] : 0x02 (2) [222] : 0x00 (0) [223] : 0x00 (0) [224] : 0x00 (0) [225] : 0x02 (2) [226] : 0x18 (24) [227] : 0x00 (0) [228] : 0x0c (12) [229] : 0x00 (0) [230] : 0x0f (15) [231] : 0x10 (16) [232] : 0x01 (1) [233] : 0x02 (2) [234] : 0x00 (0) [235] : 0x00 (0) [236] : 0x00 (0) [237] : 0x00 (0) [238] : 0x00 (0) [239] : 0x05 (5) [240] : 0x20 (32) [241] : 0x00 (0) [242] : 0x00 (0) [243] : 0x00 (0) [244] : 0x26 (38) [245] : 0x02 (2) [246] : 0x00 (0) [247] : 0x00 (0) size : * size : 0x000000f8 (248) length : * length : 0x000000f8 (248) result : WERR_OK [2013/11/07 14:24:52.874654, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000011d-0000-0000-7b52-a4947f2c0000 enum_index : 0x00000009 (9) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:52.875528, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1D 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:52.875677, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:52.875764, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0016 (22) size : 0x0024 (36) name : * name : 'Share Name' type : * type : REG_SZ (1) value : * value: ARRAY(20) [0] : 0x73 (115) [1] : 0x00 (0) [2] : 0x70 (112) [3] : 0x00 (0) [4] : 0x72 (114) [5] : 0x00 (0) [6] : 0x69 (105) [7] : 0x00 (0) [8] : 0x6e (110) [9] : 0x00 (0) [10] : 0x74 (116) [11] : 0x00 (0) [12] : 0x65 (101) [13] : 0x00 (0) [14] : 0x72 (114) [15] : 0x00 (0) [16] : 0x31 (49) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) size : * size : 0x00000014 (20) length : * length : 0x00000014 (20) result : WERR_OK [2013/11/07 14:24:52.877274, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000011d-0000-0000-7b52-a4947f2c0000 enum_index : 0x0000000a (10) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:52.878147, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1D 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:52.878294, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:52.878381, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0014 (20) size : 0x0024 (36) name : * name : 'StartTime' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:52.879241, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000011d-0000-0000-7b52-a4947f2c0000 enum_index : 0x0000000b (11) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:52.880095, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1D 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:52.880258, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:52.880344, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0014 (20) size : 0x0024 (36) name : * name : 'UntilTime' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:52.881237, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000011d-0000-0000-7b52-a4947f2c0000 enum_index : 0x0000000c (12) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:52.882115, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1D 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:52.882263, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:52.882352, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'ChangeID' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x33 (51) [1] : 0xac (172) [2] : 0x0e (14) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:52.883289, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000011d-0000-0000-7b52-a4947f2c0000 value_name : * value_name: struct winreg_String name_len : 0x0020 (32) name_size : 0x0020 (32) name : * name : 'Default DevMode' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2013/11/07 14:24:52.884059, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1D 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:52.884208, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:52.884290, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2013/11/07 14:24:52.884377, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:316(_winreg_QueryValue) _winreg_QueryValue: reg_queryvalue failed with: WERR_BADFILE [2013/11/07 14:24:52.884487, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) result : WERR_BADFILE [2013/11/07 14:24:52.884943, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:24:52.885475, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2013/11/07 14:24:52.885559, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (2->3) [2013/11/07 14:24:52.885644, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2013/11/07 14:24:52.885723, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2013/11/07 14:24:52.885806, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:52.885885, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM] [2013/11/07 14:24:52.886005, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2013/11/07 14:24:52.886108, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:24:52.886197, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[3] [0000] 00 00 00 00 1E 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:52.886345, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000011e-0000-0000-7b52-a4947f2c0000 result : WERR_OK [2013/11/07 14:24:52.886688, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000011e-0000-0000-7b52-a4947f2c0000 keyname: struct winreg_String name_len : 0x008c (140) name_size : 0x008c (140) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:24:52.887686, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1E 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:52.887855, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2013/11/07 14:24:52.887937, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (3->4) [2013/11/07 14:24:52.888020, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2013/11/07 14:24:52.888099, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2013/11/07 14:24:52.888183, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:52.888261, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE] [2013/11/07 14:24:52.888370, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2013/11/07 14:24:52.888500, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2013/11/07 14:24:52.888582, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (4->5) [2013/11/07 14:24:52.888666, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:52.888745, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:52.888828, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:52.888907, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:52.889014, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:52.889113, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2013/11/07 14:24:52.889196, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (5->6) [2013/11/07 14:24:52.889292, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:52.889373, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:52.889457, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:52.889535, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:52.889651, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:52.889751, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2013/11/07 14:24:52.889832, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (6->7) [2013/11/07 14:24:52.889918, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:52.889997, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:52.890082, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:52.890160, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:52.890282, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2013/11/07 14:24:52.890365, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (7->8) [2013/11/07 14:24:52.890451, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:52.890532, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:52.890619, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:52.890698, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:52.890805, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2013/11/07 14:24:52.890888, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (8->9) [2013/11/07 14:24:52.890972, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:52.891053, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:52.891143, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:52.891222, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:52.891340, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:52.891442, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [sprinter1] [2013/11/07 14:24:52.891525, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (9->10) [2013/11/07 14:24:52.891610, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:52.891690, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:52.891777, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:52.891855, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:52.891967, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:52.892069, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:24:52.892153, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (10->9) [2013/11/07 14:24:52.892237, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (9->8) [2013/11/07 14:24:52.892320, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (8->7) [2013/11/07 14:24:52.892426, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (7->6) [2013/11/07 14:24:52.892512, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (6->5) [2013/11/07 14:24:52.892596, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (5->4) [2013/11/07 14:24:52.892680, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[4] [0000] 00 00 00 00 1F 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:52.892830, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000011f-0000-0000-7b52-a4947f2c0000 result : WERR_OK [2013/11/07 14:24:52.893192, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000011f-0000-0000-7b52-a4947f2c0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2013/11/07 14:24:52.893996, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1F 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:52.894145, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:52.894227, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2013/11/07 14:24:52.894310, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' (ops 0xb6d86bc0) [2013/11/07 14:24:52.894393, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:52.894504, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[0]: name[Attributes] len[4] [2013/11/07 14:24:52.894588, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[1]: name[Description] len[2] [2013/11/07 14:24:52.894671, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[2]: name[Datatype] len[8] [2013/11/07 14:24:52.894755, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[3]: name[Default Priority] len[4] [2013/11/07 14:24:52.894839, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[4]: name[Port] len[38] [2013/11/07 14:24:52.894924, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[5]: name[Name] len[20] [2013/11/07 14:24:52.895008, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[6]: name[Print Processor] len[18] [2013/11/07 14:24:52.895106, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[7]: name[Priority] len[4] [2013/11/07 14:24:52.895191, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[8]: name[Security] len[248] [2013/11/07 14:24:52.895276, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[9]: name[Share Name] len[20] [2013/11/07 14:24:52.895361, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[10]: name[StartTime] len[4] [2013/11/07 14:24:52.895446, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[11]: name[UntilTime] len[4] [2013/11/07 14:24:52.895530, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[12]: name[ChangeID] len[4] [2013/11/07 14:24:52.895616, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : NULL data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x00000000 (0) result : WERR_OK [2013/11/07 14:24:52.896067, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000011f-0000-0000-7b52-a4947f2c0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_BINARY (3) data : * data: ARRAY(0) data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x00000000 (0) [2013/11/07 14:24:52.896925, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1F 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:52.897074, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:52.897156, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2013/11/07 14:24:52.897244, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : * data: ARRAY(248) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0xc4 (196) [55] : 0x00 (0) [56] : 0x07 (7) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x24 (36) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x05 (5) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x15 (21) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0xcd (205) [101] : 0x0e (14) [102] : 0x37 (55) [103] : 0x41 (65) [104] : 0xea (234) [105] : 0x03 (3) [106] : 0x00 (0) [107] : 0x1d (29) [108] : 0x0e (14) [109] : 0x89 (137) [110] : 0x3c (60) [111] : 0xd2 (210) [112] : 0x00 (0) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x02 (2) [118] : 0x24 (36) [119] : 0x00 (0) [120] : 0x0c (12) [121] : 0x00 (0) [122] : 0x0f (15) [123] : 0x10 (16) [124] : 0x01 (1) [125] : 0x05 (5) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x05 (5) [132] : 0x15 (21) [133] : 0x00 (0) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0xcd (205) [137] : 0x0e (14) [138] : 0x37 (55) [139] : 0x41 (65) [140] : 0xea (234) [141] : 0x03 (3) [142] : 0x00 (0) [143] : 0x1d (29) [144] : 0x0e (14) [145] : 0x89 (137) [146] : 0x3c (60) [147] : 0xd2 (210) [148] : 0x00 (0) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x09 (9) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x20 (32) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x02 (2) [178] : 0x18 (24) [179] : 0x00 (0) [180] : 0x0c (12) [181] : 0x00 (0) [182] : 0x0f (15) [183] : 0x10 (16) [184] : 0x01 (1) [185] : 0x02 (2) [186] : 0x00 (0) [187] : 0x00 (0) [188] : 0x00 (0) [189] : 0x00 (0) [190] : 0x00 (0) [191] : 0x05 (5) [192] : 0x20 (32) [193] : 0x00 (0) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x20 (32) [197] : 0x02 (2) [198] : 0x00 (0) [199] : 0x00 (0) [200] : 0x00 (0) [201] : 0x09 (9) [202] : 0x18 (24) [203] : 0x00 (0) [204] : 0x0c (12) [205] : 0x00 (0) [206] : 0x0f (15) [207] : 0x10 (16) [208] : 0x01 (1) [209] : 0x02 (2) [210] : 0x00 (0) [211] : 0x00 (0) [212] : 0x00 (0) [213] : 0x00 (0) [214] : 0x00 (0) [215] : 0x05 (5) [216] : 0x20 (32) [217] : 0x00 (0) [218] : 0x00 (0) [219] : 0x00 (0) [220] : 0x26 (38) [221] : 0x02 (2) [222] : 0x00 (0) [223] : 0x00 (0) [224] : 0x00 (0) [225] : 0x02 (2) [226] : 0x18 (24) [227] : 0x00 (0) [228] : 0x0c (12) [229] : 0x00 (0) [230] : 0x0f (15) [231] : 0x10 (16) [232] : 0x01 (1) [233] : 0x02 (2) [234] : 0x00 (0) [235] : 0x00 (0) [236] : 0x00 (0) [237] : 0x00 (0) [238] : 0x00 (0) [239] : 0x05 (5) [240] : 0x20 (32) [241] : 0x00 (0) [242] : 0x00 (0) [243] : 0x00 (0) [244] : 0x26 (38) [245] : 0x02 (2) [246] : 0x00 (0) [247] : 0x00 (0) data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x000000f8 (248) result : WERR_OK [2013/11/07 14:24:52.907747, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000011f-0000-0000-7b52-a4947f2c0000 [2013/11/07 14:24:52.908035, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1F 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:52.908185, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1F 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:52.908332, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:24:52.908462, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (4->3) [2013/11/07 14:24:52.908547, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:24:52.908886, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000011e-0000-0000-7b52-a4947f2c0000 [2013/11/07 14:24:52.909165, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1E 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:52.909332, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1E 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:52.909485, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:24:52.909567, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (3->2) [2013/11/07 14:24:52.909649, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:24:52.909988, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000011d-0000-0000-7b52-a4947f2c0000 [2013/11/07 14:24:52.910269, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1D 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:52.910424, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1D 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:52.910578, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:24:52.910666, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (2->1) [2013/11/07 14:24:52.910764, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:24:52.911099, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000011c-0000-0000-7b52-a4947f2c0000 [2013/11/07 14:24:52.911378, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1C 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:52.911527, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1C 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:52.911674, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:24:52.911757, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (1->0) [2013/11/07 14:24:52.911863, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:24:52.912200, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:416(close_policy_by_pipe) Deleted handle list for RPC connection \winreg [2013/11/07 14:24:52.912470, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) spoolss_GetPrinter: struct spoolss_GetPrinter out: struct spoolss_GetPrinter info : * info : union spoolss_PrinterInfo(case 2) info2: struct spoolss_PrinterInfo2 servername : * servername : '\\SLAVER' printername : * printername : '\\SLAVER\sprinter1' sharename : * sharename : 'sprinter1' portname : * portname : 'Samba Printer Port' drivername : * drivername : '' comment : * comment : '' location : * location : '' devmode : * devmode: struct spoolss_DeviceMode devicename : '\\SLAVER\sprinter1' specversion : DMSPEC_NT4_AND_ABOVE (1025) driverversion : 0x0400 (1024) size : 0x00dc (220) __driverextra_length : 0x0000 (0) fields : 0x00014713 (83731) 1: DEVMODE_ORIENTATION 1: DEVMODE_PAPERSIZE 0: DEVMODE_PAPERLENGTH 0: DEVMODE_PAPERWIDTH 1: DEVMODE_SCALE 0: DEVMODE_POSITION 0: DEVMODE_NUP 1: DEVMODE_COPIES 1: DEVMODE_DEFAULTSOURCE 1: DEVMODE_PRINTQUALITY 0: DEVMODE_COLOR 0: DEVMODE_DUPLEX 0: DEVMODE_YRESOLUTION 1: DEVMODE_TTOPTION 0: DEVMODE_COLLATE 1: DEVMODE_FORMNAME 0: DEVMODE_LOGPIXELS 0: DEVMODE_BITSPERPEL 0: DEVMODE_PELSWIDTH 0: DEVMODE_PELSHEIGHT 0: DEVMODE_DISPLAYFLAGS 0: DEVMODE_DISPLAYFREQUENCY 0: DEVMODE_ICMMETHOD 0: DEVMODE_ICMINTENT 0: DEVMODE_MEDIATYPE 0: DEVMODE_DITHERTYPE 0: DEVMODE_PANNINGWIDTH 0: DEVMODE_PANNINGHEIGHT orientation : DMORIENT_PORTRAIT (1) papersize : DMPAPER_LETTER (1) paperlength : 0x0000 (0) paperwidth : 0x0000 (0) scale : 0x0064 (100) copies : 0x0001 (1) defaultsource : DMBIN_FORMSOURCE (15) printquality : DMRES_HIGH (65532) color : DMRES_MONOCHROME (1) duplex : DMDUP_SIMPLEX (1) yresolution : 0x0000 (0) ttoption : DMTT_SUBDEV (3) collate : DMCOLLATE_FALSE (0) formname : 'Letter' logpixels : 0x0000 (0) bitsperpel : 0x00000000 (0) pelswidth : 0x00000000 (0) pelsheight : 0x00000000 (0) displayflags : UNKNOWN_ENUM_VALUE (0) displayfrequency : 0x00000000 (0) icmmethod : UNKNOWN_ENUM_VALUE (0) icmintent : UNKNOWN_ENUM_VALUE (0) mediatype : UNKNOWN_ENUM_VALUE (0) dithertype : UNKNOWN_ENUM_VALUE (0) reserved1 : 0x00000000 (0) reserved2 : 0x00000000 (0) panningwidth : 0x00000000 (0) panningheight : 0x00000000 (0) driverextra_data : DATA_BLOB length=0 sepfile : * sepfile : '' printprocessor : * printprocessor : 'winprint' datatype : * datatype : 'RAW' parameters : * parameters : '' secdesc : * secdesc: struct security_descriptor revision : SECURITY_DESCRIPTOR_REVISION_1 (1) type : 0x8004 (32772) 0: SEC_DESC_OWNER_DEFAULTED 0: SEC_DESC_GROUP_DEFAULTED 1: SEC_DESC_DACL_PRESENT 0: SEC_DESC_DACL_DEFAULTED 0: SEC_DESC_SACL_PRESENT 0: SEC_DESC_SACL_DEFAULTED 0: SEC_DESC_DACL_TRUSTED 0: SEC_DESC_SERVER_SECURITY 0: SEC_DESC_DACL_AUTO_INHERIT_REQ 0: SEC_DESC_SACL_AUTO_INHERIT_REQ 0: SEC_DESC_DACL_AUTO_INHERITED 0: SEC_DESC_SACL_AUTO_INHERITED 0: SEC_DESC_DACL_PROTECTED 0: SEC_DESC_SACL_PROTECTED 0: SEC_DESC_RM_CONTROL_VALID 1: SEC_DESC_SELF_RELATIVE owner_sid : * owner_sid : S-1-5-32-544 group_sid : * group_sid : S-1-5-32-544 sacl : NULL dacl : * dacl: struct security_acl revision : SECURITY_ACL_REVISION_NT4 (2) size : 0x00c4 (196) num_aces : 0x00000007 (7) aces: ARRAY(7) aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0014 (20) access_mask : 0x20020008 (537001992) object : union security_ace_object_ctr(case 0) trustee : S-1-1-0 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x09 (9) 1: SEC_ACE_FLAG_OBJECT_INHERIT 0: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 1: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0024 (36) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-21-1094127309-486540266-3527182606-512 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0024 (36) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-21-1094127309-486540266-3527182606-512 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x09 (9) 1: SEC_ACE_FLAG_OBJECT_INHERIT 0: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 1: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-544 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-544 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x09 (9) 1: SEC_ACE_FLAG_OBJECT_INHERIT 0: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 1: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-550 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-550 attributes : 0x00001048 (4168) 0: PRINTER_ATTRIBUTE_QUEUED 0: PRINTER_ATTRIBUTE_DIRECT 0: PRINTER_ATTRIBUTE_DEFAULT 1: PRINTER_ATTRIBUTE_SHARED 0: PRINTER_ATTRIBUTE_NETWORK 0: PRINTER_ATTRIBUTE_HIDDEN 1: PRINTER_ATTRIBUTE_LOCAL 0: PRINTER_ATTRIBUTE_ENABLE_DEVQ 0: PRINTER_ATTRIBUTE_KEEPPRINTEDJOBS 0: PRINTER_ATTRIBUTE_DO_COMPLETE_FIRST 0: PRINTER_ATTRIBUTE_WORK_OFFLINE 0: PRINTER_ATTRIBUTE_ENABLE_BIDI 1: PRINTER_ATTRIBUTE_RAW_ONLY 0: PRINTER_ATTRIBUTE_PUBLISHED 0: PRINTER_ATTRIBUTE_FAX 0: PRINTER_ATTRIBUTE_TS priority : 0x00000001 (1) defaultpriority : 0x00000001 (1) starttime : 0x00000000 (0) untiltime : 0x00000000 (0) status : 0x00000000 (0) 0: PRINTER_STATUS_PAUSED 0: PRINTER_STATUS_ERROR 0: PRINTER_STATUS_PENDING_DELETION 0: PRINTER_STATUS_PAPER_JAM 0: PRINTER_STATUS_PAPER_OUT 0: PRINTER_STATUS_MANUAL_FEED 0: PRINTER_STATUS_PAPER_PROBLEM 0: PRINTER_STATUS_OFFLINE 0: PRINTER_STATUS_IO_ACTIVE 0: PRINTER_STATUS_BUSY 0: PRINTER_STATUS_PRINTING 0: PRINTER_STATUS_OUTPUT_BIN_FULL 0: PRINTER_STATUS_NOT_AVAILABLE 0: PRINTER_STATUS_WAITING 0: PRINTER_STATUS_PROCESSING 0: PRINTER_STATUS_INITIALIZING 0: PRINTER_STATUS_WARMING_UP 0: PRINTER_STATUS_TONER_LOW 0: PRINTER_STATUS_NO_TONER 0: PRINTER_STATUS_PAGE_PUNT 0: PRINTER_STATUS_USER_INTERVENTION 0: PRINTER_STATUS_OUT_OF_MEMORY 0: PRINTER_STATUS_DOOR_OPEN 0: PRINTER_STATUS_SERVER_UNKNOWN 0: PRINTER_STATUS_POWER_SAVE cjobs : 0x00000000 (0) averageppm : 0x00000000 (0) needed : * needed : 0x000002f0 (752) result : WERR_OK [2013/11/07 14:24:52.924344, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1417(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2013/11/07 14:24:52.924535, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (2016, 5001) - sec_ctx_stack_ndx = 0 [2013/11/07 14:24:52.924624, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 4140 smbd_smb2_request_pending_queue: req->current_idx = 1 req->in.vector[0].iov_len = 0 req->in.vector[1].iov_len = 0 req->in.vector[2].iov_len = 64 req->in.vector[3].iov_len = 56 req->in.vector[4].iov_len = 4156 req->out.vector[0].iov_len = 4 req->out.vector[1].iov_len = 0 req->out.vector[2].iov_len = 64 req->out.vector[3].iov_len = 8 req->out.vector[4].iov_len = 0 [2013/11/07 14:24:52.925133, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:128(smbd_smb2_ioctl_pipe_write_done) smbd_smb2_ioctl_pipe_write_done: received 4156 [2013/11/07 14:24:52.925233, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:149(smbd_smb2_ioctl_pipe_write_done) smbd_smb2_ioctl_pipe_write_done: issuing np_read_send of size 4136 [2013/11/07 14:24:52.925336, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) name: \spoolss len: 4136 [2013/11/07 14:24:52.925420, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:347(read_from_internal_pipe) read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 4112. [2013/11/07 14:24:52.925519, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x1028 (4136) auth_length : 0x0000 (0) call_id : 0x00000005 (5) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00001010 (4112) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=4112 [0000] 04 00 02 00 00 10 00 00 EE 0F 00 00 C8 0F 00 00 ........ ........ [0010] B4 0F 00 00 8E 0F 00 00 8C 0F 00 00 8A 0F 00 00 ........ ........ [0020] 88 0F 00 00 8C 0E 00 00 86 0F 00 00 74 0F 00 00 ........ ....t... [0030] 6C 0F 00 00 6A 0F 00 00 94 0D 00 00 48 10 00 00 l...j... ....H... [0040] 01 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 01 00 04 80 ........ ........ [0DA0] D8 00 00 00 E8 00 00 00 00 00 00 00 14 00 00 00 ........ ........ [0DB0] 02 00 C4 00 07 00 00 00 00 02 14 00 08 00 02 20 ........ ....... [0DC0] 01 01 00 00 00 00 00 01 00 00 00 00 00 09 24 00 ........ ......$. [0DD0] 0C 00 0F 10 01 05 00 00 00 00 00 05 15 00 00 00 ........ ........ [0DE0] CD 0E 37 41 EA 03 00 1D 0E 89 3C D2 00 02 00 00 ..7A.... ..<..... [0DF0] 00 02 24 00 0C 00 0F 10 01 05 00 00 00 00 00 05 ..$..... ........ [0E00] 15 00 00 00 CD 0E 37 41 EA 03 00 1D 0E 89 3C D2 ......7A ......<. [0E10] 00 02 00 00 00 09 18 00 0C 00 0F 10 01 02 00 00 ........ ........ [0E20] 00 00 00 05 20 00 00 00 20 02 00 00 00 02 18 00 .... ... ....... [0E30] 0C 00 0F 10 01 02 00 00 00 00 00 05 20 00 00 00 ........ .... ... [0E40] 20 02 00 00 00 09 18 00 0C 00 0F 10 01 02 00 00 ....... ........ [0E50] 00 00 00 05 20 00 00 00 26 02 00 00 00 02 18 00 .... ... &....... [0E60] 0C 00 0F 10 01 02 00 00 00 00 00 05 20 00 00 00 ........ .... ... [0E70] 26 02 00 00 01 02 00 00 00 00 00 05 20 00 00 00 &....... .... ... [0E80] 20 02 00 00 01 02 00 00 00 00 00 05 20 00 00 00 ....... .... ... [0E90] 20 02 00 00 5C 00 5C 00 53 00 4C 00 41 00 56 00 ...\.\. S.L.A.V. [0EA0] 45 00 52 00 5C 00 73 00 70 00 72 00 69 00 6E 00 E.R.\.s. p.r.i.n. [0EB0] 74 00 65 00 72 00 31 00 00 00 00 00 00 00 00 00 t.e.r.1. ........ [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0ED0] 00 00 00 00 01 04 00 04 DC 00 00 00 13 47 01 00 ........ .....G.. [0EE0] 01 00 01 00 00 00 00 00 64 00 01 00 0F 00 FC FF ........ d....... [0EF0] 01 00 01 00 00 00 03 00 00 00 4C 00 65 00 74 00 ........ ..L.e.t. [0F00] 74 00 65 00 72 00 00 00 00 00 00 00 00 00 00 00 t.e.r... ........ [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F70] 00 00 00 00 52 00 41 00 57 00 00 00 77 00 69 00 ....R.A. W...w.i. [0F80] 6E 00 70 00 72 00 69 00 6E 00 74 00 00 00 00 00 n.p.r.i. n.t..... [0F90] 00 00 00 00 00 00 53 00 61 00 6D 00 62 00 61 00 ......S. a.m.b.a. [0FA0] 20 00 50 00 72 00 69 00 6E 00 74 00 65 00 72 00 .P.r.i. n.t.e.r. [0FB0] 20 00 50 00 6F 00 72 00 74 00 00 00 73 00 70 00 .P.o.r. t...s.p. [0FC0] 72 00 69 00 6E 00 74 00 65 00 72 00 31 00 00 00 r.i.n.t. e.r.1... [0FD0] 5C 00 5C 00 53 00 4C 00 41 00 56 00 45 00 52 00 \.\.S.L. A.V.E.R. [0FE0] 5C 00 73 00 70 00 72 00 69 00 6E 00 74 00 65 00 \.s.p.r. i.n.t.e. [0FF0] 72 00 31 00 00 00 5C 00 5C 00 53 00 4C 00 41 00 r.1...\. \.S.L.A. [1000] 56 00 45 00 52 00 00 00 F0 02 00 00 00 00 00 00 V.E.R... ........ [2013/11/07 14:24:52.943958, 3, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) free_pipe_context: destroying talloc pool of size 1258 [2013/11/07 14:24:52.944077, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 4136 bytes. There is no more data outstanding [2013/11/07 14:24:52.944159, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:178(smbd_smb2_ioctl_pipe_read_done) smbd_smb2_ioctl_pipe_read_done: np_read_recv nread = 4136 is_data_outstanding = 0, status = NT_STATUS_OK [2013/11/07 14:24:52.944249, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl.c:291(smbd_smb2_request_ioctl_done) smbd_smb2_request_ioctl_done: smbd_smb2_ioctl_recv returned 4136 status NT_STATUS_OK [2013/11/07 14:24:52.944332, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[48] dyn[yes:4136] at ../source3/smbd/smb2_ioctl.c:358 [2013/11/07 14:24:52.944446, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/172/127 [2013/11/07 14:24:52.949388, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) smbd_smb2_request_incoming: idx[1] of 5 vectors [2013/11/07 14:24:52.949518, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) smb2_validate_sequence_number: clearing id 172 (position 172) from bitmap [2013/11/07 14:24:52.949605, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) smbd_smb2_request_dispatch: opcode[SMB2_OP_IOCTL] mid = 172 [2013/11/07 14:24:52.949716, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2013/11/07 14:24:52.949809, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) mid 172, CreditCharge: 1, NeededCharge: 1 [2013/11/07 14:24:52.949914, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl.c:394(smbd_smb2_ioctl_send) smbd_smb2_ioctl: ctl_code[0x0011c017] spoolss, fnum 3571729150 [2013/11/07 14:24:52.950004, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:59(smb2_ioctl_named_pipe) smbd_smb2_ioctl_send: np_write_send of size 4156 [2013/11/07 14:24:52.950086, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 4156 [2013/11/07 14:24:52.950167, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 4156 [2013/11/07 14:24:52.950258, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 4156 [2013/11/07 14:24:52.950339, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) fill_rpc_header: data_to_copy = 4156, len_needed_to_complete_hdr = 16, receive_len = 0 [2013/11/07 14:24:52.950422, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 16 [2013/11/07 14:24:52.950501, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 4140 [2013/11/07 14:24:52.950580, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 4140 [2013/11/07 14:24:52.950666, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 0 [2013/11/07 14:24:52.950745, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 4140 [2013/11/07 14:24:52.950824, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 4140, incoming data = 4140 [2013/11/07 14:24:52.950909, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) PDU is in Little Endian format! [2013/11/07 14:24:52.951003, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x103c (4156) auth_length : 0x0000 (0) call_id : 0x00000006 (6) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x00001024 (4132) context_id : 0x0000 (0) opnum : 0x0008 (8) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=4132 [0000] 00 00 00 00 0F 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 02 00 00 00 00 00 02 00 00 10 00 00 .,...... ........ [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1020] 00 10 00 00 .... [2013/11/07 14:24:52.972679, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) Processing packet type 0 [2013/11/07 14:24:52.972778, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1472(dcesrv_auth_request) Checking request auth. [2013/11/07 14:24:52.972869, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(2016, 5001) : sec_ctx_stack_ndx = 1 [2013/11/07 14:24:52.972959, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (2016, 5001) - sec_ctx_stack_ndx = 1 [2013/11/07 14:24:52.973042, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (7): SID[ 0]: S-1-5-21-1094127309-486540266-3527182606-1118 SID[ 1]: S-1-5-21-1094127309-486540266-3527182606-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-32-545 SID[ 6]: S-1-5-32-554 Privileges (0x 800000): Privilege[ 0]: SeChangeNotifyPrivilege Rights (0x 400): Right[ 0]: SeRemoteInteractiveLogonRight [2013/11/07 14:24:52.973535, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 2016 Primary group is 5001 and contains 6 supplementary groups Group[ 0]: 5001 Group[ 1]: 5012 Group[ 2]: 5032 Group[ 3]: 5010 Group[ 4]: 5067 Group[ 5]: 5052 [2013/11/07 14:24:52.973878, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1324(api_pipe_request) Requested \spoolss rpc service [2013/11/07 14:24:52.973964, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1356(api_rpcTNP) api_rpcTNP: \spoolss op 0x8 - api_rpcTNP: rpc command: SPOOLSS_GETPRINTER [2013/11/07 14:24:52.974049, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1390(api_rpcTNP) api_rpc_cmds[8].fn == 0xb766e000 [2013/11/07 14:24:52.974138, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) spoolss_GetPrinter: struct spoolss_GetPrinter in: struct spoolss_GetPrinter handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000010f-0000-0000-7b52-a4947f2c0000 level : 0x00000002 (2) buffer : * buffer : DATA_BLOB length=4096 [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ offered : 0x00001000 (4096) [2013/11/07 14:24:52.991595, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0F 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:52.991751, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0F 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:52.991900, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:489(get_printer_snum) short name:sprinter1 [2013/11/07 14:24:52.992070, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) Create pipe requested \winreg [2013/11/07 14:24:52.992163, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:221(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \winreg [2013/11/07 14:24:52.992246, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg [2013/11/07 14:24:52.992435, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) Created internal pipe \winreg [2013/11/07 14:24:52.992571, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:24:52.993080, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2013/11/07 14:24:52.993165, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(2016, 5001) : sec_ctx_stack_ndx = 2 [2013/11/07 14:24:52.993252, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:485(push_conn_ctx) push_conn_ctx(2620291195) : conn_ctx_stack_ndx = 0 [2013/11/07 14:24:52.993347, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/11/07 14:24:52.993427, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/11/07 14:24:52.993506, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/11/07 14:24:52.993755, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (2016, 5001) - sec_ctx_stack_ndx = 1 [2013/11/07 14:24:52.993840, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:866(regdb_open) regdb_open: registry db opened. refcount reset (1) [2013/11/07 14:24:52.993926, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2013/11/07 14:24:52.994006, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2013/11/07 14:24:52.994089, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:52.994168, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM] [2013/11/07 14:24:52.994295, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2013/11/07 14:24:52.994398, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:24:52.994486, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 20 01 00 00 00 00 00 00 7B 52 A4 94 .... ... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:52.994639, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000120-0000-0000-7b52-a4947f2c0000 result : WERR_OK [2013/11/07 14:24:52.995013, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000120-0000-0000-7b52-a4947f2c0000 keyname: struct winreg_String name_len : 0x008c (140) name_size : 0x008c (140) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:24:52.996014, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 20 01 00 00 00 00 00 00 7B 52 A4 94 .... ... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:52.996167, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2013/11/07 14:24:52.996249, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (1->2) [2013/11/07 14:24:52.996332, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2013/11/07 14:24:52.996451, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2013/11/07 14:24:52.996536, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:52.996615, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE] [2013/11/07 14:24:52.996726, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2013/11/07 14:24:52.996827, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2013/11/07 14:24:52.996909, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (2->3) [2013/11/07 14:24:52.996993, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:52.997072, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:52.997169, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:52.997248, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:52.997367, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:52.997467, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2013/11/07 14:24:52.997548, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (3->4) [2013/11/07 14:24:52.997632, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:52.997711, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:52.997795, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:52.997874, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:52.997975, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:52.998078, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2013/11/07 14:24:52.998160, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (4->5) [2013/11/07 14:24:52.998244, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:52.998322, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:52.998407, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:52.998486, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:52.998610, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2013/11/07 14:24:52.998692, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (5->6) [2013/11/07 14:24:52.998776, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:52.998870, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:52.998959, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:52.999037, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:52.999146, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2013/11/07 14:24:52.999227, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (6->7) [2013/11/07 14:24:52.999314, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:52.999394, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:52.999482, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:52.999561, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:52.999664, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:52.999766, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [sprinter1] [2013/11/07 14:24:52.999849, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (7->8) [2013/11/07 14:24:52.999934, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:53.000015, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:53.000103, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:53.000183, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:53.000310, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:53.000446, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:24:53.000535, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (8->7) [2013/11/07 14:24:53.000634, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (7->6) [2013/11/07 14:24:53.000718, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (6->5) [2013/11/07 14:24:53.000800, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (5->4) [2013/11/07 14:24:53.000883, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (4->3) [2013/11/07 14:24:53.000966, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (3->2) [2013/11/07 14:24:53.001050, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 21 01 00 00 00 00 00 00 7B 52 A5 94 ....!... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.001200, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000121-0000-0000-7b52-a5947f2c0000 result : WERR_OK [2013/11/07 14:24:53.001585, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey in: struct winreg_QueryInfoKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000121-0000-0000-7b52-a5947f2c0000 classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL [2013/11/07 14:24:53.002128, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 21 01 00 00 00 00 00 00 7B 52 A5 94 ....!... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.002286, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' (ops 0xb6d86bc0) [2013/11/07 14:24:53.002370, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:53.002490, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[0]: name[Attributes] len[4] [2013/11/07 14:24:53.002576, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[1]: name[Description] len[2] [2013/11/07 14:24:53.002660, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[2]: name[Datatype] len[8] [2013/11/07 14:24:53.002759, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[3]: name[Default Priority] len[4] [2013/11/07 14:24:53.002843, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[4]: name[Port] len[38] [2013/11/07 14:24:53.002928, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[5]: name[Name] len[20] [2013/11/07 14:24:53.003013, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[6]: name[Print Processor] len[18] [2013/11/07 14:24:53.003097, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[7]: name[Priority] len[4] [2013/11/07 14:24:53.003182, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[8]: name[Security] len[248] [2013/11/07 14:24:53.003267, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[9]: name[Share Name] len[20] [2013/11/07 14:24:53.003352, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[10]: name[StartTime] len[4] [2013/11/07 14:24:53.003438, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[11]: name[UntilTime] len[4] [2013/11/07 14:24:53.003523, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[12]: name[ChangeID] len[4] [2013/11/07 14:24:53.003608, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:53.003714, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey out: struct winreg_QueryInfoKey classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL num_subkeys : * num_subkeys : 0x00000003 (3) max_subkeylen : * max_subkeylen : 0x00000022 (34) max_classlen : * max_classlen : 0x00000000 (0) num_values : * num_values : 0x0000000d (13) max_valnamelen : * max_valnamelen : 0x00000022 (34) max_valbufsize : * max_valbufsize : 0x000000f8 (248) secdescsize : * secdescsize : 0x00000078 (120) last_changed_time : * last_changed_time : NTTIME(0) result : WERR_OK [2013/11/07 14:24:53.004739, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000121-0000-0000-7b52-a5947f2c0000 enum_index : 0x00000000 (0) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:53.005670, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 21 01 00 00 00 00 00 00 7B 52 A5 94 ....!... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.005820, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:53.005909, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0016 (22) size : 0x0024 (36) name : * name : 'Attributes' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x48 (72) [1] : 0x10 (16) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:53.006780, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000121-0000-0000-7b52-a5947f2c0000 enum_index : 0x00000001 (1) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:53.007640, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 21 01 00 00 00 00 00 00 7B 52 A5 94 ....!... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.007788, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:53.007875, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0018 (24) size : 0x0024 (36) name : * name : 'Description' type : * type : REG_SZ (1) value : * value: ARRAY(2) [0] : 0x00 (0) [1] : 0x00 (0) size : * size : 0x00000002 (2) length : * length : 0x00000002 (2) result : WERR_OK [2013/11/07 14:24:53.008694, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000121-0000-0000-7b52-a5947f2c0000 enum_index : 0x00000002 (2) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:53.009554, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 21 01 00 00 00 00 00 00 7B 52 A5 94 ....!... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.009703, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:53.009790, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Datatype' type : * type : REG_SZ (1) value : * value: ARRAY(8) [0] : 0x52 (82) [1] : 0x00 (0) [2] : 0x41 (65) [3] : 0x00 (0) [4] : 0x57 (87) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) size : * size : 0x00000008 (8) length : * length : 0x00000008 (8) result : WERR_OK [2013/11/07 14:24:53.010819, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000121-0000-0000-7b52-a5947f2c0000 enum_index : 0x00000003 (3) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:53.011663, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 21 01 00 00 00 00 00 00 7B 52 A5 94 ....!... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.011815, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:53.011902, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0022 (34) size : 0x0024 (36) name : * name : 'Default Priority' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:53.012797, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000121-0000-0000-7b52-a5947f2c0000 enum_index : 0x00000004 (4) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:53.013700, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 21 01 00 00 00 00 00 00 7B 52 A5 94 ....!... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.013849, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:53.013939, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x000a (10) size : 0x0024 (36) name : * name : 'Port' type : * type : REG_SZ (1) value : * value: ARRAY(38) [0] : 0x53 (83) [1] : 0x00 (0) [2] : 0x61 (97) [3] : 0x00 (0) [4] : 0x6d (109) [5] : 0x00 (0) [6] : 0x62 (98) [7] : 0x00 (0) [8] : 0x61 (97) [9] : 0x00 (0) [10] : 0x20 (32) [11] : 0x00 (0) [12] : 0x50 (80) [13] : 0x00 (0) [14] : 0x72 (114) [15] : 0x00 (0) [16] : 0x69 (105) [17] : 0x00 (0) [18] : 0x6e (110) [19] : 0x00 (0) [20] : 0x74 (116) [21] : 0x00 (0) [22] : 0x65 (101) [23] : 0x00 (0) [24] : 0x72 (114) [25] : 0x00 (0) [26] : 0x20 (32) [27] : 0x00 (0) [28] : 0x50 (80) [29] : 0x00 (0) [30] : 0x6f (111) [31] : 0x00 (0) [32] : 0x72 (114) [33] : 0x00 (0) [34] : 0x74 (116) [35] : 0x00 (0) [36] : 0x00 (0) [37] : 0x00 (0) size : * size : 0x00000026 (38) length : * length : 0x00000026 (38) result : WERR_OK [2013/11/07 14:24:53.016146, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000121-0000-0000-7b52-a5947f2c0000 enum_index : 0x00000005 (5) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:53.017156, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 21 01 00 00 00 00 00 00 7B 52 A5 94 ....!... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.017322, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:53.017411, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x000a (10) size : 0x0024 (36) name : * name : 'Name' type : * type : REG_SZ (1) value : * value: ARRAY(20) [0] : 0x73 (115) [1] : 0x00 (0) [2] : 0x70 (112) [3] : 0x00 (0) [4] : 0x72 (114) [5] : 0x00 (0) [6] : 0x69 (105) [7] : 0x00 (0) [8] : 0x6e (110) [9] : 0x00 (0) [10] : 0x74 (116) [11] : 0x00 (0) [12] : 0x65 (101) [13] : 0x00 (0) [14] : 0x72 (114) [15] : 0x00 (0) [16] : 0x31 (49) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) size : * size : 0x00000014 (20) length : * length : 0x00000014 (20) result : WERR_OK [2013/11/07 14:24:53.018936, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000121-0000-0000-7b52-a5947f2c0000 enum_index : 0x00000006 (6) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:53.019785, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 21 01 00 00 00 00 00 00 7B 52 A5 94 ....!... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.019934, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:53.020023, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0020 (32) size : 0x0024 (36) name : * name : 'Print Processor' type : * type : REG_SZ (1) value : * value: ARRAY(18) [0] : 0x77 (119) [1] : 0x00 (0) [2] : 0x69 (105) [3] : 0x00 (0) [4] : 0x6e (110) [5] : 0x00 (0) [6] : 0x70 (112) [7] : 0x00 (0) [8] : 0x72 (114) [9] : 0x00 (0) [10] : 0x69 (105) [11] : 0x00 (0) [12] : 0x6e (110) [13] : 0x00 (0) [14] : 0x74 (116) [15] : 0x00 (0) [16] : 0x00 (0) [17] : 0x00 (0) size : * size : 0x00000012 (18) length : * length : 0x00000012 (18) result : WERR_OK [2013/11/07 14:24:53.021491, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000121-0000-0000-7b52-a5947f2c0000 enum_index : 0x00000007 (7) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:53.022339, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 21 01 00 00 00 00 00 00 7B 52 A5 94 ....!... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.022487, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:53.022574, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Priority' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:53.023447, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000121-0000-0000-7b52-a5947f2c0000 enum_index : 0x00000008 (8) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:53.024309, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 21 01 00 00 00 00 00 00 7B 52 A5 94 ....!... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.024547, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:53.024640, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Security' type : * type : REG_BINARY (3) value : * value: ARRAY(248) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0xc4 (196) [55] : 0x00 (0) [56] : 0x07 (7) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x24 (36) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x05 (5) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x15 (21) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0xcd (205) [101] : 0x0e (14) [102] : 0x37 (55) [103] : 0x41 (65) [104] : 0xea (234) [105] : 0x03 (3) [106] : 0x00 (0) [107] : 0x1d (29) [108] : 0x0e (14) [109] : 0x89 (137) [110] : 0x3c (60) [111] : 0xd2 (210) [112] : 0x00 (0) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x02 (2) [118] : 0x24 (36) [119] : 0x00 (0) [120] : 0x0c (12) [121] : 0x00 (0) [122] : 0x0f (15) [123] : 0x10 (16) [124] : 0x01 (1) [125] : 0x05 (5) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x05 (5) [132] : 0x15 (21) [133] : 0x00 (0) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0xcd (205) [137] : 0x0e (14) [138] : 0x37 (55) [139] : 0x41 (65) [140] : 0xea (234) [141] : 0x03 (3) [142] : 0x00 (0) [143] : 0x1d (29) [144] : 0x0e (14) [145] : 0x89 (137) [146] : 0x3c (60) [147] : 0xd2 (210) [148] : 0x00 (0) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x09 (9) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x20 (32) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x02 (2) [178] : 0x18 (24) [179] : 0x00 (0) [180] : 0x0c (12) [181] : 0x00 (0) [182] : 0x0f (15) [183] : 0x10 (16) [184] : 0x01 (1) [185] : 0x02 (2) [186] : 0x00 (0) [187] : 0x00 (0) [188] : 0x00 (0) [189] : 0x00 (0) [190] : 0x00 (0) [191] : 0x05 (5) [192] : 0x20 (32) [193] : 0x00 (0) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x20 (32) [197] : 0x02 (2) [198] : 0x00 (0) [199] : 0x00 (0) [200] : 0x00 (0) [201] : 0x09 (9) [202] : 0x18 (24) [203] : 0x00 (0) [204] : 0x0c (12) [205] : 0x00 (0) [206] : 0x0f (15) [207] : 0x10 (16) [208] : 0x01 (1) [209] : 0x02 (2) [210] : 0x00 (0) [211] : 0x00 (0) [212] : 0x00 (0) [213] : 0x00 (0) [214] : 0x00 (0) [215] : 0x05 (5) [216] : 0x20 (32) [217] : 0x00 (0) [218] : 0x00 (0) [219] : 0x00 (0) [220] : 0x26 (38) [221] : 0x02 (2) [222] : 0x00 (0) [223] : 0x00 (0) [224] : 0x00 (0) [225] : 0x02 (2) [226] : 0x18 (24) [227] : 0x00 (0) [228] : 0x0c (12) [229] : 0x00 (0) [230] : 0x0f (15) [231] : 0x10 (16) [232] : 0x01 (1) [233] : 0x02 (2) [234] : 0x00 (0) [235] : 0x00 (0) [236] : 0x00 (0) [237] : 0x00 (0) [238] : 0x00 (0) [239] : 0x05 (5) [240] : 0x20 (32) [241] : 0x00 (0) [242] : 0x00 (0) [243] : 0x00 (0) [244] : 0x26 (38) [245] : 0x02 (2) [246] : 0x00 (0) [247] : 0x00 (0) size : * size : 0x000000f8 (248) length : * length : 0x000000f8 (248) result : WERR_OK [2013/11/07 14:24:53.035156, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000121-0000-0000-7b52-a5947f2c0000 enum_index : 0x00000009 (9) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:53.036016, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 21 01 00 00 00 00 00 00 7B 52 A5 94 ....!... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.036166, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:53.036254, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0016 (22) size : 0x0024 (36) name : * name : 'Share Name' type : * type : REG_SZ (1) value : * value: ARRAY(20) [0] : 0x73 (115) [1] : 0x00 (0) [2] : 0x70 (112) [3] : 0x00 (0) [4] : 0x72 (114) [5] : 0x00 (0) [6] : 0x69 (105) [7] : 0x00 (0) [8] : 0x6e (110) [9] : 0x00 (0) [10] : 0x74 (116) [11] : 0x00 (0) [12] : 0x65 (101) [13] : 0x00 (0) [14] : 0x72 (114) [15] : 0x00 (0) [16] : 0x31 (49) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) size : * size : 0x00000014 (20) length : * length : 0x00000014 (20) result : WERR_OK [2013/11/07 14:24:53.037817, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000121-0000-0000-7b52-a5947f2c0000 enum_index : 0x0000000a (10) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:53.038663, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 21 01 00 00 00 00 00 00 7B 52 A5 94 ....!... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.038811, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:53.038899, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0014 (20) size : 0x0024 (36) name : * name : 'StartTime' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:53.039762, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000121-0000-0000-7b52-a5947f2c0000 enum_index : 0x0000000b (11) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:53.040661, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 21 01 00 00 00 00 00 00 7B 52 A5 94 ....!... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.040809, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:53.040896, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0014 (20) size : 0x0024 (36) name : * name : 'UntilTime' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:53.041780, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000121-0000-0000-7b52-a5947f2c0000 enum_index : 0x0000000c (12) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:53.042637, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 21 01 00 00 00 00 00 00 7B 52 A5 94 ....!... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.042785, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:53.042885, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'ChangeID' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x33 (51) [1] : 0xac (172) [2] : 0x0e (14) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:53.043808, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000121-0000-0000-7b52-a5947f2c0000 value_name : * value_name: struct winreg_String name_len : 0x0020 (32) name_size : 0x0020 (32) name : * name : 'Default DevMode' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2013/11/07 14:24:53.044606, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 21 01 00 00 00 00 00 00 7B 52 A5 94 ....!... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.044755, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:53.044837, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2013/11/07 14:24:53.044927, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:316(_winreg_QueryValue) _winreg_QueryValue: reg_queryvalue failed with: WERR_BADFILE [2013/11/07 14:24:53.045008, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) result : WERR_BADFILE [2013/11/07 14:24:53.045495, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:24:53.046003, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2013/11/07 14:24:53.046086, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (2->3) [2013/11/07 14:24:53.046172, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2013/11/07 14:24:53.046252, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2013/11/07 14:24:53.046337, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:53.046416, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM] [2013/11/07 14:24:53.046542, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2013/11/07 14:24:53.046647, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:24:53.046735, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[3] [0000] 00 00 00 00 22 01 00 00 00 00 00 00 7B 52 A5 94 ...."... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.046885, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000122-0000-0000-7b52-a5947f2c0000 result : WERR_OK [2013/11/07 14:24:53.047229, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000122-0000-0000-7b52-a5947f2c0000 keyname: struct winreg_String name_len : 0x008c (140) name_size : 0x008c (140) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:24:53.048241, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 22 01 00 00 00 00 00 00 7B 52 A5 94 ...."... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.048422, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2013/11/07 14:24:53.048508, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (3->4) [2013/11/07 14:24:53.048592, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2013/11/07 14:24:53.048671, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2013/11/07 14:24:53.048755, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:53.048834, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE] [2013/11/07 14:24:53.048944, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2013/11/07 14:24:53.049044, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2013/11/07 14:24:53.049126, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (4->5) [2013/11/07 14:24:53.049210, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:53.049313, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:53.049398, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:53.049477, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:53.049588, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:53.049688, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2013/11/07 14:24:53.049771, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (5->6) [2013/11/07 14:24:53.049870, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:53.049949, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:53.050034, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:53.050113, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:53.050215, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:53.050315, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2013/11/07 14:24:53.050396, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (6->7) [2013/11/07 14:24:53.050482, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:53.050561, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:53.050646, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:53.050725, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:53.050848, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2013/11/07 14:24:53.050931, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (7->8) [2013/11/07 14:24:53.051017, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:53.051098, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:53.051186, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:53.051265, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:53.051373, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2013/11/07 14:24:53.051455, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (8->9) [2013/11/07 14:24:53.051540, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:53.051635, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:53.051724, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:53.051804, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:53.051909, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:53.052011, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [sprinter1] [2013/11/07 14:24:53.052179, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (9->10) [2013/11/07 14:24:53.052268, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:53.052349, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:53.052464, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:53.052545, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:53.052661, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:53.052764, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:24:53.052850, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (10->9) [2013/11/07 14:24:53.052934, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (9->8) [2013/11/07 14:24:53.053018, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (8->7) [2013/11/07 14:24:53.053101, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (7->6) [2013/11/07 14:24:53.053184, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (6->5) [2013/11/07 14:24:53.053268, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (5->4) [2013/11/07 14:24:53.053382, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[4] [0000] 00 00 00 00 23 01 00 00 00 00 00 00 7B 52 A5 94 ....#... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.053533, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000123-0000-0000-7b52-a5947f2c0000 result : WERR_OK [2013/11/07 14:24:53.053895, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000123-0000-0000-7b52-a5947f2c0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2013/11/07 14:24:53.054669, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 23 01 00 00 00 00 00 00 7B 52 A5 94 ....#... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.054819, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:53.054901, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2013/11/07 14:24:53.054984, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' (ops 0xb6d86bc0) [2013/11/07 14:24:53.055068, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:53.055176, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[0]: name[Attributes] len[4] [2013/11/07 14:24:53.055260, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[1]: name[Description] len[2] [2013/11/07 14:24:53.055344, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[2]: name[Datatype] len[8] [2013/11/07 14:24:53.055451, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[3]: name[Default Priority] len[4] [2013/11/07 14:24:53.055536, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[4]: name[Port] len[38] [2013/11/07 14:24:53.055620, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[5]: name[Name] len[20] [2013/11/07 14:24:53.055704, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[6]: name[Print Processor] len[18] [2013/11/07 14:24:53.055789, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[7]: name[Priority] len[4] [2013/11/07 14:24:53.055874, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[8]: name[Security] len[248] [2013/11/07 14:24:53.055959, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[9]: name[Share Name] len[20] [2013/11/07 14:24:53.056043, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[10]: name[StartTime] len[4] [2013/11/07 14:24:53.056128, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[11]: name[UntilTime] len[4] [2013/11/07 14:24:53.056213, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[12]: name[ChangeID] len[4] [2013/11/07 14:24:53.056299, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : NULL data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x00000000 (0) result : WERR_OK [2013/11/07 14:24:53.056785, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000123-0000-0000-7b52-a5947f2c0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_BINARY (3) data : * data: ARRAY(0) data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x00000000 (0) [2013/11/07 14:24:53.057658, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 23 01 00 00 00 00 00 00 7B 52 A5 94 ....#... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.057823, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:53.057906, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2013/11/07 14:24:53.057995, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : * data: ARRAY(248) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0xc4 (196) [55] : 0x00 (0) [56] : 0x07 (7) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x24 (36) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x05 (5) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x15 (21) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0xcd (205) [101] : 0x0e (14) [102] : 0x37 (55) [103] : 0x41 (65) [104] : 0xea (234) [105] : 0x03 (3) [106] : 0x00 (0) [107] : 0x1d (29) [108] : 0x0e (14) [109] : 0x89 (137) [110] : 0x3c (60) [111] : 0xd2 (210) [112] : 0x00 (0) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x02 (2) [118] : 0x24 (36) [119] : 0x00 (0) [120] : 0x0c (12) [121] : 0x00 (0) [122] : 0x0f (15) [123] : 0x10 (16) [124] : 0x01 (1) [125] : 0x05 (5) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x05 (5) [132] : 0x15 (21) [133] : 0x00 (0) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0xcd (205) [137] : 0x0e (14) [138] : 0x37 (55) [139] : 0x41 (65) [140] : 0xea (234) [141] : 0x03 (3) [142] : 0x00 (0) [143] : 0x1d (29) [144] : 0x0e (14) [145] : 0x89 (137) [146] : 0x3c (60) [147] : 0xd2 (210) [148] : 0x00 (0) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x09 (9) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x20 (32) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x02 (2) [178] : 0x18 (24) [179] : 0x00 (0) [180] : 0x0c (12) [181] : 0x00 (0) [182] : 0x0f (15) [183] : 0x10 (16) [184] : 0x01 (1) [185] : 0x02 (2) [186] : 0x00 (0) [187] : 0x00 (0) [188] : 0x00 (0) [189] : 0x00 (0) [190] : 0x00 (0) [191] : 0x05 (5) [192] : 0x20 (32) [193] : 0x00 (0) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x20 (32) [197] : 0x02 (2) [198] : 0x00 (0) [199] : 0x00 (0) [200] : 0x00 (0) [201] : 0x09 (9) [202] : 0x18 (24) [203] : 0x00 (0) [204] : 0x0c (12) [205] : 0x00 (0) [206] : 0x0f (15) [207] : 0x10 (16) [208] : 0x01 (1) [209] : 0x02 (2) [210] : 0x00 (0) [211] : 0x00 (0) [212] : 0x00 (0) [213] : 0x00 (0) [214] : 0x00 (0) [215] : 0x05 (5) [216] : 0x20 (32) [217] : 0x00 (0) [218] : 0x00 (0) [219] : 0x00 (0) [220] : 0x26 (38) [221] : 0x02 (2) [222] : 0x00 (0) [223] : 0x00 (0) [224] : 0x00 (0) [225] : 0x02 (2) [226] : 0x18 (24) [227] : 0x00 (0) [228] : 0x0c (12) [229] : 0x00 (0) [230] : 0x0f (15) [231] : 0x10 (16) [232] : 0x01 (1) [233] : 0x02 (2) [234] : 0x00 (0) [235] : 0x00 (0) [236] : 0x00 (0) [237] : 0x00 (0) [238] : 0x00 (0) [239] : 0x05 (5) [240] : 0x20 (32) [241] : 0x00 (0) [242] : 0x00 (0) [243] : 0x00 (0) [244] : 0x26 (38) [245] : 0x02 (2) [246] : 0x00 (0) [247] : 0x00 (0) data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x000000f8 (248) result : WERR_OK [2013/11/07 14:24:53.068494, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000123-0000-0000-7b52-a5947f2c0000 [2013/11/07 14:24:53.068788, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 23 01 00 00 00 00 00 00 7B 52 A5 94 ....#... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.068955, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 23 01 00 00 00 00 00 00 7B 52 A5 94 ....#... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.069102, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:24:53.069191, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (4->3) [2013/11/07 14:24:53.069289, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:24:53.069629, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000122-0000-0000-7b52-a5947f2c0000 [2013/11/07 14:24:53.069907, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 22 01 00 00 00 00 00 00 7B 52 A5 94 ...."... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.070059, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 22 01 00 00 00 00 00 00 7B 52 A5 94 ...."... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.070210, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:24:53.070294, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (3->2) [2013/11/07 14:24:53.070377, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:24:53.070714, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000121-0000-0000-7b52-a5947f2c0000 [2013/11/07 14:24:53.070994, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 21 01 00 00 00 00 00 00 7B 52 A5 94 ....!... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.071158, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 21 01 00 00 00 00 00 00 7B 52 A5 94 ....!... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.071308, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:24:53.071398, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (2->1) [2013/11/07 14:24:53.071481, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:24:53.071816, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000120-0000-0000-7b52-a4947f2c0000 [2013/11/07 14:24:53.072095, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 20 01 00 00 00 00 00 00 7B 52 A4 94 .... ... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.072243, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 20 01 00 00 00 00 00 00 7B 52 A4 94 .... ... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.072413, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:24:53.072500, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (1->0) [2013/11/07 14:24:53.072608, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:24:53.072947, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:416(close_policy_by_pipe) Deleted handle list for RPC connection \winreg [2013/11/07 14:24:53.073177, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) spoolss_GetPrinter: struct spoolss_GetPrinter out: struct spoolss_GetPrinter info : * info : union spoolss_PrinterInfo(case 2) info2: struct spoolss_PrinterInfo2 servername : * servername : '\\SLAVER' printername : * printername : '\\SLAVER\sprinter1' sharename : * sharename : 'sprinter1' portname : * portname : 'Samba Printer Port' drivername : * drivername : '' comment : * comment : '' location : * location : '' devmode : * devmode: struct spoolss_DeviceMode devicename : '\\SLAVER\sprinter1' specversion : DMSPEC_NT4_AND_ABOVE (1025) driverversion : 0x0400 (1024) size : 0x00dc (220) __driverextra_length : 0x0000 (0) fields : 0x00014713 (83731) 1: DEVMODE_ORIENTATION 1: DEVMODE_PAPERSIZE 0: DEVMODE_PAPERLENGTH 0: DEVMODE_PAPERWIDTH 1: DEVMODE_SCALE 0: DEVMODE_POSITION 0: DEVMODE_NUP 1: DEVMODE_COPIES 1: DEVMODE_DEFAULTSOURCE 1: DEVMODE_PRINTQUALITY 0: DEVMODE_COLOR 0: DEVMODE_DUPLEX 0: DEVMODE_YRESOLUTION 1: DEVMODE_TTOPTION 0: DEVMODE_COLLATE 1: DEVMODE_FORMNAME 0: DEVMODE_LOGPIXELS 0: DEVMODE_BITSPERPEL 0: DEVMODE_PELSWIDTH 0: DEVMODE_PELSHEIGHT 0: DEVMODE_DISPLAYFLAGS 0: DEVMODE_DISPLAYFREQUENCY 0: DEVMODE_ICMMETHOD 0: DEVMODE_ICMINTENT 0: DEVMODE_MEDIATYPE 0: DEVMODE_DITHERTYPE 0: DEVMODE_PANNINGWIDTH 0: DEVMODE_PANNINGHEIGHT orientation : DMORIENT_PORTRAIT (1) papersize : DMPAPER_LETTER (1) paperlength : 0x0000 (0) paperwidth : 0x0000 (0) scale : 0x0064 (100) copies : 0x0001 (1) defaultsource : DMBIN_FORMSOURCE (15) printquality : DMRES_HIGH (65532) color : DMRES_MONOCHROME (1) duplex : DMDUP_SIMPLEX (1) yresolution : 0x0000 (0) ttoption : DMTT_SUBDEV (3) collate : DMCOLLATE_FALSE (0) formname : 'Letter' logpixels : 0x0000 (0) bitsperpel : 0x00000000 (0) pelswidth : 0x00000000 (0) pelsheight : 0x00000000 (0) displayflags : UNKNOWN_ENUM_VALUE (0) displayfrequency : 0x00000000 (0) icmmethod : UNKNOWN_ENUM_VALUE (0) icmintent : UNKNOWN_ENUM_VALUE (0) mediatype : UNKNOWN_ENUM_VALUE (0) dithertype : UNKNOWN_ENUM_VALUE (0) reserved1 : 0x00000000 (0) reserved2 : 0x00000000 (0) panningwidth : 0x00000000 (0) panningheight : 0x00000000 (0) driverextra_data : DATA_BLOB length=0 sepfile : * sepfile : '' printprocessor : * printprocessor : 'winprint' datatype : * datatype : 'RAW' parameters : * parameters : '' secdesc : * secdesc: struct security_descriptor revision : SECURITY_DESCRIPTOR_REVISION_1 (1) type : 0x8004 (32772) 0: SEC_DESC_OWNER_DEFAULTED 0: SEC_DESC_GROUP_DEFAULTED 1: SEC_DESC_DACL_PRESENT 0: SEC_DESC_DACL_DEFAULTED 0: SEC_DESC_SACL_PRESENT 0: SEC_DESC_SACL_DEFAULTED 0: SEC_DESC_DACL_TRUSTED 0: SEC_DESC_SERVER_SECURITY 0: SEC_DESC_DACL_AUTO_INHERIT_REQ 0: SEC_DESC_SACL_AUTO_INHERIT_REQ 0: SEC_DESC_DACL_AUTO_INHERITED 0: SEC_DESC_SACL_AUTO_INHERITED 0: SEC_DESC_DACL_PROTECTED 0: SEC_DESC_SACL_PROTECTED 0: SEC_DESC_RM_CONTROL_VALID 1: SEC_DESC_SELF_RELATIVE owner_sid : * owner_sid : S-1-5-32-544 group_sid : * group_sid : S-1-5-32-544 sacl : NULL dacl : * dacl: struct security_acl revision : SECURITY_ACL_REVISION_NT4 (2) size : 0x00c4 (196) num_aces : 0x00000007 (7) aces: ARRAY(7) aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0014 (20) access_mask : 0x20020008 (537001992) object : union security_ace_object_ctr(case 0) trustee : S-1-1-0 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x09 (9) 1: SEC_ACE_FLAG_OBJECT_INHERIT 0: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 1: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0024 (36) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-21-1094127309-486540266-3527182606-512 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0024 (36) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-21-1094127309-486540266-3527182606-512 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x09 (9) 1: SEC_ACE_FLAG_OBJECT_INHERIT 0: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 1: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-544 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-544 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x09 (9) 1: SEC_ACE_FLAG_OBJECT_INHERIT 0: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 1: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-550 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-550 attributes : 0x00001048 (4168) 0: PRINTER_ATTRIBUTE_QUEUED 0: PRINTER_ATTRIBUTE_DIRECT 0: PRINTER_ATTRIBUTE_DEFAULT 1: PRINTER_ATTRIBUTE_SHARED 0: PRINTER_ATTRIBUTE_NETWORK 0: PRINTER_ATTRIBUTE_HIDDEN 1: PRINTER_ATTRIBUTE_LOCAL 0: PRINTER_ATTRIBUTE_ENABLE_DEVQ 0: PRINTER_ATTRIBUTE_KEEPPRINTEDJOBS 0: PRINTER_ATTRIBUTE_DO_COMPLETE_FIRST 0: PRINTER_ATTRIBUTE_WORK_OFFLINE 0: PRINTER_ATTRIBUTE_ENABLE_BIDI 1: PRINTER_ATTRIBUTE_RAW_ONLY 0: PRINTER_ATTRIBUTE_PUBLISHED 0: PRINTER_ATTRIBUTE_FAX 0: PRINTER_ATTRIBUTE_TS priority : 0x00000001 (1) defaultpriority : 0x00000001 (1) starttime : 0x00000000 (0) untiltime : 0x00000000 (0) status : 0x00000000 (0) 0: PRINTER_STATUS_PAUSED 0: PRINTER_STATUS_ERROR 0: PRINTER_STATUS_PENDING_DELETION 0: PRINTER_STATUS_PAPER_JAM 0: PRINTER_STATUS_PAPER_OUT 0: PRINTER_STATUS_MANUAL_FEED 0: PRINTER_STATUS_PAPER_PROBLEM 0: PRINTER_STATUS_OFFLINE 0: PRINTER_STATUS_IO_ACTIVE 0: PRINTER_STATUS_BUSY 0: PRINTER_STATUS_PRINTING 0: PRINTER_STATUS_OUTPUT_BIN_FULL 0: PRINTER_STATUS_NOT_AVAILABLE 0: PRINTER_STATUS_WAITING 0: PRINTER_STATUS_PROCESSING 0: PRINTER_STATUS_INITIALIZING 0: PRINTER_STATUS_WARMING_UP 0: PRINTER_STATUS_TONER_LOW 0: PRINTER_STATUS_NO_TONER 0: PRINTER_STATUS_PAGE_PUNT 0: PRINTER_STATUS_USER_INTERVENTION 0: PRINTER_STATUS_OUT_OF_MEMORY 0: PRINTER_STATUS_DOOR_OPEN 0: PRINTER_STATUS_SERVER_UNKNOWN 0: PRINTER_STATUS_POWER_SAVE cjobs : 0x00000000 (0) averageppm : 0x00000000 (0) needed : * needed : 0x000002f0 (752) result : WERR_OK [2013/11/07 14:24:53.084644, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1417(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2013/11/07 14:24:53.084776, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (2016, 5001) - sec_ctx_stack_ndx = 0 [2013/11/07 14:24:53.084879, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 4140 smbd_smb2_request_pending_queue: req->current_idx = 1 req->in.vector[0].iov_len = 0 req->in.vector[1].iov_len = 0 req->in.vector[2].iov_len = 64 req->in.vector[3].iov_len = 56 req->in.vector[4].iov_len = 4156 req->out.vector[0].iov_len = 4 req->out.vector[1].iov_len = 0 req->out.vector[2].iov_len = 64 req->out.vector[3].iov_len = 8 req->out.vector[4].iov_len = 0 [2013/11/07 14:24:53.085424, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:128(smbd_smb2_ioctl_pipe_write_done) smbd_smb2_ioctl_pipe_write_done: received 4156 [2013/11/07 14:24:53.085510, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:149(smbd_smb2_ioctl_pipe_write_done) smbd_smb2_ioctl_pipe_write_done: issuing np_read_send of size 4136 [2013/11/07 14:24:53.085596, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) name: \spoolss len: 4136 [2013/11/07 14:24:53.085680, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:347(read_from_internal_pipe) read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 4112. [2013/11/07 14:24:53.085779, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x1028 (4136) auth_length : 0x0000 (0) call_id : 0x00000006 (6) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00001010 (4112) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=4112 [0000] 04 00 02 00 00 10 00 00 EE 0F 00 00 C8 0F 00 00 ........ ........ [0010] B4 0F 00 00 8E 0F 00 00 8C 0F 00 00 8A 0F 00 00 ........ ........ [0020] 88 0F 00 00 8C 0E 00 00 86 0F 00 00 74 0F 00 00 ........ ....t... [0030] 6C 0F 00 00 6A 0F 00 00 94 0D 00 00 48 10 00 00 l...j... ....H... [0040] 01 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 01 00 04 80 ........ ........ [0DA0] D8 00 00 00 E8 00 00 00 00 00 00 00 14 00 00 00 ........ ........ [0DB0] 02 00 C4 00 07 00 00 00 00 02 14 00 08 00 02 20 ........ ....... [0DC0] 01 01 00 00 00 00 00 01 00 00 00 00 00 09 24 00 ........ ......$. [0DD0] 0C 00 0F 10 01 05 00 00 00 00 00 05 15 00 00 00 ........ ........ [0DE0] CD 0E 37 41 EA 03 00 1D 0E 89 3C D2 00 02 00 00 ..7A.... ..<..... [0DF0] 00 02 24 00 0C 00 0F 10 01 05 00 00 00 00 00 05 ..$..... ........ [0E00] 15 00 00 00 CD 0E 37 41 EA 03 00 1D 0E 89 3C D2 ......7A ......<. [0E10] 00 02 00 00 00 09 18 00 0C 00 0F 10 01 02 00 00 ........ ........ [0E20] 00 00 00 05 20 00 00 00 20 02 00 00 00 02 18 00 .... ... ....... [0E30] 0C 00 0F 10 01 02 00 00 00 00 00 05 20 00 00 00 ........ .... ... [0E40] 20 02 00 00 00 09 18 00 0C 00 0F 10 01 02 00 00 ....... ........ [0E50] 00 00 00 05 20 00 00 00 26 02 00 00 00 02 18 00 .... ... &....... [0E60] 0C 00 0F 10 01 02 00 00 00 00 00 05 20 00 00 00 ........ .... ... [0E70] 26 02 00 00 01 02 00 00 00 00 00 05 20 00 00 00 &....... .... ... [0E80] 20 02 00 00 01 02 00 00 00 00 00 05 20 00 00 00 ....... .... ... [0E90] 20 02 00 00 5C 00 5C 00 53 00 4C 00 41 00 56 00 ...\.\. S.L.A.V. [0EA0] 45 00 52 00 5C 00 73 00 70 00 72 00 69 00 6E 00 E.R.\.s. p.r.i.n. [0EB0] 74 00 65 00 72 00 31 00 00 00 00 00 00 00 00 00 t.e.r.1. ........ [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0ED0] 00 00 00 00 01 04 00 04 DC 00 00 00 13 47 01 00 ........ .....G.. [0EE0] 01 00 01 00 00 00 00 00 64 00 01 00 0F 00 FC FF ........ d....... [0EF0] 01 00 01 00 00 00 03 00 00 00 4C 00 65 00 74 00 ........ ..L.e.t. [0F00] 74 00 65 00 72 00 00 00 00 00 00 00 00 00 00 00 t.e.r... ........ [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F70] 00 00 00 00 52 00 41 00 57 00 00 00 77 00 69 00 ....R.A. W...w.i. [0F80] 6E 00 70 00 72 00 69 00 6E 00 74 00 00 00 00 00 n.p.r.i. n.t..... [0F90] 00 00 00 00 00 00 53 00 61 00 6D 00 62 00 61 00 ......S. a.m.b.a. [0FA0] 20 00 50 00 72 00 69 00 6E 00 74 00 65 00 72 00 .P.r.i. n.t.e.r. [0FB0] 20 00 50 00 6F 00 72 00 74 00 00 00 73 00 70 00 .P.o.r. t...s.p. [0FC0] 72 00 69 00 6E 00 74 00 65 00 72 00 31 00 00 00 r.i.n.t. e.r.1... [0FD0] 5C 00 5C 00 53 00 4C 00 41 00 56 00 45 00 52 00 \.\.S.L. A.V.E.R. [0FE0] 5C 00 73 00 70 00 72 00 69 00 6E 00 74 00 65 00 \.s.p.r. i.n.t.e. [0FF0] 72 00 31 00 00 00 5C 00 5C 00 53 00 4C 00 41 00 r.1...\. \.S.L.A. [1000] 56 00 45 00 52 00 00 00 F0 02 00 00 00 00 00 00 V.E.R... ........ [2013/11/07 14:24:53.104555, 3, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) free_pipe_context: destroying talloc pool of size 1258 [2013/11/07 14:24:53.104717, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 4136 bytes. There is no more data outstanding [2013/11/07 14:24:53.104801, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:178(smbd_smb2_ioctl_pipe_read_done) smbd_smb2_ioctl_pipe_read_done: np_read_recv nread = 4136 is_data_outstanding = 0, status = NT_STATUS_OK [2013/11/07 14:24:53.104892, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl.c:291(smbd_smb2_request_ioctl_done) smbd_smb2_request_ioctl_done: smbd_smb2_ioctl_recv returned 4136 status NT_STATUS_OK [2013/11/07 14:24:53.105026, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[48] dyn[yes:4136] at ../source3/smbd/smb2_ioctl.c:358 [2013/11/07 14:24:53.105114, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/173/127 [2013/11/07 14:24:53.122327, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) smbd_smb2_request_incoming: idx[1] of 5 vectors [2013/11/07 14:24:53.123011, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) smb2_validate_sequence_number: clearing id 173 (position 173) from bitmap [2013/11/07 14:24:53.123236, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) smbd_smb2_request_dispatch: opcode[SMB2_OP_IOCTL] mid = 173 [2013/11/07 14:24:53.124035, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2013/11/07 14:24:53.124263, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) mid 173, CreditCharge: 1, NeededCharge: 1 [2013/11/07 14:24:53.124713, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl.c:394(smbd_smb2_ioctl_send) smbd_smb2_ioctl: ctl_code[0x0011c017] spoolss, fnum 3571729150 [2013/11/07 14:24:53.125033, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:59(smb2_ioctl_named_pipe) smbd_smb2_ioctl_send: np_write_send of size 4156 [2013/11/07 14:24:53.125239, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 4156 [2013/11/07 14:24:53.125553, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 4156 [2013/11/07 14:24:53.125830, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 4156 [2013/11/07 14:24:53.126105, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) fill_rpc_header: data_to_copy = 4156, len_needed_to_complete_hdr = 16, receive_len = 0 [2013/11/07 14:24:53.126313, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 16 [2013/11/07 14:24:53.126582, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 4140 [2013/11/07 14:24:53.126797, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 4140 [2013/11/07 14:24:53.127082, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 0 [2013/11/07 14:24:53.127281, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 4140 [2013/11/07 14:24:53.127495, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 4140, incoming data = 4140 [2013/11/07 14:24:53.127707, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) PDU is in Little Endian format! [2013/11/07 14:24:53.128005, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x103c (4156) auth_length : 0x0000 (0) call_id : 0x00000007 (7) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x00001024 (4132) context_id : 0x0000 (0) opnum : 0x0008 (8) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=4132 [0000] 00 00 00 00 0F 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 02 00 00 00 00 00 02 00 00 10 00 00 .,...... ........ [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1020] 00 10 00 00 .... [2013/11/07 14:24:53.149809, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) Processing packet type 0 [2013/11/07 14:24:53.149896, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1472(dcesrv_auth_request) Checking request auth. [2013/11/07 14:24:53.149990, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(2016, 5001) : sec_ctx_stack_ndx = 1 [2013/11/07 14:24:53.150082, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (2016, 5001) - sec_ctx_stack_ndx = 1 [2013/11/07 14:24:53.150166, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (7): SID[ 0]: S-1-5-21-1094127309-486540266-3527182606-1118 SID[ 1]: S-1-5-21-1094127309-486540266-3527182606-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-32-545 SID[ 6]: S-1-5-32-554 Privileges (0x 800000): Privilege[ 0]: SeChangeNotifyPrivilege Rights (0x 400): Right[ 0]: SeRemoteInteractiveLogonRight [2013/11/07 14:24:53.150649, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 2016 Primary group is 5001 and contains 6 supplementary groups Group[ 0]: 5001 Group[ 1]: 5012 Group[ 2]: 5032 Group[ 3]: 5010 Group[ 4]: 5067 Group[ 5]: 5052 [2013/11/07 14:24:53.150999, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1324(api_pipe_request) Requested \spoolss rpc service [2013/11/07 14:24:53.151088, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1356(api_rpcTNP) api_rpcTNP: \spoolss op 0x8 - api_rpcTNP: rpc command: SPOOLSS_GETPRINTER [2013/11/07 14:24:53.151173, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1390(api_rpcTNP) api_rpc_cmds[8].fn == 0xb766e000 [2013/11/07 14:24:53.151263, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) spoolss_GetPrinter: struct spoolss_GetPrinter in: struct spoolss_GetPrinter handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000010f-0000-0000-7b52-a4947f2c0000 level : 0x00000002 (2) buffer : * buffer : DATA_BLOB length=4096 [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ offered : 0x00001000 (4096) [2013/11/07 14:24:53.168687, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0F 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.168846, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0F 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.168995, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:489(get_printer_snum) short name:sprinter1 [2013/11/07 14:24:53.169204, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) Create pipe requested \winreg [2013/11/07 14:24:53.169321, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:221(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \winreg [2013/11/07 14:24:53.169405, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg [2013/11/07 14:24:53.169556, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) Created internal pipe \winreg [2013/11/07 14:24:53.169676, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:24:53.170187, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2013/11/07 14:24:53.170273, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(2016, 5001) : sec_ctx_stack_ndx = 2 [2013/11/07 14:24:53.170362, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:485(push_conn_ctx) push_conn_ctx(2620291195) : conn_ctx_stack_ndx = 0 [2013/11/07 14:24:53.170443, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/11/07 14:24:53.170523, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/11/07 14:24:53.170603, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/11/07 14:24:53.170861, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (2016, 5001) - sec_ctx_stack_ndx = 1 [2013/11/07 14:24:53.170946, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:866(regdb_open) regdb_open: registry db opened. refcount reset (1) [2013/11/07 14:24:53.171032, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2013/11/07 14:24:53.171113, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2013/11/07 14:24:53.171196, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:53.171275, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM] [2013/11/07 14:24:53.171405, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2013/11/07 14:24:53.171508, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:24:53.171625, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 24 01 00 00 00 00 00 00 7B 52 A5 94 ....$... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.171779, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000124-0000-0000-7b52-a5947f2c0000 result : WERR_OK [2013/11/07 14:24:53.172144, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000124-0000-0000-7b52-a5947f2c0000 keyname: struct winreg_String name_len : 0x008c (140) name_size : 0x008c (140) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:24:53.173213, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 24 01 00 00 00 00 00 00 7B 52 A5 94 ....$... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.173385, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2013/11/07 14:24:53.173467, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (1->2) [2013/11/07 14:24:53.173551, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2013/11/07 14:24:53.173630, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2013/11/07 14:24:53.173714, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:53.173792, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE] [2013/11/07 14:24:53.173905, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2013/11/07 14:24:53.174020, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2013/11/07 14:24:53.174102, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (2->3) [2013/11/07 14:24:53.174186, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:53.174266, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:53.174349, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:53.174428, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:53.174532, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:53.174632, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2013/11/07 14:24:53.174713, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (3->4) [2013/11/07 14:24:53.174797, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:53.174876, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:53.174960, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:53.175038, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:53.175139, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:53.175243, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2013/11/07 14:24:53.175325, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (4->5) [2013/11/07 14:24:53.175409, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:53.175488, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:53.175573, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:53.175652, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:53.175791, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2013/11/07 14:24:53.175874, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (5->6) [2013/11/07 14:24:53.175958, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:53.176039, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:53.176127, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:53.176206, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:53.176314, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2013/11/07 14:24:53.176427, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (6->7) [2013/11/07 14:24:53.176518, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:53.176599, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:53.176686, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:53.176765, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:53.176869, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:53.176971, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [sprinter1] [2013/11/07 14:24:53.177053, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (7->8) [2013/11/07 14:24:53.177138, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:53.177220, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:53.177320, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:53.177401, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:53.177542, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:53.177646, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:24:53.177731, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (8->7) [2013/11/07 14:24:53.177814, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (7->6) [2013/11/07 14:24:53.177898, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (6->5) [2013/11/07 14:24:53.177980, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (5->4) [2013/11/07 14:24:53.178062, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (4->3) [2013/11/07 14:24:53.178145, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (3->2) [2013/11/07 14:24:53.178229, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 25 01 00 00 00 00 00 00 7B 52 A5 94 ....%... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.178377, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000125-0000-0000-7b52-a5947f2c0000 result : WERR_OK [2013/11/07 14:24:53.178729, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey in: struct winreg_QueryInfoKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000125-0000-0000-7b52-a5947f2c0000 classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL [2013/11/07 14:24:53.179199, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 25 01 00 00 00 00 00 00 7B 52 A5 94 ....%... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.179355, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' (ops 0xb6d86bc0) [2013/11/07 14:24:53.179451, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:53.179570, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[0]: name[Attributes] len[4] [2013/11/07 14:24:53.179655, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[1]: name[Description] len[2] [2013/11/07 14:24:53.179738, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[2]: name[Datatype] len[8] [2013/11/07 14:24:53.179822, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[3]: name[Default Priority] len[4] [2013/11/07 14:24:53.179906, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[4]: name[Port] len[38] [2013/11/07 14:24:53.179991, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[5]: name[Name] len[20] [2013/11/07 14:24:53.180074, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[6]: name[Print Processor] len[18] [2013/11/07 14:24:53.180159, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[7]: name[Priority] len[4] [2013/11/07 14:24:53.180243, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[8]: name[Security] len[248] [2013/11/07 14:24:53.180328, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[9]: name[Share Name] len[20] [2013/11/07 14:24:53.180479, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[10]: name[StartTime] len[4] [2013/11/07 14:24:53.180566, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[11]: name[UntilTime] len[4] [2013/11/07 14:24:53.180651, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[12]: name[ChangeID] len[4] [2013/11/07 14:24:53.180737, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:53.180842, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey out: struct winreg_QueryInfoKey classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL num_subkeys : * num_subkeys : 0x00000003 (3) max_subkeylen : * max_subkeylen : 0x00000022 (34) max_classlen : * max_classlen : 0x00000000 (0) num_values : * num_values : 0x0000000d (13) max_valnamelen : * max_valnamelen : 0x00000022 (34) max_valbufsize : * max_valbufsize : 0x000000f8 (248) secdescsize : * secdescsize : 0x00000078 (120) last_changed_time : * last_changed_time : NTTIME(0) result : WERR_OK [2013/11/07 14:24:53.181881, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000125-0000-0000-7b52-a5947f2c0000 enum_index : 0x00000000 (0) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:53.182729, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 25 01 00 00 00 00 00 00 7B 52 A5 94 ....%... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.182879, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:53.182968, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0016 (22) size : 0x0024 (36) name : * name : 'Attributes' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x48 (72) [1] : 0x10 (16) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:53.183835, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000125-0000-0000-7b52-a5947f2c0000 enum_index : 0x00000001 (1) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:53.184749, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 25 01 00 00 00 00 00 00 7B 52 A5 94 ....%... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.184898, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:53.184985, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0018 (24) size : 0x0024 (36) name : * name : 'Description' type : * type : REG_SZ (1) value : * value: ARRAY(2) [0] : 0x00 (0) [1] : 0x00 (0) size : * size : 0x00000002 (2) length : * length : 0x00000002 (2) result : WERR_OK [2013/11/07 14:24:53.185789, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000125-0000-0000-7b52-a5947f2c0000 enum_index : 0x00000002 (2) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:53.186634, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 25 01 00 00 00 00 00 00 7B 52 A5 94 ....%... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.186795, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:53.186882, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Datatype' type : * type : REG_SZ (1) value : * value: ARRAY(8) [0] : 0x52 (82) [1] : 0x00 (0) [2] : 0x41 (65) [3] : 0x00 (0) [4] : 0x57 (87) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) size : * size : 0x00000008 (8) length : * length : 0x00000008 (8) result : WERR_OK [2013/11/07 14:24:53.187894, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000125-0000-0000-7b52-a5947f2c0000 enum_index : 0x00000003 (3) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:53.188770, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 25 01 00 00 00 00 00 00 7B 52 A5 94 ....%... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.188922, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:53.189009, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0022 (34) size : 0x0024 (36) name : * name : 'Default Priority' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:53.189897, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000125-0000-0000-7b52-a5947f2c0000 enum_index : 0x00000004 (4) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:53.190750, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 25 01 00 00 00 00 00 00 7B 52 A5 94 ....%... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.190898, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:53.190983, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x000a (10) size : 0x0024 (36) name : * name : 'Port' type : * type : REG_SZ (1) value : * value: ARRAY(38) [0] : 0x53 (83) [1] : 0x00 (0) [2] : 0x61 (97) [3] : 0x00 (0) [4] : 0x6d (109) [5] : 0x00 (0) [6] : 0x62 (98) [7] : 0x00 (0) [8] : 0x61 (97) [9] : 0x00 (0) [10] : 0x20 (32) [11] : 0x00 (0) [12] : 0x50 (80) [13] : 0x00 (0) [14] : 0x72 (114) [15] : 0x00 (0) [16] : 0x69 (105) [17] : 0x00 (0) [18] : 0x6e (110) [19] : 0x00 (0) [20] : 0x74 (116) [21] : 0x00 (0) [22] : 0x65 (101) [23] : 0x00 (0) [24] : 0x72 (114) [25] : 0x00 (0) [26] : 0x20 (32) [27] : 0x00 (0) [28] : 0x50 (80) [29] : 0x00 (0) [30] : 0x6f (111) [31] : 0x00 (0) [32] : 0x72 (114) [33] : 0x00 (0) [34] : 0x74 (116) [35] : 0x00 (0) [36] : 0x00 (0) [37] : 0x00 (0) size : * size : 0x00000026 (38) length : * length : 0x00000026 (38) result : WERR_OK [2013/11/07 14:24:53.193208, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000125-0000-0000-7b52-a5947f2c0000 enum_index : 0x00000005 (5) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:53.194083, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 25 01 00 00 00 00 00 00 7B 52 A5 94 ....%... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.194232, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:53.194322, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x000a (10) size : 0x0024 (36) name : * name : 'Name' type : * type : REG_SZ (1) value : * value: ARRAY(20) [0] : 0x73 (115) [1] : 0x00 (0) [2] : 0x70 (112) [3] : 0x00 (0) [4] : 0x72 (114) [5] : 0x00 (0) [6] : 0x69 (105) [7] : 0x00 (0) [8] : 0x6e (110) [9] : 0x00 (0) [10] : 0x74 (116) [11] : 0x00 (0) [12] : 0x65 (101) [13] : 0x00 (0) [14] : 0x72 (114) [15] : 0x00 (0) [16] : 0x31 (49) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) size : * size : 0x00000014 (20) length : * length : 0x00000014 (20) result : WERR_OK [2013/11/07 14:24:53.195825, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000125-0000-0000-7b52-a5947f2c0000 enum_index : 0x00000006 (6) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:53.196694, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 25 01 00 00 00 00 00 00 7B 52 A5 94 ....%... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.196842, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:53.196929, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0020 (32) size : 0x0024 (36) name : * name : 'Print Processor' type : * type : REG_SZ (1) value : * value: ARRAY(18) [0] : 0x77 (119) [1] : 0x00 (0) [2] : 0x69 (105) [3] : 0x00 (0) [4] : 0x6e (110) [5] : 0x00 (0) [6] : 0x70 (112) [7] : 0x00 (0) [8] : 0x72 (114) [9] : 0x00 (0) [10] : 0x69 (105) [11] : 0x00 (0) [12] : 0x6e (110) [13] : 0x00 (0) [14] : 0x74 (116) [15] : 0x00 (0) [16] : 0x00 (0) [17] : 0x00 (0) size : * size : 0x00000012 (18) length : * length : 0x00000012 (18) result : WERR_OK [2013/11/07 14:24:53.198358, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000125-0000-0000-7b52-a5947f2c0000 enum_index : 0x00000007 (7) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:53.199199, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 25 01 00 00 00 00 00 00 7B 52 A5 94 ....%... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.199347, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:53.199434, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Priority' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:53.200317, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000125-0000-0000-7b52-a5947f2c0000 enum_index : 0x00000008 (8) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:53.201185, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 25 01 00 00 00 00 00 00 7B 52 A5 94 ....%... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.201350, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:53.201438, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Security' type : * type : REG_BINARY (3) value : * value: ARRAY(248) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0xc4 (196) [55] : 0x00 (0) [56] : 0x07 (7) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x24 (36) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x05 (5) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x15 (21) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0xcd (205) [101] : 0x0e (14) [102] : 0x37 (55) [103] : 0x41 (65) [104] : 0xea (234) [105] : 0x03 (3) [106] : 0x00 (0) [107] : 0x1d (29) [108] : 0x0e (14) [109] : 0x89 (137) [110] : 0x3c (60) [111] : 0xd2 (210) [112] : 0x00 (0) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x02 (2) [118] : 0x24 (36) [119] : 0x00 (0) [120] : 0x0c (12) [121] : 0x00 (0) [122] : 0x0f (15) [123] : 0x10 (16) [124] : 0x01 (1) [125] : 0x05 (5) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x05 (5) [132] : 0x15 (21) [133] : 0x00 (0) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0xcd (205) [137] : 0x0e (14) [138] : 0x37 (55) [139] : 0x41 (65) [140] : 0xea (234) [141] : 0x03 (3) [142] : 0x00 (0) [143] : 0x1d (29) [144] : 0x0e (14) [145] : 0x89 (137) [146] : 0x3c (60) [147] : 0xd2 (210) [148] : 0x00 (0) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x09 (9) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x20 (32) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x02 (2) [178] : 0x18 (24) [179] : 0x00 (0) [180] : 0x0c (12) [181] : 0x00 (0) [182] : 0x0f (15) [183] : 0x10 (16) [184] : 0x01 (1) [185] : 0x02 (2) [186] : 0x00 (0) [187] : 0x00 (0) [188] : 0x00 (0) [189] : 0x00 (0) [190] : 0x00 (0) [191] : 0x05 (5) [192] : 0x20 (32) [193] : 0x00 (0) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x20 (32) [197] : 0x02 (2) [198] : 0x00 (0) [199] : 0x00 (0) [200] : 0x00 (0) [201] : 0x09 (9) [202] : 0x18 (24) [203] : 0x00 (0) [204] : 0x0c (12) [205] : 0x00 (0) [206] : 0x0f (15) [207] : 0x10 (16) [208] : 0x01 (1) [209] : 0x02 (2) [210] : 0x00 (0) [211] : 0x00 (0) [212] : 0x00 (0) [213] : 0x00 (0) [214] : 0x00 (0) [215] : 0x05 (5) [216] : 0x20 (32) [217] : 0x00 (0) [218] : 0x00 (0) [219] : 0x00 (0) [220] : 0x26 (38) [221] : 0x02 (2) [222] : 0x00 (0) [223] : 0x00 (0) [224] : 0x00 (0) [225] : 0x02 (2) [226] : 0x18 (24) [227] : 0x00 (0) [228] : 0x0c (12) [229] : 0x00 (0) [230] : 0x0f (15) [231] : 0x10 (16) [232] : 0x01 (1) [233] : 0x02 (2) [234] : 0x00 (0) [235] : 0x00 (0) [236] : 0x00 (0) [237] : 0x00 (0) [238] : 0x00 (0) [239] : 0x05 (5) [240] : 0x20 (32) [241] : 0x00 (0) [242] : 0x00 (0) [243] : 0x00 (0) [244] : 0x26 (38) [245] : 0x02 (2) [246] : 0x00 (0) [247] : 0x00 (0) size : * size : 0x000000f8 (248) length : * length : 0x000000f8 (248) result : WERR_OK [2013/11/07 14:24:53.212041, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000125-0000-0000-7b52-a5947f2c0000 enum_index : 0x00000009 (9) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:53.212928, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 25 01 00 00 00 00 00 00 7B 52 A5 94 ....%... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.213078, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:53.213166, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0016 (22) size : 0x0024 (36) name : * name : 'Share Name' type : * type : REG_SZ (1) value : * value: ARRAY(20) [0] : 0x73 (115) [1] : 0x00 (0) [2] : 0x70 (112) [3] : 0x00 (0) [4] : 0x72 (114) [5] : 0x00 (0) [6] : 0x69 (105) [7] : 0x00 (0) [8] : 0x6e (110) [9] : 0x00 (0) [10] : 0x74 (116) [11] : 0x00 (0) [12] : 0x65 (101) [13] : 0x00 (0) [14] : 0x72 (114) [15] : 0x00 (0) [16] : 0x31 (49) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) size : * size : 0x00000014 (20) length : * length : 0x00000014 (20) result : WERR_OK [2013/11/07 14:24:53.214757, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000125-0000-0000-7b52-a5947f2c0000 enum_index : 0x0000000a (10) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:53.215672, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 25 01 00 00 00 00 00 00 7B 52 A5 94 ....%... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.215875, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:53.215964, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0014 (20) size : 0x0024 (36) name : * name : 'StartTime' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:53.216875, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000125-0000-0000-7b52-a5947f2c0000 enum_index : 0x0000000b (11) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:53.217909, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 25 01 00 00 00 00 00 00 7B 52 A5 94 ....%... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.218062, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:53.218154, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0014 (20) size : 0x0024 (36) name : * name : 'UntilTime' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:53.219034, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000125-0000-0000-7b52-a5947f2c0000 enum_index : 0x0000000c (12) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:53.219909, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 25 01 00 00 00 00 00 00 7B 52 A5 94 ....%... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.220057, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:53.220143, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'ChangeID' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x33 (51) [1] : 0xac (172) [2] : 0x0e (14) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:53.221103, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000125-0000-0000-7b52-a5947f2c0000 value_name : * value_name: struct winreg_String name_len : 0x0020 (32) name_size : 0x0020 (32) name : * name : 'Default DevMode' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2013/11/07 14:24:53.221889, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 25 01 00 00 00 00 00 00 7B 52 A5 94 ....%... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.222038, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:53.222120, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2013/11/07 14:24:53.222223, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:316(_winreg_QueryValue) _winreg_QueryValue: reg_queryvalue failed with: WERR_BADFILE [2013/11/07 14:24:53.222305, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) result : WERR_BADFILE [2013/11/07 14:24:53.222762, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:24:53.223270, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2013/11/07 14:24:53.223354, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (2->3) [2013/11/07 14:24:53.223440, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2013/11/07 14:24:53.223520, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2013/11/07 14:24:53.223604, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:53.223683, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM] [2013/11/07 14:24:53.223809, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2013/11/07 14:24:53.223913, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:24:53.224002, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[3] [0000] 00 00 00 00 26 01 00 00 00 00 00 00 7B 52 A5 94 ....&... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.224151, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000126-0000-0000-7b52-a5947f2c0000 result : WERR_OK [2013/11/07 14:24:53.224528, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000126-0000-0000-7b52-a5947f2c0000 keyname: struct winreg_String name_len : 0x008c (140) name_size : 0x008c (140) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:24:53.225560, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 26 01 00 00 00 00 00 00 7B 52 A5 94 ....&... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.225716, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2013/11/07 14:24:53.225798, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (3->4) [2013/11/07 14:24:53.225882, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2013/11/07 14:24:53.225961, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2013/11/07 14:24:53.226045, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:53.226124, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE] [2013/11/07 14:24:53.226236, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2013/11/07 14:24:53.226336, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2013/11/07 14:24:53.226418, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (4->5) [2013/11/07 14:24:53.226502, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:53.226581, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:53.226664, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:53.226743, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:53.226864, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:53.226964, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2013/11/07 14:24:53.227047, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (5->6) [2013/11/07 14:24:53.227131, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:53.227210, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:53.227295, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:53.227373, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:53.227475, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:53.227575, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2013/11/07 14:24:53.227657, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (6->7) [2013/11/07 14:24:53.227742, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:53.227822, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:53.227907, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:53.227986, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:53.228110, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2013/11/07 14:24:53.228192, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (7->8) [2013/11/07 14:24:53.228279, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:53.228360, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:53.228476, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:53.228570, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:53.228679, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2013/11/07 14:24:53.228762, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (8->9) [2013/11/07 14:24:53.228847, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:53.228928, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:53.229017, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:53.229097, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:53.229203, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:53.229336, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [sprinter1] [2013/11/07 14:24:53.229421, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (9->10) [2013/11/07 14:24:53.229506, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:53.229587, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:53.229675, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:53.229753, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:53.229867, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:53.229969, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:24:53.230054, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (10->9) [2013/11/07 14:24:53.230138, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (9->8) [2013/11/07 14:24:53.230236, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (8->7) [2013/11/07 14:24:53.230319, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (7->6) [2013/11/07 14:24:53.230402, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (6->5) [2013/11/07 14:24:53.230486, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (5->4) [2013/11/07 14:24:53.230570, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[4] [0000] 00 00 00 00 27 01 00 00 00 00 00 00 7B 52 A5 94 ....'... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.230721, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000127-0000-0000-7b52-a5947f2c0000 result : WERR_OK [2013/11/07 14:24:53.231075, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000127-0000-0000-7b52-a5947f2c0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2013/11/07 14:24:53.231849, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 27 01 00 00 00 00 00 00 7B 52 A5 94 ....'... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.231997, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:53.232079, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2013/11/07 14:24:53.232162, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' (ops 0xb6d86bc0) [2013/11/07 14:24:53.232245, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:53.232366, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[0]: name[Attributes] len[4] [2013/11/07 14:24:53.232482, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[1]: name[Description] len[2] [2013/11/07 14:24:53.232566, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[2]: name[Datatype] len[8] [2013/11/07 14:24:53.232650, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[3]: name[Default Priority] len[4] [2013/11/07 14:24:53.232735, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[4]: name[Port] len[38] [2013/11/07 14:24:53.232819, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[5]: name[Name] len[20] [2013/11/07 14:24:53.232903, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[6]: name[Print Processor] len[18] [2013/11/07 14:24:53.232988, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[7]: name[Priority] len[4] [2013/11/07 14:24:53.233073, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[8]: name[Security] len[248] [2013/11/07 14:24:53.233157, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[9]: name[Share Name] len[20] [2013/11/07 14:24:53.233242, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[10]: name[StartTime] len[4] [2013/11/07 14:24:53.233339, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[11]: name[UntilTime] len[4] [2013/11/07 14:24:53.233423, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[12]: name[ChangeID] len[4] [2013/11/07 14:24:53.233510, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : NULL data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x00000000 (0) result : WERR_OK [2013/11/07 14:24:53.233964, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000127-0000-0000-7b52-a5947f2c0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_BINARY (3) data : * data: ARRAY(0) data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x00000000 (0) [2013/11/07 14:24:53.234792, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 27 01 00 00 00 00 00 00 7B 52 A5 94 ....'... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.234941, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:53.235022, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2013/11/07 14:24:53.235110, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : * data: ARRAY(248) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0xc4 (196) [55] : 0x00 (0) [56] : 0x07 (7) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x24 (36) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x05 (5) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x15 (21) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0xcd (205) [101] : 0x0e (14) [102] : 0x37 (55) [103] : 0x41 (65) [104] : 0xea (234) [105] : 0x03 (3) [106] : 0x00 (0) [107] : 0x1d (29) [108] : 0x0e (14) [109] : 0x89 (137) [110] : 0x3c (60) [111] : 0xd2 (210) [112] : 0x00 (0) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x02 (2) [118] : 0x24 (36) [119] : 0x00 (0) [120] : 0x0c (12) [121] : 0x00 (0) [122] : 0x0f (15) [123] : 0x10 (16) [124] : 0x01 (1) [125] : 0x05 (5) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x05 (5) [132] : 0x15 (21) [133] : 0x00 (0) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0xcd (205) [137] : 0x0e (14) [138] : 0x37 (55) [139] : 0x41 (65) [140] : 0xea (234) [141] : 0x03 (3) [142] : 0x00 (0) [143] : 0x1d (29) [144] : 0x0e (14) [145] : 0x89 (137) [146] : 0x3c (60) [147] : 0xd2 (210) [148] : 0x00 (0) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x09 (9) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x20 (32) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x02 (2) [178] : 0x18 (24) [179] : 0x00 (0) [180] : 0x0c (12) [181] : 0x00 (0) [182] : 0x0f (15) [183] : 0x10 (16) [184] : 0x01 (1) [185] : 0x02 (2) [186] : 0x00 (0) [187] : 0x00 (0) [188] : 0x00 (0) [189] : 0x00 (0) [190] : 0x00 (0) [191] : 0x05 (5) [192] : 0x20 (32) [193] : 0x00 (0) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x20 (32) [197] : 0x02 (2) [198] : 0x00 (0) [199] : 0x00 (0) [200] : 0x00 (0) [201] : 0x09 (9) [202] : 0x18 (24) [203] : 0x00 (0) [204] : 0x0c (12) [205] : 0x00 (0) [206] : 0x0f (15) [207] : 0x10 (16) [208] : 0x01 (1) [209] : 0x02 (2) [210] : 0x00 (0) [211] : 0x00 (0) [212] : 0x00 (0) [213] : 0x00 (0) [214] : 0x00 (0) [215] : 0x05 (5) [216] : 0x20 (32) [217] : 0x00 (0) [218] : 0x00 (0) [219] : 0x00 (0) [220] : 0x26 (38) [221] : 0x02 (2) [222] : 0x00 (0) [223] : 0x00 (0) [224] : 0x00 (0) [225] : 0x02 (2) [226] : 0x18 (24) [227] : 0x00 (0) [228] : 0x0c (12) [229] : 0x00 (0) [230] : 0x0f (15) [231] : 0x10 (16) [232] : 0x01 (1) [233] : 0x02 (2) [234] : 0x00 (0) [235] : 0x00 (0) [236] : 0x00 (0) [237] : 0x00 (0) [238] : 0x00 (0) [239] : 0x05 (5) [240] : 0x20 (32) [241] : 0x00 (0) [242] : 0x00 (0) [243] : 0x00 (0) [244] : 0x26 (38) [245] : 0x02 (2) [246] : 0x00 (0) [247] : 0x00 (0) data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x000000f8 (248) result : WERR_OK [2013/11/07 14:24:53.245617, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000127-0000-0000-7b52-a5947f2c0000 [2013/11/07 14:24:53.245904, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 27 01 00 00 00 00 00 00 7B 52 A5 94 ....'... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.246054, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 27 01 00 00 00 00 00 00 7B 52 A5 94 ....'... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.246201, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:24:53.246288, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (4->3) [2013/11/07 14:24:53.246371, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:24:53.246709, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000126-0000-0000-7b52-a5947f2c0000 [2013/11/07 14:24:53.246987, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 26 01 00 00 00 00 00 00 7B 52 A5 94 ....&... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.247140, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 26 01 00 00 00 00 00 00 7B 52 A5 94 ....&... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.247291, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:24:53.247374, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (3->2) [2013/11/07 14:24:53.247455, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:24:53.247816, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000125-0000-0000-7b52-a5947f2c0000 [2013/11/07 14:24:53.248096, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 25 01 00 00 00 00 00 00 7B 52 A5 94 ....%... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.248247, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 25 01 00 00 00 00 00 00 7B 52 A5 94 ....%... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.249445, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:24:53.249561, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (2->1) [2013/11/07 14:24:53.249647, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:24:53.250109, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000124-0000-0000-7b52-a5947f2c0000 [2013/11/07 14:24:53.250514, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 24 01 00 00 00 00 00 00 7B 52 A5 94 ....$... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.250664, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 24 01 00 00 00 00 00 00 7B 52 A5 94 ....$... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.250810, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:24:53.250893, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (1->0) [2013/11/07 14:24:53.251024, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:24:53.251494, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:416(close_policy_by_pipe) Deleted handle list for RPC connection \winreg [2013/11/07 14:24:53.251776, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) spoolss_GetPrinter: struct spoolss_GetPrinter out: struct spoolss_GetPrinter info : * info : union spoolss_PrinterInfo(case 2) info2: struct spoolss_PrinterInfo2 servername : * servername : '\\SLAVER' printername : * printername : '\\SLAVER\sprinter1' sharename : * sharename : 'sprinter1' portname : * portname : 'Samba Printer Port' drivername : * drivername : '' comment : * comment : '' location : * location : '' devmode : * devmode: struct spoolss_DeviceMode devicename : '\\SLAVER\sprinter1' specversion : DMSPEC_NT4_AND_ABOVE (1025) driverversion : 0x0400 (1024) size : 0x00dc (220) __driverextra_length : 0x0000 (0) fields : 0x00014713 (83731) 1: DEVMODE_ORIENTATION 1: DEVMODE_PAPERSIZE 0: DEVMODE_PAPERLENGTH 0: DEVMODE_PAPERWIDTH 1: DEVMODE_SCALE 0: DEVMODE_POSITION 0: DEVMODE_NUP 1: DEVMODE_COPIES 1: DEVMODE_DEFAULTSOURCE 1: DEVMODE_PRINTQUALITY 0: DEVMODE_COLOR 0: DEVMODE_DUPLEX 0: DEVMODE_YRESOLUTION 1: DEVMODE_TTOPTION 0: DEVMODE_COLLATE 1: DEVMODE_FORMNAME 0: DEVMODE_LOGPIXELS 0: DEVMODE_BITSPERPEL 0: DEVMODE_PELSWIDTH 0: DEVMODE_PELSHEIGHT 0: DEVMODE_DISPLAYFLAGS 0: DEVMODE_DISPLAYFREQUENCY 0: DEVMODE_ICMMETHOD 0: DEVMODE_ICMINTENT 0: DEVMODE_MEDIATYPE 0: DEVMODE_DITHERTYPE 0: DEVMODE_PANNINGWIDTH 0: DEVMODE_PANNINGHEIGHT orientation : DMORIENT_PORTRAIT (1) papersize : DMPAPER_LETTER (1) paperlength : 0x0000 (0) paperwidth : 0x0000 (0) scale : 0x0064 (100) copies : 0x0001 (1) defaultsource : DMBIN_FORMSOURCE (15) printquality : DMRES_HIGH (65532) color : DMRES_MONOCHROME (1) duplex : DMDUP_SIMPLEX (1) yresolution : 0x0000 (0) ttoption : DMTT_SUBDEV (3) collate : DMCOLLATE_FALSE (0) formname : 'Letter' logpixels : 0x0000 (0) bitsperpel : 0x00000000 (0) pelswidth : 0x00000000 (0) pelsheight : 0x00000000 (0) displayflags : UNKNOWN_ENUM_VALUE (0) displayfrequency : 0x00000000 (0) icmmethod : UNKNOWN_ENUM_VALUE (0) icmintent : UNKNOWN_ENUM_VALUE (0) mediatype : UNKNOWN_ENUM_VALUE (0) dithertype : UNKNOWN_ENUM_VALUE (0) reserved1 : 0x00000000 (0) reserved2 : 0x00000000 (0) panningwidth : 0x00000000 (0) panningheight : 0x00000000 (0) driverextra_data : DATA_BLOB length=0 sepfile : * sepfile : '' printprocessor : * printprocessor : 'winprint' datatype : * datatype : 'RAW' parameters : * parameters : '' secdesc : * secdesc: struct security_descriptor revision : SECURITY_DESCRIPTOR_REVISION_1 (1) type : 0x8004 (32772) 0: SEC_DESC_OWNER_DEFAULTED 0: SEC_DESC_GROUP_DEFAULTED 1: SEC_DESC_DACL_PRESENT 0: SEC_DESC_DACL_DEFAULTED 0: SEC_DESC_SACL_PRESENT 0: SEC_DESC_SACL_DEFAULTED 0: SEC_DESC_DACL_TRUSTED 0: SEC_DESC_SERVER_SECURITY 0: SEC_DESC_DACL_AUTO_INHERIT_REQ 0: SEC_DESC_SACL_AUTO_INHERIT_REQ 0: SEC_DESC_DACL_AUTO_INHERITED 0: SEC_DESC_SACL_AUTO_INHERITED 0: SEC_DESC_DACL_PROTECTED 0: SEC_DESC_SACL_PROTECTED 0: SEC_DESC_RM_CONTROL_VALID 1: SEC_DESC_SELF_RELATIVE owner_sid : * owner_sid : S-1-5-32-544 group_sid : * group_sid : S-1-5-32-544 sacl : NULL dacl : * dacl: struct security_acl revision : SECURITY_ACL_REVISION_NT4 (2) size : 0x00c4 (196) num_aces : 0x00000007 (7) aces: ARRAY(7) aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0014 (20) access_mask : 0x20020008 (537001992) object : union security_ace_object_ctr(case 0) trustee : S-1-1-0 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x09 (9) 1: SEC_ACE_FLAG_OBJECT_INHERIT 0: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 1: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0024 (36) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-21-1094127309-486540266-3527182606-512 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0024 (36) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-21-1094127309-486540266-3527182606-512 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x09 (9) 1: SEC_ACE_FLAG_OBJECT_INHERIT 0: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 1: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-544 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-544 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x09 (9) 1: SEC_ACE_FLAG_OBJECT_INHERIT 0: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 1: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-550 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-550 attributes : 0x00001048 (4168) 0: PRINTER_ATTRIBUTE_QUEUED 0: PRINTER_ATTRIBUTE_DIRECT 0: PRINTER_ATTRIBUTE_DEFAULT 1: PRINTER_ATTRIBUTE_SHARED 0: PRINTER_ATTRIBUTE_NETWORK 0: PRINTER_ATTRIBUTE_HIDDEN 1: PRINTER_ATTRIBUTE_LOCAL 0: PRINTER_ATTRIBUTE_ENABLE_DEVQ 0: PRINTER_ATTRIBUTE_KEEPPRINTEDJOBS 0: PRINTER_ATTRIBUTE_DO_COMPLETE_FIRST 0: PRINTER_ATTRIBUTE_WORK_OFFLINE 0: PRINTER_ATTRIBUTE_ENABLE_BIDI 1: PRINTER_ATTRIBUTE_RAW_ONLY 0: PRINTER_ATTRIBUTE_PUBLISHED 0: PRINTER_ATTRIBUTE_FAX 0: PRINTER_ATTRIBUTE_TS priority : 0x00000001 (1) defaultpriority : 0x00000001 (1) starttime : 0x00000000 (0) untiltime : 0x00000000 (0) status : 0x00000000 (0) 0: PRINTER_STATUS_PAUSED 0: PRINTER_STATUS_ERROR 0: PRINTER_STATUS_PENDING_DELETION 0: PRINTER_STATUS_PAPER_JAM 0: PRINTER_STATUS_PAPER_OUT 0: PRINTER_STATUS_MANUAL_FEED 0: PRINTER_STATUS_PAPER_PROBLEM 0: PRINTER_STATUS_OFFLINE 0: PRINTER_STATUS_IO_ACTIVE 0: PRINTER_STATUS_BUSY 0: PRINTER_STATUS_PRINTING 0: PRINTER_STATUS_OUTPUT_BIN_FULL 0: PRINTER_STATUS_NOT_AVAILABLE 0: PRINTER_STATUS_WAITING 0: PRINTER_STATUS_PROCESSING 0: PRINTER_STATUS_INITIALIZING 0: PRINTER_STATUS_WARMING_UP 0: PRINTER_STATUS_TONER_LOW 0: PRINTER_STATUS_NO_TONER 0: PRINTER_STATUS_PAGE_PUNT 0: PRINTER_STATUS_USER_INTERVENTION 0: PRINTER_STATUS_OUT_OF_MEMORY 0: PRINTER_STATUS_DOOR_OPEN 0: PRINTER_STATUS_SERVER_UNKNOWN 0: PRINTER_STATUS_POWER_SAVE cjobs : 0x00000000 (0) averageppm : 0x00000000 (0) needed : * needed : 0x000002f0 (752) result : WERR_OK [2013/11/07 14:24:53.264007, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1417(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2013/11/07 14:24:53.264149, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (2016, 5001) - sec_ctx_stack_ndx = 0 [2013/11/07 14:24:53.264238, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 4140 smbd_smb2_request_pending_queue: req->current_idx = 1 req->in.vector[0].iov_len = 0 req->in.vector[1].iov_len = 0 req->in.vector[2].iov_len = 64 req->in.vector[3].iov_len = 56 req->in.vector[4].iov_len = 4156 req->out.vector[0].iov_len = 4 req->out.vector[1].iov_len = 0 req->out.vector[2].iov_len = 64 req->out.vector[3].iov_len = 8 req->out.vector[4].iov_len = 0 [2013/11/07 14:24:53.264805, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:128(smbd_smb2_ioctl_pipe_write_done) smbd_smb2_ioctl_pipe_write_done: received 4156 [2013/11/07 14:24:53.264890, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:149(smbd_smb2_ioctl_pipe_write_done) smbd_smb2_ioctl_pipe_write_done: issuing np_read_send of size 4136 [2013/11/07 14:24:53.264976, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) name: \spoolss len: 4136 [2013/11/07 14:24:53.265059, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:347(read_from_internal_pipe) read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 4112. [2013/11/07 14:24:53.265158, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x1028 (4136) auth_length : 0x0000 (0) call_id : 0x00000007 (7) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00001010 (4112) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=4112 [0000] 04 00 02 00 00 10 00 00 EE 0F 00 00 C8 0F 00 00 ........ ........ [0010] B4 0F 00 00 8E 0F 00 00 8C 0F 00 00 8A 0F 00 00 ........ ........ [0020] 88 0F 00 00 8C 0E 00 00 86 0F 00 00 74 0F 00 00 ........ ....t... [0030] 6C 0F 00 00 6A 0F 00 00 94 0D 00 00 48 10 00 00 l...j... ....H... [0040] 01 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 01 00 04 80 ........ ........ [0DA0] D8 00 00 00 E8 00 00 00 00 00 00 00 14 00 00 00 ........ ........ [0DB0] 02 00 C4 00 07 00 00 00 00 02 14 00 08 00 02 20 ........ ....... [0DC0] 01 01 00 00 00 00 00 01 00 00 00 00 00 09 24 00 ........ ......$. [0DD0] 0C 00 0F 10 01 05 00 00 00 00 00 05 15 00 00 00 ........ ........ [0DE0] CD 0E 37 41 EA 03 00 1D 0E 89 3C D2 00 02 00 00 ..7A.... ..<..... [0DF0] 00 02 24 00 0C 00 0F 10 01 05 00 00 00 00 00 05 ..$..... ........ [0E00] 15 00 00 00 CD 0E 37 41 EA 03 00 1D 0E 89 3C D2 ......7A ......<. [0E10] 00 02 00 00 00 09 18 00 0C 00 0F 10 01 02 00 00 ........ ........ [0E20] 00 00 00 05 20 00 00 00 20 02 00 00 00 02 18 00 .... ... ....... [0E30] 0C 00 0F 10 01 02 00 00 00 00 00 05 20 00 00 00 ........ .... ... [0E40] 20 02 00 00 00 09 18 00 0C 00 0F 10 01 02 00 00 ....... ........ [0E50] 00 00 00 05 20 00 00 00 26 02 00 00 00 02 18 00 .... ... &....... [0E60] 0C 00 0F 10 01 02 00 00 00 00 00 05 20 00 00 00 ........ .... ... [0E70] 26 02 00 00 01 02 00 00 00 00 00 05 20 00 00 00 &....... .... ... [0E80] 20 02 00 00 01 02 00 00 00 00 00 05 20 00 00 00 ....... .... ... [0E90] 20 02 00 00 5C 00 5C 00 53 00 4C 00 41 00 56 00 ...\.\. S.L.A.V. [0EA0] 45 00 52 00 5C 00 73 00 70 00 72 00 69 00 6E 00 E.R.\.s. p.r.i.n. [0EB0] 74 00 65 00 72 00 31 00 00 00 00 00 00 00 00 00 t.e.r.1. ........ [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0ED0] 00 00 00 00 01 04 00 04 DC 00 00 00 13 47 01 00 ........ .....G.. [0EE0] 01 00 01 00 00 00 00 00 64 00 01 00 0F 00 FC FF ........ d....... [0EF0] 01 00 01 00 00 00 03 00 00 00 4C 00 65 00 74 00 ........ ..L.e.t. [0F00] 74 00 65 00 72 00 00 00 00 00 00 00 00 00 00 00 t.e.r... ........ [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F70] 00 00 00 00 52 00 41 00 57 00 00 00 77 00 69 00 ....R.A. W...w.i. [0F80] 6E 00 70 00 72 00 69 00 6E 00 74 00 00 00 00 00 n.p.r.i. n.t..... [0F90] 00 00 00 00 00 00 53 00 61 00 6D 00 62 00 61 00 ......S. a.m.b.a. [0FA0] 20 00 50 00 72 00 69 00 6E 00 74 00 65 00 72 00 .P.r.i. n.t.e.r. [0FB0] 20 00 50 00 6F 00 72 00 74 00 00 00 73 00 70 00 .P.o.r. t...s.p. [0FC0] 72 00 69 00 6E 00 74 00 65 00 72 00 31 00 00 00 r.i.n.t. e.r.1... [0FD0] 5C 00 5C 00 53 00 4C 00 41 00 56 00 45 00 52 00 \.\.S.L. A.V.E.R. [0FE0] 5C 00 73 00 70 00 72 00 69 00 6E 00 74 00 65 00 \.s.p.r. i.n.t.e. [0FF0] 72 00 31 00 00 00 5C 00 5C 00 53 00 4C 00 41 00 r.1...\. \.S.L.A. [1000] 56 00 45 00 52 00 00 00 F0 02 00 00 00 00 00 00 V.E.R... ........ [2013/11/07 14:24:53.283552, 3, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) free_pipe_context: destroying talloc pool of size 1258 [2013/11/07 14:24:53.283684, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 4136 bytes. There is no more data outstanding [2013/11/07 14:24:53.283767, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:178(smbd_smb2_ioctl_pipe_read_done) smbd_smb2_ioctl_pipe_read_done: np_read_recv nread = 4136 is_data_outstanding = 0, status = NT_STATUS_OK [2013/11/07 14:24:53.283858, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl.c:291(smbd_smb2_request_ioctl_done) smbd_smb2_request_ioctl_done: smbd_smb2_ioctl_recv returned 4136 status NT_STATUS_OK [2013/11/07 14:24:53.283955, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[48] dyn[yes:4136] at ../source3/smbd/smb2_ioctl.c:358 [2013/11/07 14:24:53.284043, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/174/127 [2013/11/07 14:24:53.288382, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) smbd_smb2_request_incoming: idx[1] of 5 vectors [2013/11/07 14:24:53.288714, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) smb2_validate_sequence_number: clearing id 174 (position 174) from bitmap [2013/11/07 14:24:53.288804, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) smbd_smb2_request_dispatch: opcode[SMB2_OP_IOCTL] mid = 174 [2013/11/07 14:24:53.288924, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2013/11/07 14:24:53.289019, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) mid 174, CreditCharge: 1, NeededCharge: 1 [2013/11/07 14:24:53.289139, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl.c:394(smbd_smb2_ioctl_send) smbd_smb2_ioctl: ctl_code[0x0011c017] spoolss, fnum 3571729150 [2013/11/07 14:24:53.289265, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:59(smb2_ioctl_named_pipe) smbd_smb2_ioctl_send: np_write_send of size 4156 [2013/11/07 14:24:53.289388, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 4156 [2013/11/07 14:24:53.289507, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 4156 [2013/11/07 14:24:53.289621, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 4156 [2013/11/07 14:24:53.289740, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) fill_rpc_header: data_to_copy = 4156, len_needed_to_complete_hdr = 16, receive_len = 0 [2013/11/07 14:24:53.289824, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 16 [2013/11/07 14:24:53.289903, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 4140 [2013/11/07 14:24:53.289982, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 4140 [2013/11/07 14:24:53.290108, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 0 [2013/11/07 14:24:53.290189, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 4140 [2013/11/07 14:24:53.290275, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 4140, incoming data = 4140 [2013/11/07 14:24:53.290386, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) PDU is in Little Endian format! [2013/11/07 14:24:53.290518, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x103c (4156) auth_length : 0x0000 (0) call_id : 0x00000008 (8) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x00001024 (4132) context_id : 0x0000 (0) opnum : 0x0008 (8) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=4132 [0000] 00 00 00 00 0F 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 02 00 00 00 00 00 02 00 00 10 00 00 .,...... ........ [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1020] 00 10 00 00 .... [2013/11/07 14:24:53.311645, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) Processing packet type 0 [2013/11/07 14:24:53.311783, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1472(dcesrv_auth_request) Checking request auth. [2013/11/07 14:24:53.311884, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(2016, 5001) : sec_ctx_stack_ndx = 1 [2013/11/07 14:24:53.311978, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (2016, 5001) - sec_ctx_stack_ndx = 1 [2013/11/07 14:24:53.312063, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (7): SID[ 0]: S-1-5-21-1094127309-486540266-3527182606-1118 SID[ 1]: S-1-5-21-1094127309-486540266-3527182606-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-32-545 SID[ 6]: S-1-5-32-554 Privileges (0x 800000): Privilege[ 0]: SeChangeNotifyPrivilege Rights (0x 400): Right[ 0]: SeRemoteInteractiveLogonRight [2013/11/07 14:24:53.312641, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 2016 Primary group is 5001 and contains 6 supplementary groups Group[ 0]: 5001 Group[ 1]: 5012 Group[ 2]: 5032 Group[ 3]: 5010 Group[ 4]: 5067 Group[ 5]: 5052 [2013/11/07 14:24:53.313026, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1324(api_pipe_request) Requested \spoolss rpc service [2013/11/07 14:24:53.313117, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1356(api_rpcTNP) api_rpcTNP: \spoolss op 0x8 - api_rpcTNP: rpc command: SPOOLSS_GETPRINTER [2013/11/07 14:24:53.313204, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1390(api_rpcTNP) api_rpc_cmds[8].fn == 0xb766e000 [2013/11/07 14:24:53.313325, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) spoolss_GetPrinter: struct spoolss_GetPrinter in: struct spoolss_GetPrinter handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000010f-0000-0000-7b52-a4947f2c0000 level : 0x00000002 (2) buffer : * buffer : DATA_BLOB length=4096 [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ offered : 0x00001000 (4096) [2013/11/07 14:24:53.331679, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0F 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.331867, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0F 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.332017, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:489(get_printer_snum) short name:sprinter1 [2013/11/07 14:24:53.332219, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) Create pipe requested \winreg [2013/11/07 14:24:53.332315, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:221(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \winreg [2013/11/07 14:24:53.332452, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg [2013/11/07 14:24:53.332611, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) Created internal pipe \winreg [2013/11/07 14:24:53.332732, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:24:53.333248, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2013/11/07 14:24:53.333355, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(2016, 5001) : sec_ctx_stack_ndx = 2 [2013/11/07 14:24:53.333445, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:485(push_conn_ctx) push_conn_ctx(2620291195) : conn_ctx_stack_ndx = 0 [2013/11/07 14:24:53.333528, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/11/07 14:24:53.333609, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/11/07 14:24:53.333689, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/11/07 14:24:53.333952, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (2016, 5001) - sec_ctx_stack_ndx = 1 [2013/11/07 14:24:53.334038, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:866(regdb_open) regdb_open: registry db opened. refcount reset (1) [2013/11/07 14:24:53.334125, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2013/11/07 14:24:53.334205, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2013/11/07 14:24:53.334307, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:53.334386, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM] [2013/11/07 14:24:53.334516, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2013/11/07 14:24:53.334620, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:24:53.334709, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 28 01 00 00 00 00 00 00 7B 52 A5 94 ....(... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.334862, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000128-0000-0000-7b52-a5947f2c0000 result : WERR_OK [2013/11/07 14:24:53.335230, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000128-0000-0000-7b52-a5947f2c0000 keyname: struct winreg_String name_len : 0x008c (140) name_size : 0x008c (140) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:24:53.336233, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 28 01 00 00 00 00 00 00 7B 52 A5 94 ....(... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.336433, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2013/11/07 14:24:53.336520, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (1->2) [2013/11/07 14:24:53.336604, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2013/11/07 14:24:53.336698, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2013/11/07 14:24:53.336782, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:53.336860, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE] [2013/11/07 14:24:53.336973, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2013/11/07 14:24:53.337074, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2013/11/07 14:24:53.337155, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (2->3) [2013/11/07 14:24:53.337240, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:53.337364, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:53.337449, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:53.337527, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:53.337637, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:53.337738, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2013/11/07 14:24:53.337819, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (3->4) [2013/11/07 14:24:53.337904, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:53.337982, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:53.338066, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:53.338145, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:53.338247, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:53.338350, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2013/11/07 14:24:53.338432, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (4->5) [2013/11/07 14:24:53.338530, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:53.338610, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:53.338695, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:53.338774, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:53.338900, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2013/11/07 14:24:53.338983, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (5->6) [2013/11/07 14:24:53.339067, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:53.339148, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:53.339236, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:53.339315, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:53.339424, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2013/11/07 14:24:53.339506, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (6->7) [2013/11/07 14:24:53.339592, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:53.339672, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:53.339760, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:53.339838, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:53.339942, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:53.340044, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [sprinter1] [2013/11/07 14:24:53.340127, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (7->8) [2013/11/07 14:24:53.340225, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:53.340306, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:53.340498, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:53.340588, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:53.340719, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:53.340940, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:24:53.341030, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (8->7) [2013/11/07 14:24:53.341157, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (7->6) [2013/11/07 14:24:53.341242, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (6->5) [2013/11/07 14:24:53.341345, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (5->4) [2013/11/07 14:24:53.341428, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (4->3) [2013/11/07 14:24:53.341512, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (3->2) [2013/11/07 14:24:53.341642, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 29 01 00 00 00 00 00 00 7B 52 A5 94 ....)... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.341827, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000129-0000-0000-7b52-a5947f2c0000 result : WERR_OK [2013/11/07 14:24:53.342194, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey in: struct winreg_QueryInfoKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000129-0000-0000-7b52-a5947f2c0000 classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL [2013/11/07 14:24:53.342688, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 29 01 00 00 00 00 00 00 7B 52 A5 94 ....)... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.342846, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' (ops 0xb6d86bc0) [2013/11/07 14:24:53.342930, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:53.343056, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[0]: name[Attributes] len[4] [2013/11/07 14:24:53.343142, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[1]: name[Description] len[2] [2013/11/07 14:24:53.343226, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[2]: name[Datatype] len[8] [2013/11/07 14:24:53.343310, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[3]: name[Default Priority] len[4] [2013/11/07 14:24:53.343394, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[4]: name[Port] len[38] [2013/11/07 14:24:53.343479, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[5]: name[Name] len[20] [2013/11/07 14:24:53.343563, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[6]: name[Print Processor] len[18] [2013/11/07 14:24:53.343648, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[7]: name[Priority] len[4] [2013/11/07 14:24:53.343733, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[8]: name[Security] len[248] [2013/11/07 14:24:53.343817, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[9]: name[Share Name] len[20] [2013/11/07 14:24:53.343902, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[10]: name[StartTime] len[4] [2013/11/07 14:24:53.343988, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[11]: name[UntilTime] len[4] [2013/11/07 14:24:53.344072, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[12]: name[ChangeID] len[4] [2013/11/07 14:24:53.344158, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:53.344277, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey out: struct winreg_QueryInfoKey classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL num_subkeys : * num_subkeys : 0x00000003 (3) max_subkeylen : * max_subkeylen : 0x00000022 (34) max_classlen : * max_classlen : 0x00000000 (0) num_values : * num_values : 0x0000000d (13) max_valnamelen : * max_valnamelen : 0x00000022 (34) max_valbufsize : * max_valbufsize : 0x000000f8 (248) secdescsize : * secdescsize : 0x00000078 (120) last_changed_time : * last_changed_time : NTTIME(0) result : WERR_OK [2013/11/07 14:24:53.345336, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000129-0000-0000-7b52-a5947f2c0000 enum_index : 0x00000000 (0) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:53.346185, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 29 01 00 00 00 00 00 00 7B 52 A5 94 ....)... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.346334, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:53.346423, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0016 (22) size : 0x0024 (36) name : * name : 'Attributes' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x48 (72) [1] : 0x10 (16) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:53.347315, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000129-0000-0000-7b52-a5947f2c0000 enum_index : 0x00000001 (1) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:53.348160, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 29 01 00 00 00 00 00 00 7B 52 A5 94 ....)... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.348308, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:53.348423, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0018 (24) size : 0x0024 (36) name : * name : 'Description' type : * type : REG_SZ (1) value : * value: ARRAY(2) [0] : 0x00 (0) [1] : 0x00 (0) size : * size : 0x00000002 (2) length : * length : 0x00000002 (2) result : WERR_OK [2013/11/07 14:24:53.349211, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000129-0000-0000-7b52-a5947f2c0000 enum_index : 0x00000002 (2) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:53.350098, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 29 01 00 00 00 00 00 00 7B 52 A5 94 ....)... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.350247, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:53.350338, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Datatype' type : * type : REG_SZ (1) value : * value: ARRAY(8) [0] : 0x52 (82) [1] : 0x00 (0) [2] : 0x41 (65) [3] : 0x00 (0) [4] : 0x57 (87) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) size : * size : 0x00000008 (8) length : * length : 0x00000008 (8) result : WERR_OK [2013/11/07 14:24:53.351354, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000129-0000-0000-7b52-a5947f2c0000 enum_index : 0x00000003 (3) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:53.352197, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 29 01 00 00 00 00 00 00 7B 52 A5 94 ....)... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.352349, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:53.352479, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0022 (34) size : 0x0024 (36) name : * name : 'Default Priority' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:53.353443, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000129-0000-0000-7b52-a5947f2c0000 enum_index : 0x00000004 (4) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:53.354300, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 29 01 00 00 00 00 00 00 7B 52 A5 94 ....)... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.354448, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:53.354534, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x000a (10) size : 0x0024 (36) name : * name : 'Port' type : * type : REG_SZ (1) value : * value: ARRAY(38) [0] : 0x53 (83) [1] : 0x00 (0) [2] : 0x61 (97) [3] : 0x00 (0) [4] : 0x6d (109) [5] : 0x00 (0) [6] : 0x62 (98) [7] : 0x00 (0) [8] : 0x61 (97) [9] : 0x00 (0) [10] : 0x20 (32) [11] : 0x00 (0) [12] : 0x50 (80) [13] : 0x00 (0) [14] : 0x72 (114) [15] : 0x00 (0) [16] : 0x69 (105) [17] : 0x00 (0) [18] : 0x6e (110) [19] : 0x00 (0) [20] : 0x74 (116) [21] : 0x00 (0) [22] : 0x65 (101) [23] : 0x00 (0) [24] : 0x72 (114) [25] : 0x00 (0) [26] : 0x20 (32) [27] : 0x00 (0) [28] : 0x50 (80) [29] : 0x00 (0) [30] : 0x6f (111) [31] : 0x00 (0) [32] : 0x72 (114) [33] : 0x00 (0) [34] : 0x74 (116) [35] : 0x00 (0) [36] : 0x00 (0) [37] : 0x00 (0) size : * size : 0x00000026 (38) length : * length : 0x00000026 (38) result : WERR_OK [2013/11/07 14:24:53.356767, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000129-0000-0000-7b52-a5947f2c0000 enum_index : 0x00000005 (5) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:53.357629, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 29 01 00 00 00 00 00 00 7B 52 A5 94 ....)... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.357777, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:53.357878, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x000a (10) size : 0x0024 (36) name : * name : 'Name' type : * type : REG_SZ (1) value : * value: ARRAY(20) [0] : 0x73 (115) [1] : 0x00 (0) [2] : 0x70 (112) [3] : 0x00 (0) [4] : 0x72 (114) [5] : 0x00 (0) [6] : 0x69 (105) [7] : 0x00 (0) [8] : 0x6e (110) [9] : 0x00 (0) [10] : 0x74 (116) [11] : 0x00 (0) [12] : 0x65 (101) [13] : 0x00 (0) [14] : 0x72 (114) [15] : 0x00 (0) [16] : 0x31 (49) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) size : * size : 0x00000014 (20) length : * length : 0x00000014 (20) result : WERR_OK [2013/11/07 14:24:53.359370, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000129-0000-0000-7b52-a5947f2c0000 enum_index : 0x00000006 (6) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:53.360214, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 29 01 00 00 00 00 00 00 7B 52 A5 94 ....)... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.360361, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:53.360489, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0020 (32) size : 0x0024 (36) name : * name : 'Print Processor' type : * type : REG_SZ (1) value : * value: ARRAY(18) [0] : 0x77 (119) [1] : 0x00 (0) [2] : 0x69 (105) [3] : 0x00 (0) [4] : 0x6e (110) [5] : 0x00 (0) [6] : 0x70 (112) [7] : 0x00 (0) [8] : 0x72 (114) [9] : 0x00 (0) [10] : 0x69 (105) [11] : 0x00 (0) [12] : 0x6e (110) [13] : 0x00 (0) [14] : 0x74 (116) [15] : 0x00 (0) [16] : 0x00 (0) [17] : 0x00 (0) size : * size : 0x00000012 (18) length : * length : 0x00000012 (18) result : WERR_OK [2013/11/07 14:24:53.361919, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000129-0000-0000-7b52-a5947f2c0000 enum_index : 0x00000007 (7) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:53.362766, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 29 01 00 00 00 00 00 00 7B 52 A5 94 ....)... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.362914, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:53.363001, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Priority' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:53.363884, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000129-0000-0000-7b52-a5947f2c0000 enum_index : 0x00000008 (8) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:53.364753, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 29 01 00 00 00 00 00 00 7B 52 A5 94 ....)... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.364904, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:53.364991, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Security' type : * type : REG_BINARY (3) value : * value: ARRAY(248) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0xc4 (196) [55] : 0x00 (0) [56] : 0x07 (7) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x24 (36) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x05 (5) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x15 (21) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0xcd (205) [101] : 0x0e (14) [102] : 0x37 (55) [103] : 0x41 (65) [104] : 0xea (234) [105] : 0x03 (3) [106] : 0x00 (0) [107] : 0x1d (29) [108] : 0x0e (14) [109] : 0x89 (137) [110] : 0x3c (60) [111] : 0xd2 (210) [112] : 0x00 (0) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x02 (2) [118] : 0x24 (36) [119] : 0x00 (0) [120] : 0x0c (12) [121] : 0x00 (0) [122] : 0x0f (15) [123] : 0x10 (16) [124] : 0x01 (1) [125] : 0x05 (5) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x05 (5) [132] : 0x15 (21) [133] : 0x00 (0) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0xcd (205) [137] : 0x0e (14) [138] : 0x37 (55) [139] : 0x41 (65) [140] : 0xea (234) [141] : 0x03 (3) [142] : 0x00 (0) [143] : 0x1d (29) [144] : 0x0e (14) [145] : 0x89 (137) [146] : 0x3c (60) [147] : 0xd2 (210) [148] : 0x00 (0) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x09 (9) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x20 (32) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x02 (2) [178] : 0x18 (24) [179] : 0x00 (0) [180] : 0x0c (12) [181] : 0x00 (0) [182] : 0x0f (15) [183] : 0x10 (16) [184] : 0x01 (1) [185] : 0x02 (2) [186] : 0x00 (0) [187] : 0x00 (0) [188] : 0x00 (0) [189] : 0x00 (0) [190] : 0x00 (0) [191] : 0x05 (5) [192] : 0x20 (32) [193] : 0x00 (0) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x20 (32) [197] : 0x02 (2) [198] : 0x00 (0) [199] : 0x00 (0) [200] : 0x00 (0) [201] : 0x09 (9) [202] : 0x18 (24) [203] : 0x00 (0) [204] : 0x0c (12) [205] : 0x00 (0) [206] : 0x0f (15) [207] : 0x10 (16) [208] : 0x01 (1) [209] : 0x02 (2) [210] : 0x00 (0) [211] : 0x00 (0) [212] : 0x00 (0) [213] : 0x00 (0) [214] : 0x00 (0) [215] : 0x05 (5) [216] : 0x20 (32) [217] : 0x00 (0) [218] : 0x00 (0) [219] : 0x00 (0) [220] : 0x26 (38) [221] : 0x02 (2) [222] : 0x00 (0) [223] : 0x00 (0) [224] : 0x00 (0) [225] : 0x02 (2) [226] : 0x18 (24) [227] : 0x00 (0) [228] : 0x0c (12) [229] : 0x00 (0) [230] : 0x0f (15) [231] : 0x10 (16) [232] : 0x01 (1) [233] : 0x02 (2) [234] : 0x00 (0) [235] : 0x00 (0) [236] : 0x00 (0) [237] : 0x00 (0) [238] : 0x00 (0) [239] : 0x05 (5) [240] : 0x20 (32) [241] : 0x00 (0) [242] : 0x00 (0) [243] : 0x00 (0) [244] : 0x26 (38) [245] : 0x02 (2) [246] : 0x00 (0) [247] : 0x00 (0) size : * size : 0x000000f8 (248) length : * length : 0x000000f8 (248) result : WERR_OK [2013/11/07 14:24:53.375458, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000129-0000-0000-7b52-a5947f2c0000 enum_index : 0x00000009 (9) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:53.376315, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 29 01 00 00 00 00 00 00 7B 52 A5 94 ....)... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.376491, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:53.376579, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0016 (22) size : 0x0024 (36) name : * name : 'Share Name' type : * type : REG_SZ (1) value : * value: ARRAY(20) [0] : 0x73 (115) [1] : 0x00 (0) [2] : 0x70 (112) [3] : 0x00 (0) [4] : 0x72 (114) [5] : 0x00 (0) [6] : 0x69 (105) [7] : 0x00 (0) [8] : 0x6e (110) [9] : 0x00 (0) [10] : 0x74 (116) [11] : 0x00 (0) [12] : 0x65 (101) [13] : 0x00 (0) [14] : 0x72 (114) [15] : 0x00 (0) [16] : 0x31 (49) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) size : * size : 0x00000014 (20) length : * length : 0x00000014 (20) result : WERR_OK [2013/11/07 14:24:53.378096, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000129-0000-0000-7b52-a5947f2c0000 enum_index : 0x0000000a (10) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:53.378940, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 29 01 00 00 00 00 00 00 7B 52 A5 94 ....)... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.379088, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:53.379175, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0014 (20) size : 0x0024 (36) name : * name : 'StartTime' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:53.380050, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000129-0000-0000-7b52-a5947f2c0000 enum_index : 0x0000000b (11) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:53.380970, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 29 01 00 00 00 00 00 00 7B 52 A5 94 ....)... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.381118, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:53.381205, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0014 (20) size : 0x0024 (36) name : * name : 'UntilTime' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:53.382087, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000129-0000-0000-7b52-a5947f2c0000 enum_index : 0x0000000c (12) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:53.382959, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 29 01 00 00 00 00 00 00 7B 52 A5 94 ....)... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.383107, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:53.383193, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'ChangeID' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x33 (51) [1] : 0xac (172) [2] : 0x0e (14) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:53.384108, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000129-0000-0000-7b52-a5947f2c0000 value_name : * value_name: struct winreg_String name_len : 0x0020 (32) name_size : 0x0020 (32) name : * name : 'Default DevMode' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2013/11/07 14:24:53.384911, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 29 01 00 00 00 00 00 00 7B 52 A5 94 ....)... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.385075, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:53.385157, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2013/11/07 14:24:53.385245, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:316(_winreg_QueryValue) _winreg_QueryValue: reg_queryvalue failed with: WERR_BADFILE [2013/11/07 14:24:53.385350, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) result : WERR_BADFILE [2013/11/07 14:24:53.385813, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:24:53.386318, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2013/11/07 14:24:53.386402, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (2->3) [2013/11/07 14:24:53.386487, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2013/11/07 14:24:53.386567, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2013/11/07 14:24:53.386651, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:53.386729, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM] [2013/11/07 14:24:53.386850, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2013/11/07 14:24:53.386953, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:24:53.387041, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[3] [0000] 00 00 00 00 2A 01 00 00 00 00 00 00 7B 52 A5 94 ....*... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.387201, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000012a-0000-0000-7b52-a5947f2c0000 result : WERR_OK [2013/11/07 14:24:53.387549, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000012a-0000-0000-7b52-a5947f2c0000 keyname: struct winreg_String name_len : 0x008c (140) name_size : 0x008c (140) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:24:53.388581, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2A 01 00 00 00 00 00 00 7B 52 A5 94 ....*... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.388737, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2013/11/07 14:24:53.388818, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (3->4) [2013/11/07 14:24:53.388902, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2013/11/07 14:24:53.388981, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2013/11/07 14:24:53.389065, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:53.389144, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE] [2013/11/07 14:24:53.389254, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2013/11/07 14:24:53.389370, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2013/11/07 14:24:53.389452, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (4->5) [2013/11/07 14:24:53.389550, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:53.389631, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:53.389714, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:53.389793, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:53.389900, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:53.389999, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2013/11/07 14:24:53.390082, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (5->6) [2013/11/07 14:24:53.390166, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:53.390245, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:53.390329, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:53.390407, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:53.390509, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:53.390609, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2013/11/07 14:24:53.390691, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (6->7) [2013/11/07 14:24:53.390776, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:53.390855, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:53.390941, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:53.391020, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:53.391143, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2013/11/07 14:24:53.391239, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (7->8) [2013/11/07 14:24:53.391326, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:53.391406, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:53.391494, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:53.391572, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:53.391681, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2013/11/07 14:24:53.391763, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (8->9) [2013/11/07 14:24:53.391847, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:53.391929, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:53.392018, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:53.392098, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:53.392204, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:53.392307, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [sprinter1] [2013/11/07 14:24:53.392413, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (9->10) [2013/11/07 14:24:53.392503, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:53.392584, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:53.392671, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:53.392750, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:53.392864, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:53.392981, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:24:53.393067, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (10->9) [2013/11/07 14:24:53.393150, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (9->8) [2013/11/07 14:24:53.393234, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (8->7) [2013/11/07 14:24:53.393328, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (7->6) [2013/11/07 14:24:53.393412, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (6->5) [2013/11/07 14:24:53.393495, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (5->4) [2013/11/07 14:24:53.393580, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[4] [0000] 00 00 00 00 2B 01 00 00 00 00 00 00 7B 52 A5 94 ....+... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.393731, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000012b-0000-0000-7b52-a5947f2c0000 result : WERR_OK [2013/11/07 14:24:53.394084, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000012b-0000-0000-7b52-a5947f2c0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2013/11/07 14:24:53.394855, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2B 01 00 00 00 00 00 00 7B 52 A5 94 ....+... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.395003, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:53.395100, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2013/11/07 14:24:53.395183, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' (ops 0xb6d86bc0) [2013/11/07 14:24:53.395265, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:53.395373, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[0]: name[Attributes] len[4] [2013/11/07 14:24:53.395457, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[1]: name[Description] len[2] [2013/11/07 14:24:53.395540, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[2]: name[Datatype] len[8] [2013/11/07 14:24:53.395624, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[3]: name[Default Priority] len[4] [2013/11/07 14:24:53.395708, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[4]: name[Port] len[38] [2013/11/07 14:24:53.395792, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[5]: name[Name] len[20] [2013/11/07 14:24:53.395876, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[6]: name[Print Processor] len[18] [2013/11/07 14:24:53.395961, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[7]: name[Priority] len[4] [2013/11/07 14:24:53.396045, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[8]: name[Security] len[248] [2013/11/07 14:24:53.396130, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[9]: name[Share Name] len[20] [2013/11/07 14:24:53.396215, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[10]: name[StartTime] len[4] [2013/11/07 14:24:53.396299, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[11]: name[UntilTime] len[4] [2013/11/07 14:24:53.396408, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[12]: name[ChangeID] len[4] [2013/11/07 14:24:53.396498, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : NULL data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x00000000 (0) result : WERR_OK [2013/11/07 14:24:53.396966, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000012b-0000-0000-7b52-a5947f2c0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_BINARY (3) data : * data: ARRAY(0) data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x00000000 (0) [2013/11/07 14:24:53.397803, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2B 01 00 00 00 00 00 00 7B 52 A5 94 ....+... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.397952, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:53.398034, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2013/11/07 14:24:53.398122, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : * data: ARRAY(248) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0xc4 (196) [55] : 0x00 (0) [56] : 0x07 (7) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x24 (36) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x05 (5) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x15 (21) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0xcd (205) [101] : 0x0e (14) [102] : 0x37 (55) [103] : 0x41 (65) [104] : 0xea (234) [105] : 0x03 (3) [106] : 0x00 (0) [107] : 0x1d (29) [108] : 0x0e (14) [109] : 0x89 (137) [110] : 0x3c (60) [111] : 0xd2 (210) [112] : 0x00 (0) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x02 (2) [118] : 0x24 (36) [119] : 0x00 (0) [120] : 0x0c (12) [121] : 0x00 (0) [122] : 0x0f (15) [123] : 0x10 (16) [124] : 0x01 (1) [125] : 0x05 (5) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x05 (5) [132] : 0x15 (21) [133] : 0x00 (0) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0xcd (205) [137] : 0x0e (14) [138] : 0x37 (55) [139] : 0x41 (65) [140] : 0xea (234) [141] : 0x03 (3) [142] : 0x00 (0) [143] : 0x1d (29) [144] : 0x0e (14) [145] : 0x89 (137) [146] : 0x3c (60) [147] : 0xd2 (210) [148] : 0x00 (0) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x09 (9) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x20 (32) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x02 (2) [178] : 0x18 (24) [179] : 0x00 (0) [180] : 0x0c (12) [181] : 0x00 (0) [182] : 0x0f (15) [183] : 0x10 (16) [184] : 0x01 (1) [185] : 0x02 (2) [186] : 0x00 (0) [187] : 0x00 (0) [188] : 0x00 (0) [189] : 0x00 (0) [190] : 0x00 (0) [191] : 0x05 (5) [192] : 0x20 (32) [193] : 0x00 (0) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x20 (32) [197] : 0x02 (2) [198] : 0x00 (0) [199] : 0x00 (0) [200] : 0x00 (0) [201] : 0x09 (9) [202] : 0x18 (24) [203] : 0x00 (0) [204] : 0x0c (12) [205] : 0x00 (0) [206] : 0x0f (15) [207] : 0x10 (16) [208] : 0x01 (1) [209] : 0x02 (2) [210] : 0x00 (0) [211] : 0x00 (0) [212] : 0x00 (0) [213] : 0x00 (0) [214] : 0x00 (0) [215] : 0x05 (5) [216] : 0x20 (32) [217] : 0x00 (0) [218] : 0x00 (0) [219] : 0x00 (0) [220] : 0x26 (38) [221] : 0x02 (2) [222] : 0x00 (0) [223] : 0x00 (0) [224] : 0x00 (0) [225] : 0x02 (2) [226] : 0x18 (24) [227] : 0x00 (0) [228] : 0x0c (12) [229] : 0x00 (0) [230] : 0x0f (15) [231] : 0x10 (16) [232] : 0x01 (1) [233] : 0x02 (2) [234] : 0x00 (0) [235] : 0x00 (0) [236] : 0x00 (0) [237] : 0x00 (0) [238] : 0x00 (0) [239] : 0x05 (5) [240] : 0x20 (32) [241] : 0x00 (0) [242] : 0x00 (0) [243] : 0x00 (0) [244] : 0x26 (38) [245] : 0x02 (2) [246] : 0x00 (0) [247] : 0x00 (0) data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x000000f8 (248) result : WERR_OK [2013/11/07 14:24:53.408568, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000012b-0000-0000-7b52-a5947f2c0000 [2013/11/07 14:24:53.408854, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2B 01 00 00 00 00 00 00 7B 52 A5 94 ....+... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.409003, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2B 01 00 00 00 00 00 00 7B 52 A5 94 ....+... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.409149, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:24:53.409236, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (4->3) [2013/11/07 14:24:53.409345, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:24:53.409683, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000012a-0000-0000-7b52-a5947f2c0000 [2013/11/07 14:24:53.409962, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2A 01 00 00 00 00 00 00 7B 52 A5 94 ....*... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.410114, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2A 01 00 00 00 00 00 00 7B 52 A5 94 ....*... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.410265, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:24:53.410361, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (3->2) [2013/11/07 14:24:53.410444, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:24:53.410781, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000129-0000-0000-7b52-a5947f2c0000 [2013/11/07 14:24:53.411060, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 29 01 00 00 00 00 00 00 7B 52 A5 94 ....)... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.411212, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 29 01 00 00 00 00 00 00 7B 52 A5 94 ....)... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.411362, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:24:53.411449, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (2->1) [2013/11/07 14:24:53.411532, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:24:53.411866, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000128-0000-0000-7b52-a5947f2c0000 [2013/11/07 14:24:53.412144, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 28 01 00 00 00 00 00 00 7B 52 A5 94 ....(... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.412290, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 28 01 00 00 00 00 00 00 7B 52 A5 94 ....(... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.412466, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:24:53.412563, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (1->0) [2013/11/07 14:24:53.412668, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:24:53.413007, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:416(close_policy_by_pipe) Deleted handle list for RPC connection \winreg [2013/11/07 14:24:53.413223, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) spoolss_GetPrinter: struct spoolss_GetPrinter out: struct spoolss_GetPrinter info : * info : union spoolss_PrinterInfo(case 2) info2: struct spoolss_PrinterInfo2 servername : * servername : '\\SLAVER' printername : * printername : '\\SLAVER\sprinter1' sharename : * sharename : 'sprinter1' portname : * portname : 'Samba Printer Port' drivername : * drivername : '' comment : * comment : '' location : * location : '' devmode : * devmode: struct spoolss_DeviceMode devicename : '\\SLAVER\sprinter1' specversion : DMSPEC_NT4_AND_ABOVE (1025) driverversion : 0x0400 (1024) size : 0x00dc (220) __driverextra_length : 0x0000 (0) fields : 0x00014713 (83731) 1: DEVMODE_ORIENTATION 1: DEVMODE_PAPERSIZE 0: DEVMODE_PAPERLENGTH 0: DEVMODE_PAPERWIDTH 1: DEVMODE_SCALE 0: DEVMODE_POSITION 0: DEVMODE_NUP 1: DEVMODE_COPIES 1: DEVMODE_DEFAULTSOURCE 1: DEVMODE_PRINTQUALITY 0: DEVMODE_COLOR 0: DEVMODE_DUPLEX 0: DEVMODE_YRESOLUTION 1: DEVMODE_TTOPTION 0: DEVMODE_COLLATE 1: DEVMODE_FORMNAME 0: DEVMODE_LOGPIXELS 0: DEVMODE_BITSPERPEL 0: DEVMODE_PELSWIDTH 0: DEVMODE_PELSHEIGHT 0: DEVMODE_DISPLAYFLAGS 0: DEVMODE_DISPLAYFREQUENCY 0: DEVMODE_ICMMETHOD 0: DEVMODE_ICMINTENT 0: DEVMODE_MEDIATYPE 0: DEVMODE_DITHERTYPE 0: DEVMODE_PANNINGWIDTH 0: DEVMODE_PANNINGHEIGHT orientation : DMORIENT_PORTRAIT (1) papersize : DMPAPER_LETTER (1) paperlength : 0x0000 (0) paperwidth : 0x0000 (0) scale : 0x0064 (100) copies : 0x0001 (1) defaultsource : DMBIN_FORMSOURCE (15) printquality : DMRES_HIGH (65532) color : DMRES_MONOCHROME (1) duplex : DMDUP_SIMPLEX (1) yresolution : 0x0000 (0) ttoption : DMTT_SUBDEV (3) collate : DMCOLLATE_FALSE (0) formname : 'Letter' logpixels : 0x0000 (0) bitsperpel : 0x00000000 (0) pelswidth : 0x00000000 (0) pelsheight : 0x00000000 (0) displayflags : UNKNOWN_ENUM_VALUE (0) displayfrequency : 0x00000000 (0) icmmethod : UNKNOWN_ENUM_VALUE (0) icmintent : UNKNOWN_ENUM_VALUE (0) mediatype : UNKNOWN_ENUM_VALUE (0) dithertype : UNKNOWN_ENUM_VALUE (0) reserved1 : 0x00000000 (0) reserved2 : 0x00000000 (0) panningwidth : 0x00000000 (0) panningheight : 0x00000000 (0) driverextra_data : DATA_BLOB length=0 sepfile : * sepfile : '' printprocessor : * printprocessor : 'winprint' datatype : * datatype : 'RAW' parameters : * parameters : '' secdesc : * secdesc: struct security_descriptor revision : SECURITY_DESCRIPTOR_REVISION_1 (1) type : 0x8004 (32772) 0: SEC_DESC_OWNER_DEFAULTED 0: SEC_DESC_GROUP_DEFAULTED 1: SEC_DESC_DACL_PRESENT 0: SEC_DESC_DACL_DEFAULTED 0: SEC_DESC_SACL_PRESENT 0: SEC_DESC_SACL_DEFAULTED 0: SEC_DESC_DACL_TRUSTED 0: SEC_DESC_SERVER_SECURITY 0: SEC_DESC_DACL_AUTO_INHERIT_REQ 0: SEC_DESC_SACL_AUTO_INHERIT_REQ 0: SEC_DESC_DACL_AUTO_INHERITED 0: SEC_DESC_SACL_AUTO_INHERITED 0: SEC_DESC_DACL_PROTECTED 0: SEC_DESC_SACL_PROTECTED 0: SEC_DESC_RM_CONTROL_VALID 1: SEC_DESC_SELF_RELATIVE owner_sid : * owner_sid : S-1-5-32-544 group_sid : * group_sid : S-1-5-32-544 sacl : NULL dacl : * dacl: struct security_acl revision : SECURITY_ACL_REVISION_NT4 (2) size : 0x00c4 (196) num_aces : 0x00000007 (7) aces: ARRAY(7) aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0014 (20) access_mask : 0x20020008 (537001992) object : union security_ace_object_ctr(case 0) trustee : S-1-1-0 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x09 (9) 1: SEC_ACE_FLAG_OBJECT_INHERIT 0: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 1: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0024 (36) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-21-1094127309-486540266-3527182606-512 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0024 (36) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-21-1094127309-486540266-3527182606-512 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x09 (9) 1: SEC_ACE_FLAG_OBJECT_INHERIT 0: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 1: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-544 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-544 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x09 (9) 1: SEC_ACE_FLAG_OBJECT_INHERIT 0: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 1: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-550 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-550 attributes : 0x00001048 (4168) 0: PRINTER_ATTRIBUTE_QUEUED 0: PRINTER_ATTRIBUTE_DIRECT 0: PRINTER_ATTRIBUTE_DEFAULT 1: PRINTER_ATTRIBUTE_SHARED 0: PRINTER_ATTRIBUTE_NETWORK 0: PRINTER_ATTRIBUTE_HIDDEN 1: PRINTER_ATTRIBUTE_LOCAL 0: PRINTER_ATTRIBUTE_ENABLE_DEVQ 0: PRINTER_ATTRIBUTE_KEEPPRINTEDJOBS 0: PRINTER_ATTRIBUTE_DO_COMPLETE_FIRST 0: PRINTER_ATTRIBUTE_WORK_OFFLINE 0: PRINTER_ATTRIBUTE_ENABLE_BIDI 1: PRINTER_ATTRIBUTE_RAW_ONLY 0: PRINTER_ATTRIBUTE_PUBLISHED 0: PRINTER_ATTRIBUTE_FAX 0: PRINTER_ATTRIBUTE_TS priority : 0x00000001 (1) defaultpriority : 0x00000001 (1) starttime : 0x00000000 (0) untiltime : 0x00000000 (0) status : 0x00000000 (0) 0: PRINTER_STATUS_PAUSED 0: PRINTER_STATUS_ERROR 0: PRINTER_STATUS_PENDING_DELETION 0: PRINTER_STATUS_PAPER_JAM 0: PRINTER_STATUS_PAPER_OUT 0: PRINTER_STATUS_MANUAL_FEED 0: PRINTER_STATUS_PAPER_PROBLEM 0: PRINTER_STATUS_OFFLINE 0: PRINTER_STATUS_IO_ACTIVE 0: PRINTER_STATUS_BUSY 0: PRINTER_STATUS_PRINTING 0: PRINTER_STATUS_OUTPUT_BIN_FULL 0: PRINTER_STATUS_NOT_AVAILABLE 0: PRINTER_STATUS_WAITING 0: PRINTER_STATUS_PROCESSING 0: PRINTER_STATUS_INITIALIZING 0: PRINTER_STATUS_WARMING_UP 0: PRINTER_STATUS_TONER_LOW 0: PRINTER_STATUS_NO_TONER 0: PRINTER_STATUS_PAGE_PUNT 0: PRINTER_STATUS_USER_INTERVENTION 0: PRINTER_STATUS_OUT_OF_MEMORY 0: PRINTER_STATUS_DOOR_OPEN 0: PRINTER_STATUS_SERVER_UNKNOWN 0: PRINTER_STATUS_POWER_SAVE cjobs : 0x00000000 (0) averageppm : 0x00000000 (0) needed : * needed : 0x000002f0 (752) result : WERR_OK [2013/11/07 14:24:53.424810, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1417(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2013/11/07 14:24:53.424938, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (2016, 5001) - sec_ctx_stack_ndx = 0 [2013/11/07 14:24:53.425026, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 4140 smbd_smb2_request_pending_queue: req->current_idx = 1 req->in.vector[0].iov_len = 0 req->in.vector[1].iov_len = 0 req->in.vector[2].iov_len = 64 req->in.vector[3].iov_len = 56 req->in.vector[4].iov_len = 4156 req->out.vector[0].iov_len = 4 req->out.vector[1].iov_len = 0 req->out.vector[2].iov_len = 64 req->out.vector[3].iov_len = 8 req->out.vector[4].iov_len = 0 [2013/11/07 14:24:53.425547, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:128(smbd_smb2_ioctl_pipe_write_done) smbd_smb2_ioctl_pipe_write_done: received 4156 [2013/11/07 14:24:53.425632, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:149(smbd_smb2_ioctl_pipe_write_done) smbd_smb2_ioctl_pipe_write_done: issuing np_read_send of size 4136 [2013/11/07 14:24:53.425717, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) name: \spoolss len: 4136 [2013/11/07 14:24:53.425801, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:347(read_from_internal_pipe) read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 4112. [2013/11/07 14:24:53.425899, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x1028 (4136) auth_length : 0x0000 (0) call_id : 0x00000008 (8) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00001010 (4112) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=4112 [0000] 04 00 02 00 00 10 00 00 EE 0F 00 00 C8 0F 00 00 ........ ........ [0010] B4 0F 00 00 8E 0F 00 00 8C 0F 00 00 8A 0F 00 00 ........ ........ [0020] 88 0F 00 00 8C 0E 00 00 86 0F 00 00 74 0F 00 00 ........ ....t... [0030] 6C 0F 00 00 6A 0F 00 00 94 0D 00 00 48 10 00 00 l...j... ....H... [0040] 01 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 01 00 04 80 ........ ........ [0DA0] D8 00 00 00 E8 00 00 00 00 00 00 00 14 00 00 00 ........ ........ [0DB0] 02 00 C4 00 07 00 00 00 00 02 14 00 08 00 02 20 ........ ....... [0DC0] 01 01 00 00 00 00 00 01 00 00 00 00 00 09 24 00 ........ ......$. [0DD0] 0C 00 0F 10 01 05 00 00 00 00 00 05 15 00 00 00 ........ ........ [0DE0] CD 0E 37 41 EA 03 00 1D 0E 89 3C D2 00 02 00 00 ..7A.... ..<..... [0DF0] 00 02 24 00 0C 00 0F 10 01 05 00 00 00 00 00 05 ..$..... ........ [0E00] 15 00 00 00 CD 0E 37 41 EA 03 00 1D 0E 89 3C D2 ......7A ......<. [0E10] 00 02 00 00 00 09 18 00 0C 00 0F 10 01 02 00 00 ........ ........ [0E20] 00 00 00 05 20 00 00 00 20 02 00 00 00 02 18 00 .... ... ....... [0E30] 0C 00 0F 10 01 02 00 00 00 00 00 05 20 00 00 00 ........ .... ... [0E40] 20 02 00 00 00 09 18 00 0C 00 0F 10 01 02 00 00 ....... ........ [0E50] 00 00 00 05 20 00 00 00 26 02 00 00 00 02 18 00 .... ... &....... [0E60] 0C 00 0F 10 01 02 00 00 00 00 00 05 20 00 00 00 ........ .... ... [0E70] 26 02 00 00 01 02 00 00 00 00 00 05 20 00 00 00 &....... .... ... [0E80] 20 02 00 00 01 02 00 00 00 00 00 05 20 00 00 00 ....... .... ... [0E90] 20 02 00 00 5C 00 5C 00 53 00 4C 00 41 00 56 00 ...\.\. S.L.A.V. [0EA0] 45 00 52 00 5C 00 73 00 70 00 72 00 69 00 6E 00 E.R.\.s. p.r.i.n. [0EB0] 74 00 65 00 72 00 31 00 00 00 00 00 00 00 00 00 t.e.r.1. ........ [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0ED0] 00 00 00 00 01 04 00 04 DC 00 00 00 13 47 01 00 ........ .....G.. [0EE0] 01 00 01 00 00 00 00 00 64 00 01 00 0F 00 FC FF ........ d....... [0EF0] 01 00 01 00 00 00 03 00 00 00 4C 00 65 00 74 00 ........ ..L.e.t. [0F00] 74 00 65 00 72 00 00 00 00 00 00 00 00 00 00 00 t.e.r... ........ [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F70] 00 00 00 00 52 00 41 00 57 00 00 00 77 00 69 00 ....R.A. W...w.i. [0F80] 6E 00 70 00 72 00 69 00 6E 00 74 00 00 00 00 00 n.p.r.i. n.t..... [0F90] 00 00 00 00 00 00 53 00 61 00 6D 00 62 00 61 00 ......S. a.m.b.a. [0FA0] 20 00 50 00 72 00 69 00 6E 00 74 00 65 00 72 00 .P.r.i. n.t.e.r. [0FB0] 20 00 50 00 6F 00 72 00 74 00 00 00 73 00 70 00 .P.o.r. t...s.p. [0FC0] 72 00 69 00 6E 00 74 00 65 00 72 00 31 00 00 00 r.i.n.t. e.r.1... [0FD0] 5C 00 5C 00 53 00 4C 00 41 00 56 00 45 00 52 00 \.\.S.L. A.V.E.R. [0FE0] 5C 00 73 00 70 00 72 00 69 00 6E 00 74 00 65 00 \.s.p.r. i.n.t.e. [0FF0] 72 00 31 00 00 00 5C 00 5C 00 53 00 4C 00 41 00 r.1...\. \.S.L.A. [1000] 56 00 45 00 52 00 00 00 F0 02 00 00 00 00 00 00 V.E.R... ........ [2013/11/07 14:24:53.444199, 3, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) free_pipe_context: destroying talloc pool of size 1258 [2013/11/07 14:24:53.444331, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 4136 bytes. There is no more data outstanding [2013/11/07 14:24:53.444438, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:178(smbd_smb2_ioctl_pipe_read_done) smbd_smb2_ioctl_pipe_read_done: np_read_recv nread = 4136 is_data_outstanding = 0, status = NT_STATUS_OK [2013/11/07 14:24:53.444529, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl.c:291(smbd_smb2_request_ioctl_done) smbd_smb2_request_ioctl_done: smbd_smb2_ioctl_recv returned 4136 status NT_STATUS_OK [2013/11/07 14:24:53.444613, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[48] dyn[yes:4136] at ../source3/smbd/smb2_ioctl.c:358 [2013/11/07 14:24:53.444700, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/175/127 [2013/11/07 14:24:53.456771, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) smbd_smb2_request_incoming: idx[1] of 5 vectors [2013/11/07 14:24:53.457085, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) smb2_validate_sequence_number: clearing id 175 (position 175) from bitmap [2013/11/07 14:24:53.457363, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) smbd_smb2_request_dispatch: opcode[SMB2_OP_IOCTL] mid = 175 [2013/11/07 14:24:53.457649, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2013/11/07 14:24:53.457871, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) mid 175, CreditCharge: 1, NeededCharge: 1 [2013/11/07 14:24:53.458078, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl.c:394(smbd_smb2_ioctl_send) smbd_smb2_ioctl: ctl_code[0x0011c017] spoolss, fnum 3571729150 [2013/11/07 14:24:53.458297, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:59(smb2_ioctl_named_pipe) smbd_smb2_ioctl_send: np_write_send of size 4156 [2013/11/07 14:24:53.458500, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 4156 [2013/11/07 14:24:53.458704, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 4156 [2013/11/07 14:24:53.458904, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 4156 [2013/11/07 14:24:53.459107, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) fill_rpc_header: data_to_copy = 4156, len_needed_to_complete_hdr = 16, receive_len = 0 [2013/11/07 14:24:53.459312, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 16 [2013/11/07 14:24:53.459510, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 4140 [2013/11/07 14:24:53.459708, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 4140 [2013/11/07 14:24:53.459969, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 0 [2013/11/07 14:24:53.460169, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 4140 [2013/11/07 14:24:53.460367, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 4140, incoming data = 4140 [2013/11/07 14:24:53.460654, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) PDU is in Little Endian format! [2013/11/07 14:24:53.460883, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x103c (4156) auth_length : 0x0000 (0) call_id : 0x00000009 (9) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x00001024 (4132) context_id : 0x0000 (0) opnum : 0x0008 (8) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=4132 [0000] 00 00 00 00 0F 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 02 00 00 00 00 00 02 00 00 10 00 00 .,...... ........ [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1020] 00 10 00 00 .... [2013/11/07 14:24:53.484704, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) Processing packet type 0 [2013/11/07 14:24:53.484789, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1472(dcesrv_auth_request) Checking request auth. [2013/11/07 14:24:53.484882, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(2016, 5001) : sec_ctx_stack_ndx = 1 [2013/11/07 14:24:53.484973, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (2016, 5001) - sec_ctx_stack_ndx = 1 [2013/11/07 14:24:53.485056, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (7): SID[ 0]: S-1-5-21-1094127309-486540266-3527182606-1118 SID[ 1]: S-1-5-21-1094127309-486540266-3527182606-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-32-545 SID[ 6]: S-1-5-32-554 Privileges (0x 800000): Privilege[ 0]: SeChangeNotifyPrivilege Rights (0x 400): Right[ 0]: SeRemoteInteractiveLogonRight [2013/11/07 14:24:53.485551, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 2016 Primary group is 5001 and contains 6 supplementary groups Group[ 0]: 5001 Group[ 1]: 5012 Group[ 2]: 5032 Group[ 3]: 5010 Group[ 4]: 5067 Group[ 5]: 5052 [2013/11/07 14:24:53.485905, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1324(api_pipe_request) Requested \spoolss rpc service [2013/11/07 14:24:53.485993, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1356(api_rpcTNP) api_rpcTNP: \spoolss op 0x8 - api_rpcTNP: rpc command: SPOOLSS_GETPRINTER [2013/11/07 14:24:53.486092, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1390(api_rpcTNP) api_rpc_cmds[8].fn == 0xb766e000 [2013/11/07 14:24:53.486182, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) spoolss_GetPrinter: struct spoolss_GetPrinter in: struct spoolss_GetPrinter handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000010f-0000-0000-7b52-a4947f2c0000 level : 0x00000002 (2) buffer : * buffer : DATA_BLOB length=4096 [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ offered : 0x00001000 (4096) [2013/11/07 14:24:53.503770, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0F 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.503927, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0F 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.504076, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:489(get_printer_snum) short name:sprinter1 [2013/11/07 14:24:53.504247, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) Create pipe requested \winreg [2013/11/07 14:24:53.504341, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:221(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \winreg [2013/11/07 14:24:53.504473, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg [2013/11/07 14:24:53.504616, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) Created internal pipe \winreg [2013/11/07 14:24:53.504732, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:24:53.505245, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2013/11/07 14:24:53.505360, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(2016, 5001) : sec_ctx_stack_ndx = 2 [2013/11/07 14:24:53.505448, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:485(push_conn_ctx) push_conn_ctx(2620291195) : conn_ctx_stack_ndx = 0 [2013/11/07 14:24:53.505530, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/11/07 14:24:53.505610, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/11/07 14:24:53.505689, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/11/07 14:24:53.506013, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (2016, 5001) - sec_ctx_stack_ndx = 1 [2013/11/07 14:24:53.506103, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:866(regdb_open) regdb_open: registry db opened. refcount reset (1) [2013/11/07 14:24:53.506189, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2013/11/07 14:24:53.506269, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2013/11/07 14:24:53.506353, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:53.506432, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM] [2013/11/07 14:24:53.506561, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2013/11/07 14:24:53.506665, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:24:53.506753, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 2C 01 00 00 00 00 00 00 7B 52 A5 94 ....,... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.506907, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000012c-0000-0000-7b52-a5947f2c0000 result : WERR_OK [2013/11/07 14:24:53.507268, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000012c-0000-0000-7b52-a5947f2c0000 keyname: struct winreg_String name_len : 0x008c (140) name_size : 0x008c (140) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:24:53.508268, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2C 01 00 00 00 00 00 00 7B 52 A5 94 ....,... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.508487, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2013/11/07 14:24:53.508570, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (1->2) [2013/11/07 14:24:53.508653, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2013/11/07 14:24:53.508732, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2013/11/07 14:24:53.508815, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:53.508894, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE] [2013/11/07 14:24:53.509006, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2013/11/07 14:24:53.509107, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2013/11/07 14:24:53.509189, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (2->3) [2013/11/07 14:24:53.509274, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:53.509373, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:53.509457, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:53.509537, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:53.509642, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:53.509742, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2013/11/07 14:24:53.509823, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (3->4) [2013/11/07 14:24:53.509907, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:53.509986, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:53.510070, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:53.510149, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:53.510264, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:53.510367, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2013/11/07 14:24:53.510449, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (4->5) [2013/11/07 14:24:53.510533, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:53.510612, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:53.510697, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:53.510776, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:53.510901, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2013/11/07 14:24:53.510983, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (5->6) [2013/11/07 14:24:53.511068, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:53.511149, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:53.511236, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:53.511315, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:53.511423, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2013/11/07 14:24:53.511556, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (6->7) [2013/11/07 14:24:53.511645, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:53.511726, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:53.511814, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:53.511892, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:53.512011, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:53.512113, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [sprinter1] [2013/11/07 14:24:53.512196, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (7->8) [2013/11/07 14:24:53.512281, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:53.512363, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:53.512486, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:53.512566, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:53.512694, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:53.512798, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:24:53.512884, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (8->7) [2013/11/07 14:24:53.512967, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (7->6) [2013/11/07 14:24:53.513051, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (6->5) [2013/11/07 14:24:53.513134, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (5->4) [2013/11/07 14:24:53.513216, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (4->3) [2013/11/07 14:24:53.513313, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (3->2) [2013/11/07 14:24:53.513398, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 2D 01 00 00 00 00 00 00 7B 52 A5 94 ....-... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.513548, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000012d-0000-0000-7b52-a5947f2c0000 result : WERR_OK [2013/11/07 14:24:53.513912, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey in: struct winreg_QueryInfoKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000012d-0000-0000-7b52-a5947f2c0000 classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL [2013/11/07 14:24:53.514385, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2D 01 00 00 00 00 00 00 7B 52 A5 94 ....-... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.514541, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' (ops 0xb6d86bc0) [2013/11/07 14:24:53.514625, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:53.514744, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[0]: name[Attributes] len[4] [2013/11/07 14:24:53.514829, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[1]: name[Description] len[2] [2013/11/07 14:24:53.514913, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[2]: name[Datatype] len[8] [2013/11/07 14:24:53.514996, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[3]: name[Default Priority] len[4] [2013/11/07 14:24:53.515080, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[4]: name[Port] len[38] [2013/11/07 14:24:53.515165, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[5]: name[Name] len[20] [2013/11/07 14:24:53.515249, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[6]: name[Print Processor] len[18] [2013/11/07 14:24:53.515333, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[7]: name[Priority] len[4] [2013/11/07 14:24:53.515418, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[8]: name[Security] len[248] [2013/11/07 14:24:53.515503, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[9]: name[Share Name] len[20] [2013/11/07 14:24:53.515588, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[10]: name[StartTime] len[4] [2013/11/07 14:24:53.515687, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[11]: name[UntilTime] len[4] [2013/11/07 14:24:53.515772, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[12]: name[ChangeID] len[4] [2013/11/07 14:24:53.515858, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:53.515962, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey out: struct winreg_QueryInfoKey classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL num_subkeys : * num_subkeys : 0x00000003 (3) max_subkeylen : * max_subkeylen : 0x00000022 (34) max_classlen : * max_classlen : 0x00000000 (0) num_values : * num_values : 0x0000000d (13) max_valnamelen : * max_valnamelen : 0x00000022 (34) max_valbufsize : * max_valbufsize : 0x000000f8 (248) secdescsize : * secdescsize : 0x00000078 (120) last_changed_time : * last_changed_time : NTTIME(0) result : WERR_OK [2013/11/07 14:24:53.516983, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000012d-0000-0000-7b52-a5947f2c0000 enum_index : 0x00000000 (0) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:53.518005, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2D 01 00 00 00 00 00 00 7B 52 A5 94 ....-... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.518158, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:53.518248, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0016 (22) size : 0x0024 (36) name : * name : 'Attributes' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x48 (72) [1] : 0x10 (16) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:53.519140, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000012d-0000-0000-7b52-a5947f2c0000 enum_index : 0x00000001 (1) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:53.519988, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2D 01 00 00 00 00 00 00 7B 52 A5 94 ....-... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.520137, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:53.520224, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0018 (24) size : 0x0024 (36) name : * name : 'Description' type : * type : REG_SZ (1) value : * value: ARRAY(2) [0] : 0x00 (0) [1] : 0x00 (0) size : * size : 0x00000002 (2) length : * length : 0x00000002 (2) result : WERR_OK [2013/11/07 14:24:53.521106, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000012d-0000-0000-7b52-a5947f2c0000 enum_index : 0x00000002 (2) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:53.521984, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2D 01 00 00 00 00 00 00 7B 52 A5 94 ....-... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.522133, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:53.522220, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Datatype' type : * type : REG_SZ (1) value : * value: ARRAY(8) [0] : 0x52 (82) [1] : 0x00 (0) [2] : 0x41 (65) [3] : 0x00 (0) [4] : 0x57 (87) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) size : * size : 0x00000008 (8) length : * length : 0x00000008 (8) result : WERR_OK [2013/11/07 14:24:53.523235, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000012d-0000-0000-7b52-a5947f2c0000 enum_index : 0x00000003 (3) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:53.524092, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2D 01 00 00 00 00 00 00 7B 52 A5 94 ....-... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.524244, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:53.524331, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0022 (34) size : 0x0024 (36) name : * name : 'Default Priority' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:53.525225, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000012d-0000-0000-7b52-a5947f2c0000 enum_index : 0x00000004 (4) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:53.526095, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2D 01 00 00 00 00 00 00 7B 52 A5 94 ....-... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.526243, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:53.526329, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x000a (10) size : 0x0024 (36) name : * name : 'Port' type : * type : REG_SZ (1) value : * value: ARRAY(38) [0] : 0x53 (83) [1] : 0x00 (0) [2] : 0x61 (97) [3] : 0x00 (0) [4] : 0x6d (109) [5] : 0x00 (0) [6] : 0x62 (98) [7] : 0x00 (0) [8] : 0x61 (97) [9] : 0x00 (0) [10] : 0x20 (32) [11] : 0x00 (0) [12] : 0x50 (80) [13] : 0x00 (0) [14] : 0x72 (114) [15] : 0x00 (0) [16] : 0x69 (105) [17] : 0x00 (0) [18] : 0x6e (110) [19] : 0x00 (0) [20] : 0x74 (116) [21] : 0x00 (0) [22] : 0x65 (101) [23] : 0x00 (0) [24] : 0x72 (114) [25] : 0x00 (0) [26] : 0x20 (32) [27] : 0x00 (0) [28] : 0x50 (80) [29] : 0x00 (0) [30] : 0x6f (111) [31] : 0x00 (0) [32] : 0x72 (114) [33] : 0x00 (0) [34] : 0x74 (116) [35] : 0x00 (0) [36] : 0x00 (0) [37] : 0x00 (0) size : * size : 0x00000026 (38) length : * length : 0x00000026 (38) result : WERR_OK [2013/11/07 14:24:53.528621, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000012d-0000-0000-7b52-a5947f2c0000 enum_index : 0x00000005 (5) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:53.529523, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2D 01 00 00 00 00 00 00 7B 52 A5 94 ....-... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.529673, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:53.529764, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x000a (10) size : 0x0024 (36) name : * name : 'Name' type : * type : REG_SZ (1) value : * value: ARRAY(20) [0] : 0x73 (115) [1] : 0x00 (0) [2] : 0x70 (112) [3] : 0x00 (0) [4] : 0x72 (114) [5] : 0x00 (0) [6] : 0x69 (105) [7] : 0x00 (0) [8] : 0x6e (110) [9] : 0x00 (0) [10] : 0x74 (116) [11] : 0x00 (0) [12] : 0x65 (101) [13] : 0x00 (0) [14] : 0x72 (114) [15] : 0x00 (0) [16] : 0x31 (49) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) size : * size : 0x00000014 (20) length : * length : 0x00000014 (20) result : WERR_OK [2013/11/07 14:24:53.531260, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000012d-0000-0000-7b52-a5947f2c0000 enum_index : 0x00000006 (6) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:53.532123, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2D 01 00 00 00 00 00 00 7B 52 A5 94 ....-... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.532272, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:53.532359, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0020 (32) size : 0x0024 (36) name : * name : 'Print Processor' type : * type : REG_SZ (1) value : * value: ARRAY(18) [0] : 0x77 (119) [1] : 0x00 (0) [2] : 0x69 (105) [3] : 0x00 (0) [4] : 0x6e (110) [5] : 0x00 (0) [6] : 0x70 (112) [7] : 0x00 (0) [8] : 0x72 (114) [9] : 0x00 (0) [10] : 0x69 (105) [11] : 0x00 (0) [12] : 0x6e (110) [13] : 0x00 (0) [14] : 0x74 (116) [15] : 0x00 (0) [16] : 0x00 (0) [17] : 0x00 (0) size : * size : 0x00000012 (18) length : * length : 0x00000012 (18) result : WERR_OK [2013/11/07 14:24:53.533806, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000012d-0000-0000-7b52-a5947f2c0000 enum_index : 0x00000007 (7) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:53.534677, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2D 01 00 00 00 00 00 00 7B 52 A5 94 ....-... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.534826, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:53.534913, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Priority' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:53.535784, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000012d-0000-0000-7b52-a5947f2c0000 enum_index : 0x00000008 (8) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:53.536657, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2D 01 00 00 00 00 00 00 7B 52 A5 94 ....-... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.536809, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:53.536896, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Security' type : * type : REG_BINARY (3) value : * value: ARRAY(248) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0xc4 (196) [55] : 0x00 (0) [56] : 0x07 (7) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x24 (36) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x05 (5) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x15 (21) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0xcd (205) [101] : 0x0e (14) [102] : 0x37 (55) [103] : 0x41 (65) [104] : 0xea (234) [105] : 0x03 (3) [106] : 0x00 (0) [107] : 0x1d (29) [108] : 0x0e (14) [109] : 0x89 (137) [110] : 0x3c (60) [111] : 0xd2 (210) [112] : 0x00 (0) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x02 (2) [118] : 0x24 (36) [119] : 0x00 (0) [120] : 0x0c (12) [121] : 0x00 (0) [122] : 0x0f (15) [123] : 0x10 (16) [124] : 0x01 (1) [125] : 0x05 (5) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x05 (5) [132] : 0x15 (21) [133] : 0x00 (0) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0xcd (205) [137] : 0x0e (14) [138] : 0x37 (55) [139] : 0x41 (65) [140] : 0xea (234) [141] : 0x03 (3) [142] : 0x00 (0) [143] : 0x1d (29) [144] : 0x0e (14) [145] : 0x89 (137) [146] : 0x3c (60) [147] : 0xd2 (210) [148] : 0x00 (0) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x09 (9) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x20 (32) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x02 (2) [178] : 0x18 (24) [179] : 0x00 (0) [180] : 0x0c (12) [181] : 0x00 (0) [182] : 0x0f (15) [183] : 0x10 (16) [184] : 0x01 (1) [185] : 0x02 (2) [186] : 0x00 (0) [187] : 0x00 (0) [188] : 0x00 (0) [189] : 0x00 (0) [190] : 0x00 (0) [191] : 0x05 (5) [192] : 0x20 (32) [193] : 0x00 (0) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x20 (32) [197] : 0x02 (2) [198] : 0x00 (0) [199] : 0x00 (0) [200] : 0x00 (0) [201] : 0x09 (9) [202] : 0x18 (24) [203] : 0x00 (0) [204] : 0x0c (12) [205] : 0x00 (0) [206] : 0x0f (15) [207] : 0x10 (16) [208] : 0x01 (1) [209] : 0x02 (2) [210] : 0x00 (0) [211] : 0x00 (0) [212] : 0x00 (0) [213] : 0x00 (0) [214] : 0x00 (0) [215] : 0x05 (5) [216] : 0x20 (32) [217] : 0x00 (0) [218] : 0x00 (0) [219] : 0x00 (0) [220] : 0x26 (38) [221] : 0x02 (2) [222] : 0x00 (0) [223] : 0x00 (0) [224] : 0x00 (0) [225] : 0x02 (2) [226] : 0x18 (24) [227] : 0x00 (0) [228] : 0x0c (12) [229] : 0x00 (0) [230] : 0x0f (15) [231] : 0x10 (16) [232] : 0x01 (1) [233] : 0x02 (2) [234] : 0x00 (0) [235] : 0x00 (0) [236] : 0x00 (0) [237] : 0x00 (0) [238] : 0x00 (0) [239] : 0x05 (5) [240] : 0x20 (32) [241] : 0x00 (0) [242] : 0x00 (0) [243] : 0x00 (0) [244] : 0x26 (38) [245] : 0x02 (2) [246] : 0x00 (0) [247] : 0x00 (0) size : * size : 0x000000f8 (248) length : * length : 0x000000f8 (248) result : WERR_OK [2013/11/07 14:24:53.547406, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000012d-0000-0000-7b52-a5947f2c0000 enum_index : 0x00000009 (9) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:53.548263, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2D 01 00 00 00 00 00 00 7B 52 A5 94 ....-... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.548453, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:53.548541, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0016 (22) size : 0x0024 (36) name : * name : 'Share Name' type : * type : REG_SZ (1) value : * value: ARRAY(20) [0] : 0x73 (115) [1] : 0x00 (0) [2] : 0x70 (112) [3] : 0x00 (0) [4] : 0x72 (114) [5] : 0x00 (0) [6] : 0x69 (105) [7] : 0x00 (0) [8] : 0x6e (110) [9] : 0x00 (0) [10] : 0x74 (116) [11] : 0x00 (0) [12] : 0x65 (101) [13] : 0x00 (0) [14] : 0x72 (114) [15] : 0x00 (0) [16] : 0x31 (49) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) size : * size : 0x00000014 (20) length : * length : 0x00000014 (20) result : WERR_OK [2013/11/07 14:24:53.550048, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000012d-0000-0000-7b52-a5947f2c0000 enum_index : 0x0000000a (10) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:53.550895, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2D 01 00 00 00 00 00 00 7B 52 A5 94 ....-... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.551058, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:53.551146, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0014 (20) size : 0x0024 (36) name : * name : 'StartTime' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:53.552010, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000012d-0000-0000-7b52-a5947f2c0000 enum_index : 0x0000000b (11) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:53.552896, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2D 01 00 00 00 00 00 00 7B 52 A5 94 ....-... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.553045, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:53.553131, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0014 (20) size : 0x0024 (36) name : * name : 'UntilTime' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:53.554044, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000012d-0000-0000-7b52-a5947f2c0000 enum_index : 0x0000000c (12) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:53.554900, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2D 01 00 00 00 00 00 00 7B 52 A5 94 ....-... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.555048, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:53.555135, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'ChangeID' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x33 (51) [1] : 0xac (172) [2] : 0x0e (14) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:53.556049, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000012d-0000-0000-7b52-a5947f2c0000 value_name : * value_name: struct winreg_String name_len : 0x0020 (32) name_size : 0x0020 (32) name : * name : 'Default DevMode' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2013/11/07 14:24:53.556863, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2D 01 00 00 00 00 00 00 7B 52 A5 94 ....-... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.557012, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:53.557094, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2013/11/07 14:24:53.557182, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:316(_winreg_QueryValue) _winreg_QueryValue: reg_queryvalue failed with: WERR_BADFILE [2013/11/07 14:24:53.557263, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) result : WERR_BADFILE [2013/11/07 14:24:53.557733, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:24:53.558239, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2013/11/07 14:24:53.558322, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (2->3) [2013/11/07 14:24:53.558407, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2013/11/07 14:24:53.558487, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2013/11/07 14:24:53.558570, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:53.558649, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM] [2013/11/07 14:24:53.558784, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2013/11/07 14:24:53.558887, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:24:53.558975, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[3] [0000] 00 00 00 00 2E 01 00 00 00 00 00 00 7B 52 A5 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.559123, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000012e-0000-0000-7b52-a5947f2c0000 result : WERR_OK [2013/11/07 14:24:53.559467, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000012e-0000-0000-7b52-a5947f2c0000 keyname: struct winreg_String name_len : 0x008c (140) name_size : 0x008c (140) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:24:53.560557, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2E 01 00 00 00 00 00 00 7B 52 A5 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.560713, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2013/11/07 14:24:53.560795, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (3->4) [2013/11/07 14:24:53.560879, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2013/11/07 14:24:53.560959, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2013/11/07 14:24:53.561042, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:53.561137, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE] [2013/11/07 14:24:53.561248, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2013/11/07 14:24:53.561363, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2013/11/07 14:24:53.561445, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (4->5) [2013/11/07 14:24:53.561529, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:53.561608, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:53.561692, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:53.561770, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:53.561877, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:53.561976, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2013/11/07 14:24:53.562059, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (5->6) [2013/11/07 14:24:53.562143, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:53.562222, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:53.562306, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:53.562384, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:53.562486, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:53.562586, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2013/11/07 14:24:53.562667, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (6->7) [2013/11/07 14:24:53.562752, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:53.562832, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:53.562931, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:53.563010, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:53.563133, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2013/11/07 14:24:53.563216, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (7->8) [2013/11/07 14:24:53.563303, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:53.563383, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:53.563471, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:53.563550, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:53.563657, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2013/11/07 14:24:53.563739, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (8->9) [2013/11/07 14:24:53.563824, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:53.563906, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:53.563995, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:53.564075, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:53.564179, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:53.564281, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [sprinter1] [2013/11/07 14:24:53.564364, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (9->10) [2013/11/07 14:24:53.564477, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:53.564558, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:53.564659, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:53.564738, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:53.564851, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:53.564953, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:24:53.565038, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (10->9) [2013/11/07 14:24:53.565121, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (9->8) [2013/11/07 14:24:53.565205, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (8->7) [2013/11/07 14:24:53.565315, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (7->6) [2013/11/07 14:24:53.565399, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (6->5) [2013/11/07 14:24:53.565483, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (5->4) [2013/11/07 14:24:53.565568, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[4] [0000] 00 00 00 00 2F 01 00 00 00 00 00 00 7B 52 A5 94 ..../... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.565718, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000012f-0000-0000-7b52-a5947f2c0000 result : WERR_OK [2013/11/07 14:24:53.566075, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000012f-0000-0000-7b52-a5947f2c0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2013/11/07 14:24:53.566862, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2F 01 00 00 00 00 00 00 7B 52 A5 94 ..../... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.567011, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:53.567093, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2013/11/07 14:24:53.567175, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' (ops 0xb6d86bc0) [2013/11/07 14:24:53.567258, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:53.567366, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[0]: name[Attributes] len[4] [2013/11/07 14:24:53.567450, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[1]: name[Description] len[2] [2013/11/07 14:24:53.567534, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[2]: name[Datatype] len[8] [2013/11/07 14:24:53.567618, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[3]: name[Default Priority] len[4] [2013/11/07 14:24:53.567702, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[4]: name[Port] len[38] [2013/11/07 14:24:53.567786, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[5]: name[Name] len[20] [2013/11/07 14:24:53.567870, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[6]: name[Print Processor] len[18] [2013/11/07 14:24:53.567954, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[7]: name[Priority] len[4] [2013/11/07 14:24:53.568039, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[8]: name[Security] len[248] [2013/11/07 14:24:53.568124, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[9]: name[Share Name] len[20] [2013/11/07 14:24:53.568209, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[10]: name[StartTime] len[4] [2013/11/07 14:24:53.568294, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[11]: name[UntilTime] len[4] [2013/11/07 14:24:53.568418, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[12]: name[ChangeID] len[4] [2013/11/07 14:24:53.568509, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : NULL data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x00000000 (0) result : WERR_OK [2013/11/07 14:24:53.568962, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000012f-0000-0000-7b52-a5947f2c0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_BINARY (3) data : * data: ARRAY(0) data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x00000000 (0) [2013/11/07 14:24:53.569790, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2F 01 00 00 00 00 00 00 7B 52 A5 94 ..../... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.569939, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:53.570021, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2013/11/07 14:24:53.570109, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : * data: ARRAY(248) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0xc4 (196) [55] : 0x00 (0) [56] : 0x07 (7) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x24 (36) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x05 (5) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x15 (21) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0xcd (205) [101] : 0x0e (14) [102] : 0x37 (55) [103] : 0x41 (65) [104] : 0xea (234) [105] : 0x03 (3) [106] : 0x00 (0) [107] : 0x1d (29) [108] : 0x0e (14) [109] : 0x89 (137) [110] : 0x3c (60) [111] : 0xd2 (210) [112] : 0x00 (0) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x02 (2) [118] : 0x24 (36) [119] : 0x00 (0) [120] : 0x0c (12) [121] : 0x00 (0) [122] : 0x0f (15) [123] : 0x10 (16) [124] : 0x01 (1) [125] : 0x05 (5) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x05 (5) [132] : 0x15 (21) [133] : 0x00 (0) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0xcd (205) [137] : 0x0e (14) [138] : 0x37 (55) [139] : 0x41 (65) [140] : 0xea (234) [141] : 0x03 (3) [142] : 0x00 (0) [143] : 0x1d (29) [144] : 0x0e (14) [145] : 0x89 (137) [146] : 0x3c (60) [147] : 0xd2 (210) [148] : 0x00 (0) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x09 (9) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x20 (32) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x02 (2) [178] : 0x18 (24) [179] : 0x00 (0) [180] : 0x0c (12) [181] : 0x00 (0) [182] : 0x0f (15) [183] : 0x10 (16) [184] : 0x01 (1) [185] : 0x02 (2) [186] : 0x00 (0) [187] : 0x00 (0) [188] : 0x00 (0) [189] : 0x00 (0) [190] : 0x00 (0) [191] : 0x05 (5) [192] : 0x20 (32) [193] : 0x00 (0) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x20 (32) [197] : 0x02 (2) [198] : 0x00 (0) [199] : 0x00 (0) [200] : 0x00 (0) [201] : 0x09 (9) [202] : 0x18 (24) [203] : 0x00 (0) [204] : 0x0c (12) [205] : 0x00 (0) [206] : 0x0f (15) [207] : 0x10 (16) [208] : 0x01 (1) [209] : 0x02 (2) [210] : 0x00 (0) [211] : 0x00 (0) [212] : 0x00 (0) [213] : 0x00 (0) [214] : 0x00 (0) [215] : 0x05 (5) [216] : 0x20 (32) [217] : 0x00 (0) [218] : 0x00 (0) [219] : 0x00 (0) [220] : 0x26 (38) [221] : 0x02 (2) [222] : 0x00 (0) [223] : 0x00 (0) [224] : 0x00 (0) [225] : 0x02 (2) [226] : 0x18 (24) [227] : 0x00 (0) [228] : 0x0c (12) [229] : 0x00 (0) [230] : 0x0f (15) [231] : 0x10 (16) [232] : 0x01 (1) [233] : 0x02 (2) [234] : 0x00 (0) [235] : 0x00 (0) [236] : 0x00 (0) [237] : 0x00 (0) [238] : 0x00 (0) [239] : 0x05 (5) [240] : 0x20 (32) [241] : 0x00 (0) [242] : 0x00 (0) [243] : 0x00 (0) [244] : 0x26 (38) [245] : 0x02 (2) [246] : 0x00 (0) [247] : 0x00 (0) data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x000000f8 (248) result : WERR_OK [2013/11/07 14:24:53.580684, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000012f-0000-0000-7b52-a5947f2c0000 [2013/11/07 14:24:53.580983, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2F 01 00 00 00 00 00 00 7B 52 A5 94 ..../... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.581144, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2F 01 00 00 00 00 00 00 7B 52 A5 94 ..../... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.581309, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:24:53.581397, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (4->3) [2013/11/07 14:24:53.581481, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:24:53.581819, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000012e-0000-0000-7b52-a5947f2c0000 [2013/11/07 14:24:53.582123, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2E 01 00 00 00 00 00 00 7B 52 A5 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.582277, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2E 01 00 00 00 00 00 00 7B 52 A5 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.582429, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:24:53.582511, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (3->2) [2013/11/07 14:24:53.582594, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:24:53.582931, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000012d-0000-0000-7b52-a5947f2c0000 [2013/11/07 14:24:53.583211, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2D 01 00 00 00 00 00 00 7B 52 A5 94 ....-... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.583362, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2D 01 00 00 00 00 00 00 7B 52 A5 94 ....-... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.583512, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:24:53.583600, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (2->1) [2013/11/07 14:24:53.583684, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:24:53.584017, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000012c-0000-0000-7b52-a5947f2c0000 [2013/11/07 14:24:53.584296, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2C 01 00 00 00 00 00 00 7B 52 A5 94 ....,... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.584488, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2C 01 00 00 00 00 00 00 7B 52 A5 94 ....,... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.584635, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:24:53.584718, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (1->0) [2013/11/07 14:24:53.584824, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:24:53.585162, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:416(close_policy_by_pipe) Deleted handle list for RPC connection \winreg [2013/11/07 14:24:53.585390, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) spoolss_GetPrinter: struct spoolss_GetPrinter out: struct spoolss_GetPrinter info : * info : union spoolss_PrinterInfo(case 2) info2: struct spoolss_PrinterInfo2 servername : * servername : '\\SLAVER' printername : * printername : '\\SLAVER\sprinter1' sharename : * sharename : 'sprinter1' portname : * portname : 'Samba Printer Port' drivername : * drivername : '' comment : * comment : '' location : * location : '' devmode : * devmode: struct spoolss_DeviceMode devicename : '\\SLAVER\sprinter1' specversion : DMSPEC_NT4_AND_ABOVE (1025) driverversion : 0x0400 (1024) size : 0x00dc (220) __driverextra_length : 0x0000 (0) fields : 0x00014713 (83731) 1: DEVMODE_ORIENTATION 1: DEVMODE_PAPERSIZE 0: DEVMODE_PAPERLENGTH 0: DEVMODE_PAPERWIDTH 1: DEVMODE_SCALE 0: DEVMODE_POSITION 0: DEVMODE_NUP 1: DEVMODE_COPIES 1: DEVMODE_DEFAULTSOURCE 1: DEVMODE_PRINTQUALITY 0: DEVMODE_COLOR 0: DEVMODE_DUPLEX 0: DEVMODE_YRESOLUTION 1: DEVMODE_TTOPTION 0: DEVMODE_COLLATE 1: DEVMODE_FORMNAME 0: DEVMODE_LOGPIXELS 0: DEVMODE_BITSPERPEL 0: DEVMODE_PELSWIDTH 0: DEVMODE_PELSHEIGHT 0: DEVMODE_DISPLAYFLAGS 0: DEVMODE_DISPLAYFREQUENCY 0: DEVMODE_ICMMETHOD 0: DEVMODE_ICMINTENT 0: DEVMODE_MEDIATYPE 0: DEVMODE_DITHERTYPE 0: DEVMODE_PANNINGWIDTH 0: DEVMODE_PANNINGHEIGHT orientation : DMORIENT_PORTRAIT (1) papersize : DMPAPER_LETTER (1) paperlength : 0x0000 (0) paperwidth : 0x0000 (0) scale : 0x0064 (100) copies : 0x0001 (1) defaultsource : DMBIN_FORMSOURCE (15) printquality : DMRES_HIGH (65532) color : DMRES_MONOCHROME (1) duplex : DMDUP_SIMPLEX (1) yresolution : 0x0000 (0) ttoption : DMTT_SUBDEV (3) collate : DMCOLLATE_FALSE (0) formname : 'Letter' logpixels : 0x0000 (0) bitsperpel : 0x00000000 (0) pelswidth : 0x00000000 (0) pelsheight : 0x00000000 (0) displayflags : UNKNOWN_ENUM_VALUE (0) displayfrequency : 0x00000000 (0) icmmethod : UNKNOWN_ENUM_VALUE (0) icmintent : UNKNOWN_ENUM_VALUE (0) mediatype : UNKNOWN_ENUM_VALUE (0) dithertype : UNKNOWN_ENUM_VALUE (0) reserved1 : 0x00000000 (0) reserved2 : 0x00000000 (0) panningwidth : 0x00000000 (0) panningheight : 0x00000000 (0) driverextra_data : DATA_BLOB length=0 sepfile : * sepfile : '' printprocessor : * printprocessor : 'winprint' datatype : * datatype : 'RAW' parameters : * parameters : '' secdesc : * secdesc: struct security_descriptor revision : SECURITY_DESCRIPTOR_REVISION_1 (1) type : 0x8004 (32772) 0: SEC_DESC_OWNER_DEFAULTED 0: SEC_DESC_GROUP_DEFAULTED 1: SEC_DESC_DACL_PRESENT 0: SEC_DESC_DACL_DEFAULTED 0: SEC_DESC_SACL_PRESENT 0: SEC_DESC_SACL_DEFAULTED 0: SEC_DESC_DACL_TRUSTED 0: SEC_DESC_SERVER_SECURITY 0: SEC_DESC_DACL_AUTO_INHERIT_REQ 0: SEC_DESC_SACL_AUTO_INHERIT_REQ 0: SEC_DESC_DACL_AUTO_INHERITED 0: SEC_DESC_SACL_AUTO_INHERITED 0: SEC_DESC_DACL_PROTECTED 0: SEC_DESC_SACL_PROTECTED 0: SEC_DESC_RM_CONTROL_VALID 1: SEC_DESC_SELF_RELATIVE owner_sid : * owner_sid : S-1-5-32-544 group_sid : * group_sid : S-1-5-32-544 sacl : NULL dacl : * dacl: struct security_acl revision : SECURITY_ACL_REVISION_NT4 (2) size : 0x00c4 (196) num_aces : 0x00000007 (7) aces: ARRAY(7) aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0014 (20) access_mask : 0x20020008 (537001992) object : union security_ace_object_ctr(case 0) trustee : S-1-1-0 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x09 (9) 1: SEC_ACE_FLAG_OBJECT_INHERIT 0: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 1: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0024 (36) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-21-1094127309-486540266-3527182606-512 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0024 (36) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-21-1094127309-486540266-3527182606-512 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x09 (9) 1: SEC_ACE_FLAG_OBJECT_INHERIT 0: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 1: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-544 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-544 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x09 (9) 1: SEC_ACE_FLAG_OBJECT_INHERIT 0: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 1: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-550 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-550 attributes : 0x00001048 (4168) 0: PRINTER_ATTRIBUTE_QUEUED 0: PRINTER_ATTRIBUTE_DIRECT 0: PRINTER_ATTRIBUTE_DEFAULT 1: PRINTER_ATTRIBUTE_SHARED 0: PRINTER_ATTRIBUTE_NETWORK 0: PRINTER_ATTRIBUTE_HIDDEN 1: PRINTER_ATTRIBUTE_LOCAL 0: PRINTER_ATTRIBUTE_ENABLE_DEVQ 0: PRINTER_ATTRIBUTE_KEEPPRINTEDJOBS 0: PRINTER_ATTRIBUTE_DO_COMPLETE_FIRST 0: PRINTER_ATTRIBUTE_WORK_OFFLINE 0: PRINTER_ATTRIBUTE_ENABLE_BIDI 1: PRINTER_ATTRIBUTE_RAW_ONLY 0: PRINTER_ATTRIBUTE_PUBLISHED 0: PRINTER_ATTRIBUTE_FAX 0: PRINTER_ATTRIBUTE_TS priority : 0x00000001 (1) defaultpriority : 0x00000001 (1) starttime : 0x00000000 (0) untiltime : 0x00000000 (0) status : 0x00000000 (0) 0: PRINTER_STATUS_PAUSED 0: PRINTER_STATUS_ERROR 0: PRINTER_STATUS_PENDING_DELETION 0: PRINTER_STATUS_PAPER_JAM 0: PRINTER_STATUS_PAPER_OUT 0: PRINTER_STATUS_MANUAL_FEED 0: PRINTER_STATUS_PAPER_PROBLEM 0: PRINTER_STATUS_OFFLINE 0: PRINTER_STATUS_IO_ACTIVE 0: PRINTER_STATUS_BUSY 0: PRINTER_STATUS_PRINTING 0: PRINTER_STATUS_OUTPUT_BIN_FULL 0: PRINTER_STATUS_NOT_AVAILABLE 0: PRINTER_STATUS_WAITING 0: PRINTER_STATUS_PROCESSING 0: PRINTER_STATUS_INITIALIZING 0: PRINTER_STATUS_WARMING_UP 0: PRINTER_STATUS_TONER_LOW 0: PRINTER_STATUS_NO_TONER 0: PRINTER_STATUS_PAGE_PUNT 0: PRINTER_STATUS_USER_INTERVENTION 0: PRINTER_STATUS_OUT_OF_MEMORY 0: PRINTER_STATUS_DOOR_OPEN 0: PRINTER_STATUS_SERVER_UNKNOWN 0: PRINTER_STATUS_POWER_SAVE cjobs : 0x00000000 (0) averageppm : 0x00000000 (0) needed : * needed : 0x000002f0 (752) result : WERR_OK [2013/11/07 14:24:53.596792, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1417(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2013/11/07 14:24:53.596913, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (2016, 5001) - sec_ctx_stack_ndx = 0 [2013/11/07 14:24:53.597001, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 4140 smbd_smb2_request_pending_queue: req->current_idx = 1 req->in.vector[0].iov_len = 0 req->in.vector[1].iov_len = 0 req->in.vector[2].iov_len = 64 req->in.vector[3].iov_len = 56 req->in.vector[4].iov_len = 4156 req->out.vector[0].iov_len = 4 req->out.vector[1].iov_len = 0 req->out.vector[2].iov_len = 64 req->out.vector[3].iov_len = 8 req->out.vector[4].iov_len = 0 [2013/11/07 14:24:53.597518, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:128(smbd_smb2_ioctl_pipe_write_done) smbd_smb2_ioctl_pipe_write_done: received 4156 [2013/11/07 14:24:53.597603, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:149(smbd_smb2_ioctl_pipe_write_done) smbd_smb2_ioctl_pipe_write_done: issuing np_read_send of size 4136 [2013/11/07 14:24:53.597688, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) name: \spoolss len: 4136 [2013/11/07 14:24:53.597772, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:347(read_from_internal_pipe) read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 4112. [2013/11/07 14:24:53.597869, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x1028 (4136) auth_length : 0x0000 (0) call_id : 0x00000009 (9) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00001010 (4112) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=4112 [0000] 04 00 02 00 00 10 00 00 EE 0F 00 00 C8 0F 00 00 ........ ........ [0010] B4 0F 00 00 8E 0F 00 00 8C 0F 00 00 8A 0F 00 00 ........ ........ [0020] 88 0F 00 00 8C 0E 00 00 86 0F 00 00 74 0F 00 00 ........ ....t... [0030] 6C 0F 00 00 6A 0F 00 00 94 0D 00 00 48 10 00 00 l...j... ....H... [0040] 01 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 01 00 04 80 ........ ........ [0DA0] D8 00 00 00 E8 00 00 00 00 00 00 00 14 00 00 00 ........ ........ [0DB0] 02 00 C4 00 07 00 00 00 00 02 14 00 08 00 02 20 ........ ....... [0DC0] 01 01 00 00 00 00 00 01 00 00 00 00 00 09 24 00 ........ ......$. [0DD0] 0C 00 0F 10 01 05 00 00 00 00 00 05 15 00 00 00 ........ ........ [0DE0] CD 0E 37 41 EA 03 00 1D 0E 89 3C D2 00 02 00 00 ..7A.... ..<..... [0DF0] 00 02 24 00 0C 00 0F 10 01 05 00 00 00 00 00 05 ..$..... ........ [0E00] 15 00 00 00 CD 0E 37 41 EA 03 00 1D 0E 89 3C D2 ......7A ......<. [0E10] 00 02 00 00 00 09 18 00 0C 00 0F 10 01 02 00 00 ........ ........ [0E20] 00 00 00 05 20 00 00 00 20 02 00 00 00 02 18 00 .... ... ....... [0E30] 0C 00 0F 10 01 02 00 00 00 00 00 05 20 00 00 00 ........ .... ... [0E40] 20 02 00 00 00 09 18 00 0C 00 0F 10 01 02 00 00 ....... ........ [0E50] 00 00 00 05 20 00 00 00 26 02 00 00 00 02 18 00 .... ... &....... [0E60] 0C 00 0F 10 01 02 00 00 00 00 00 05 20 00 00 00 ........ .... ... [0E70] 26 02 00 00 01 02 00 00 00 00 00 05 20 00 00 00 &....... .... ... [0E80] 20 02 00 00 01 02 00 00 00 00 00 05 20 00 00 00 ....... .... ... [0E90] 20 02 00 00 5C 00 5C 00 53 00 4C 00 41 00 56 00 ...\.\. S.L.A.V. [0EA0] 45 00 52 00 5C 00 73 00 70 00 72 00 69 00 6E 00 E.R.\.s. p.r.i.n. [0EB0] 74 00 65 00 72 00 31 00 00 00 00 00 00 00 00 00 t.e.r.1. ........ [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0ED0] 00 00 00 00 01 04 00 04 DC 00 00 00 13 47 01 00 ........ .....G.. [0EE0] 01 00 01 00 00 00 00 00 64 00 01 00 0F 00 FC FF ........ d....... [0EF0] 01 00 01 00 00 00 03 00 00 00 4C 00 65 00 74 00 ........ ..L.e.t. [0F00] 74 00 65 00 72 00 00 00 00 00 00 00 00 00 00 00 t.e.r... ........ [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F70] 00 00 00 00 52 00 41 00 57 00 00 00 77 00 69 00 ....R.A. W...w.i. [0F80] 6E 00 70 00 72 00 69 00 6E 00 74 00 00 00 00 00 n.p.r.i. n.t..... [0F90] 00 00 00 00 00 00 53 00 61 00 6D 00 62 00 61 00 ......S. a.m.b.a. [0FA0] 20 00 50 00 72 00 69 00 6E 00 74 00 65 00 72 00 .P.r.i. n.t.e.r. [0FB0] 20 00 50 00 6F 00 72 00 74 00 00 00 73 00 70 00 .P.o.r. t...s.p. [0FC0] 72 00 69 00 6E 00 74 00 65 00 72 00 31 00 00 00 r.i.n.t. e.r.1... [0FD0] 5C 00 5C 00 53 00 4C 00 41 00 56 00 45 00 52 00 \.\.S.L. A.V.E.R. [0FE0] 5C 00 73 00 70 00 72 00 69 00 6E 00 74 00 65 00 \.s.p.r. i.n.t.e. [0FF0] 72 00 31 00 00 00 5C 00 5C 00 53 00 4C 00 41 00 r.1...\. \.S.L.A. [1000] 56 00 45 00 52 00 00 00 F0 02 00 00 00 00 00 00 V.E.R... ........ [2013/11/07 14:24:53.616503, 3, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) free_pipe_context: destroying talloc pool of size 1258 [2013/11/07 14:24:53.616626, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 4136 bytes. There is no more data outstanding [2013/11/07 14:24:53.616708, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:178(smbd_smb2_ioctl_pipe_read_done) smbd_smb2_ioctl_pipe_read_done: np_read_recv nread = 4136 is_data_outstanding = 0, status = NT_STATUS_OK [2013/11/07 14:24:53.616799, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl.c:291(smbd_smb2_request_ioctl_done) smbd_smb2_request_ioctl_done: smbd_smb2_ioctl_recv returned 4136 status NT_STATUS_OK [2013/11/07 14:24:53.616882, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[48] dyn[yes:4136] at ../source3/smbd/smb2_ioctl.c:358 [2013/11/07 14:24:53.616969, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/176/127 [2013/11/07 14:24:53.622326, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) smbd_smb2_request_incoming: idx[1] of 5 vectors [2013/11/07 14:24:53.622470, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) smb2_validate_sequence_number: clearing id 176 (position 176) from bitmap [2013/11/07 14:24:53.622558, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) smbd_smb2_request_dispatch: opcode[SMB2_OP_IOCTL] mid = 176 [2013/11/07 14:24:53.622672, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2013/11/07 14:24:53.622765, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) mid 176, CreditCharge: 1, NeededCharge: 1 [2013/11/07 14:24:53.622848, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl.c:394(smbd_smb2_ioctl_send) smbd_smb2_ioctl: ctl_code[0x0011c017] spoolss, fnum 3571729150 [2013/11/07 14:24:53.622938, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:59(smb2_ioctl_named_pipe) smbd_smb2_ioctl_send: np_write_send of size 4156 [2013/11/07 14:24:53.623027, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 4156 [2013/11/07 14:24:53.623109, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 4156 [2013/11/07 14:24:53.623189, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 4156 [2013/11/07 14:24:53.623271, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) fill_rpc_header: data_to_copy = 4156, len_needed_to_complete_hdr = 16, receive_len = 0 [2013/11/07 14:24:53.623374, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 16 [2013/11/07 14:24:53.623455, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 4140 [2013/11/07 14:24:53.623534, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 4140 [2013/11/07 14:24:53.623620, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 0 [2013/11/07 14:24:53.623699, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 4140 [2013/11/07 14:24:53.623778, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 4140, incoming data = 4140 [2013/11/07 14:24:53.623862, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) PDU is in Little Endian format! [2013/11/07 14:24:53.623955, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x103c (4156) auth_length : 0x0000 (0) call_id : 0x0000000a (10) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x00001024 (4132) context_id : 0x0000 (0) opnum : 0x0008 (8) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=4132 [0000] 00 00 00 00 0F 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 02 00 00 00 00 00 02 00 00 10 00 00 .,...... ........ [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1020] 00 10 00 00 .... [2013/11/07 14:24:53.642650, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) Processing packet type 0 [2013/11/07 14:24:53.642733, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1472(dcesrv_auth_request) Checking request auth. [2013/11/07 14:24:53.642824, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(2016, 5001) : sec_ctx_stack_ndx = 1 [2013/11/07 14:24:53.642914, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (2016, 5001) - sec_ctx_stack_ndx = 1 [2013/11/07 14:24:53.642997, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (7): SID[ 0]: S-1-5-21-1094127309-486540266-3527182606-1118 SID[ 1]: S-1-5-21-1094127309-486540266-3527182606-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-32-545 SID[ 6]: S-1-5-32-554 Privileges (0x 800000): Privilege[ 0]: SeChangeNotifyPrivilege Rights (0x 400): Right[ 0]: SeRemoteInteractiveLogonRight [2013/11/07 14:24:53.643493, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 2016 Primary group is 5001 and contains 6 supplementary groups Group[ 0]: 5001 Group[ 1]: 5012 Group[ 2]: 5032 Group[ 3]: 5010 Group[ 4]: 5067 Group[ 5]: 5052 [2013/11/07 14:24:53.643837, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1324(api_pipe_request) Requested \spoolss rpc service [2013/11/07 14:24:53.643924, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1356(api_rpcTNP) api_rpcTNP: \spoolss op 0x8 - api_rpcTNP: rpc command: SPOOLSS_GETPRINTER [2013/11/07 14:24:53.644009, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1390(api_rpcTNP) api_rpc_cmds[8].fn == 0xb766e000 [2013/11/07 14:24:53.644098, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) spoolss_GetPrinter: struct spoolss_GetPrinter in: struct spoolss_GetPrinter handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000010f-0000-0000-7b52-a4947f2c0000 level : 0x00000002 (2) buffer : * buffer : DATA_BLOB length=4096 [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ offered : 0x00001000 (4096) [2013/11/07 14:24:53.661765, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0F 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.661923, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0F 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.662074, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:489(get_printer_snum) short name:sprinter1 [2013/11/07 14:24:53.662259, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) Create pipe requested \winreg [2013/11/07 14:24:53.662353, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:221(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \winreg [2013/11/07 14:24:53.662437, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg [2013/11/07 14:24:53.662577, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) Created internal pipe \winreg [2013/11/07 14:24:53.662692, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:24:53.663201, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2013/11/07 14:24:53.663287, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(2016, 5001) : sec_ctx_stack_ndx = 2 [2013/11/07 14:24:53.663391, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:485(push_conn_ctx) push_conn_ctx(2620291195) : conn_ctx_stack_ndx = 0 [2013/11/07 14:24:53.663473, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/11/07 14:24:53.663553, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/11/07 14:24:53.663633, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/11/07 14:24:53.663883, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (2016, 5001) - sec_ctx_stack_ndx = 1 [2013/11/07 14:24:53.663968, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:866(regdb_open) regdb_open: registry db opened. refcount reset (1) [2013/11/07 14:24:53.664054, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2013/11/07 14:24:53.664134, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2013/11/07 14:24:53.664218, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:53.664297, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM] [2013/11/07 14:24:53.664483, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2013/11/07 14:24:53.664592, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:24:53.664681, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 30 01 00 00 00 00 00 00 7B 52 A5 94 ....0... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.664835, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000130-0000-0000-7b52-a5947f2c0000 result : WERR_OK [2013/11/07 14:24:53.665196, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000130-0000-0000-7b52-a5947f2c0000 keyname: struct winreg_String name_len : 0x008c (140) name_size : 0x008c (140) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:24:53.666261, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 30 01 00 00 00 00 00 00 7B 52 A5 94 ....0... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.666417, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2013/11/07 14:24:53.666499, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (1->2) [2013/11/07 14:24:53.666583, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2013/11/07 14:24:53.666662, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2013/11/07 14:24:53.666746, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:53.666824, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE] [2013/11/07 14:24:53.666935, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2013/11/07 14:24:53.667036, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2013/11/07 14:24:53.667117, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (2->3) [2013/11/07 14:24:53.667202, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:53.667281, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:53.667364, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:53.667443, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:53.667547, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:53.667647, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2013/11/07 14:24:53.667728, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (3->4) [2013/11/07 14:24:53.667826, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:53.667905, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:53.667989, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:53.668067, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:53.668168, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:53.668271, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2013/11/07 14:24:53.668353, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (4->5) [2013/11/07 14:24:53.668474, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:53.668553, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:53.668638, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:53.668717, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:53.668843, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2013/11/07 14:24:53.668926, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (5->6) [2013/11/07 14:24:53.669010, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:53.669090, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:53.669179, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:53.669257, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:53.669402, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2013/11/07 14:24:53.669484, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (6->7) [2013/11/07 14:24:53.669571, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:53.669665, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:53.669753, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:53.669832, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:53.669935, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:53.670037, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [sprinter1] [2013/11/07 14:24:53.670119, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (7->8) [2013/11/07 14:24:53.670204, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:53.670286, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:53.670374, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:53.670454, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:53.670580, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:53.670683, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:24:53.670768, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (8->7) [2013/11/07 14:24:53.670852, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (7->6) [2013/11/07 14:24:53.670936, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (6->5) [2013/11/07 14:24:53.671018, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (5->4) [2013/11/07 14:24:53.671100, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (4->3) [2013/11/07 14:24:53.671183, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (3->2) [2013/11/07 14:24:53.671281, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 31 01 00 00 00 00 00 00 7B 52 A5 94 ....1... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.671430, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000131-0000-0000-7b52-a5947f2c0000 result : WERR_OK [2013/11/07 14:24:53.671777, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey in: struct winreg_QueryInfoKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000131-0000-0000-7b52-a5947f2c0000 classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL [2013/11/07 14:24:53.672249, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 31 01 00 00 00 00 00 00 7B 52 A5 94 ....1... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.672435, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' (ops 0xb6d86bc0) [2013/11/07 14:24:53.672522, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:53.672641, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[0]: name[Attributes] len[4] [2013/11/07 14:24:53.672725, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[1]: name[Description] len[2] [2013/11/07 14:24:53.672809, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[2]: name[Datatype] len[8] [2013/11/07 14:24:53.672893, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[3]: name[Default Priority] len[4] [2013/11/07 14:24:53.672978, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[4]: name[Port] len[38] [2013/11/07 14:24:53.673062, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[5]: name[Name] len[20] [2013/11/07 14:24:53.673146, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[6]: name[Print Processor] len[18] [2013/11/07 14:24:53.673231, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[7]: name[Priority] len[4] [2013/11/07 14:24:53.673387, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[8]: name[Security] len[248] [2013/11/07 14:24:53.673473, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[9]: name[Share Name] len[20] [2013/11/07 14:24:53.673557, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[10]: name[StartTime] len[4] [2013/11/07 14:24:53.673643, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[11]: name[UntilTime] len[4] [2013/11/07 14:24:53.673727, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[12]: name[ChangeID] len[4] [2013/11/07 14:24:53.673817, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:53.673923, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey out: struct winreg_QueryInfoKey classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL num_subkeys : * num_subkeys : 0x00000003 (3) max_subkeylen : * max_subkeylen : 0x00000022 (34) max_classlen : * max_classlen : 0x00000000 (0) num_values : * num_values : 0x0000000d (13) max_valnamelen : * max_valnamelen : 0x00000022 (34) max_valbufsize : * max_valbufsize : 0x000000f8 (248) secdescsize : * secdescsize : 0x00000078 (120) last_changed_time : * last_changed_time : NTTIME(0) result : WERR_OK [2013/11/07 14:24:53.674909, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000131-0000-0000-7b52-a5947f2c0000 enum_index : 0x00000000 (0) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:53.675776, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 31 01 00 00 00 00 00 00 7B 52 A5 94 ....1... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.675926, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:53.676014, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0016 (22) size : 0x0024 (36) name : * name : 'Attributes' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x48 (72) [1] : 0x10 (16) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:53.676939, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000131-0000-0000-7b52-a5947f2c0000 enum_index : 0x00000001 (1) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:53.677820, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 31 01 00 00 00 00 00 00 7B 52 A5 94 ....1... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.677968, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:53.678055, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0018 (24) size : 0x0024 (36) name : * name : 'Description' type : * type : REG_SZ (1) value : * value: ARRAY(2) [0] : 0x00 (0) [1] : 0x00 (0) size : * size : 0x00000002 (2) length : * length : 0x00000002 (2) result : WERR_OK [2013/11/07 14:24:53.678856, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000131-0000-0000-7b52-a5947f2c0000 enum_index : 0x00000002 (2) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:53.679702, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 31 01 00 00 00 00 00 00 7B 52 A5 94 ....1... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.679850, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:53.679937, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Datatype' type : * type : REG_SZ (1) value : * value: ARRAY(8) [0] : 0x52 (82) [1] : 0x00 (0) [2] : 0x41 (65) [3] : 0x00 (0) [4] : 0x57 (87) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) size : * size : 0x00000008 (8) length : * length : 0x00000008 (8) result : WERR_OK [2013/11/07 14:24:53.680985, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000131-0000-0000-7b52-a5947f2c0000 enum_index : 0x00000003 (3) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:53.681878, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 31 01 00 00 00 00 00 00 7B 52 A5 94 ....1... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.682031, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:53.682117, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0022 (34) size : 0x0024 (36) name : * name : 'Default Priority' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:53.682980, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000131-0000-0000-7b52-a5947f2c0000 enum_index : 0x00000004 (4) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:53.683853, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 31 01 00 00 00 00 00 00 7B 52 A5 94 ....1... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.684002, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:53.684088, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x000a (10) size : 0x0024 (36) name : * name : 'Port' type : * type : REG_SZ (1) value : * value: ARRAY(38) [0] : 0x53 (83) [1] : 0x00 (0) [2] : 0x61 (97) [3] : 0x00 (0) [4] : 0x6d (109) [5] : 0x00 (0) [6] : 0x62 (98) [7] : 0x00 (0) [8] : 0x61 (97) [9] : 0x00 (0) [10] : 0x20 (32) [11] : 0x00 (0) [12] : 0x50 (80) [13] : 0x00 (0) [14] : 0x72 (114) [15] : 0x00 (0) [16] : 0x69 (105) [17] : 0x00 (0) [18] : 0x6e (110) [19] : 0x00 (0) [20] : 0x74 (116) [21] : 0x00 (0) [22] : 0x65 (101) [23] : 0x00 (0) [24] : 0x72 (114) [25] : 0x00 (0) [26] : 0x20 (32) [27] : 0x00 (0) [28] : 0x50 (80) [29] : 0x00 (0) [30] : 0x6f (111) [31] : 0x00 (0) [32] : 0x72 (114) [33] : 0x00 (0) [34] : 0x74 (116) [35] : 0x00 (0) [36] : 0x00 (0) [37] : 0x00 (0) size : * size : 0x00000026 (38) length : * length : 0x00000026 (38) result : WERR_OK [2013/11/07 14:24:53.686370, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000131-0000-0000-7b52-a5947f2c0000 enum_index : 0x00000005 (5) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:53.687234, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 31 01 00 00 00 00 00 00 7B 52 A5 94 ....1... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.687382, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:53.687469, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x000a (10) size : 0x0024 (36) name : * name : 'Name' type : * type : REG_SZ (1) value : * value: ARRAY(20) [0] : 0x73 (115) [1] : 0x00 (0) [2] : 0x70 (112) [3] : 0x00 (0) [4] : 0x72 (114) [5] : 0x00 (0) [6] : 0x69 (105) [7] : 0x00 (0) [8] : 0x6e (110) [9] : 0x00 (0) [10] : 0x74 (116) [11] : 0x00 (0) [12] : 0x65 (101) [13] : 0x00 (0) [14] : 0x72 (114) [15] : 0x00 (0) [16] : 0x31 (49) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) size : * size : 0x00000014 (20) length : * length : 0x00000014 (20) result : WERR_OK [2013/11/07 14:24:53.688992, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000131-0000-0000-7b52-a5947f2c0000 enum_index : 0x00000006 (6) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:53.689886, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 31 01 00 00 00 00 00 00 7B 52 A5 94 ....1... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.690035, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:53.690123, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0020 (32) size : 0x0024 (36) name : * name : 'Print Processor' type : * type : REG_SZ (1) value : * value: ARRAY(18) [0] : 0x77 (119) [1] : 0x00 (0) [2] : 0x69 (105) [3] : 0x00 (0) [4] : 0x6e (110) [5] : 0x00 (0) [6] : 0x70 (112) [7] : 0x00 (0) [8] : 0x72 (114) [9] : 0x00 (0) [10] : 0x69 (105) [11] : 0x00 (0) [12] : 0x6e (110) [13] : 0x00 (0) [14] : 0x74 (116) [15] : 0x00 (0) [16] : 0x00 (0) [17] : 0x00 (0) size : * size : 0x00000012 (18) length : * length : 0x00000012 (18) result : WERR_OK [2013/11/07 14:24:53.691574, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000131-0000-0000-7b52-a5947f2c0000 enum_index : 0x00000007 (7) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:53.692466, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 31 01 00 00 00 00 00 00 7B 52 A5 94 ....1... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.692616, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:53.692703, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Priority' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:53.693611, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000131-0000-0000-7b52-a5947f2c0000 enum_index : 0x00000008 (8) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:53.694457, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 31 01 00 00 00 00 00 00 7B 52 A5 94 ....1... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.694622, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:53.694709, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Security' type : * type : REG_BINARY (3) value : * value: ARRAY(248) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0xc4 (196) [55] : 0x00 (0) [56] : 0x07 (7) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x24 (36) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x05 (5) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x15 (21) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0xcd (205) [101] : 0x0e (14) [102] : 0x37 (55) [103] : 0x41 (65) [104] : 0xea (234) [105] : 0x03 (3) [106] : 0x00 (0) [107] : 0x1d (29) [108] : 0x0e (14) [109] : 0x89 (137) [110] : 0x3c (60) [111] : 0xd2 (210) [112] : 0x00 (0) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x02 (2) [118] : 0x24 (36) [119] : 0x00 (0) [120] : 0x0c (12) [121] : 0x00 (0) [122] : 0x0f (15) [123] : 0x10 (16) [124] : 0x01 (1) [125] : 0x05 (5) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x05 (5) [132] : 0x15 (21) [133] : 0x00 (0) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0xcd (205) [137] : 0x0e (14) [138] : 0x37 (55) [139] : 0x41 (65) [140] : 0xea (234) [141] : 0x03 (3) [142] : 0x00 (0) [143] : 0x1d (29) [144] : 0x0e (14) [145] : 0x89 (137) [146] : 0x3c (60) [147] : 0xd2 (210) [148] : 0x00 (0) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x09 (9) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x20 (32) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x02 (2) [178] : 0x18 (24) [179] : 0x00 (0) [180] : 0x0c (12) [181] : 0x00 (0) [182] : 0x0f (15) [183] : 0x10 (16) [184] : 0x01 (1) [185] : 0x02 (2) [186] : 0x00 (0) [187] : 0x00 (0) [188] : 0x00 (0) [189] : 0x00 (0) [190] : 0x00 (0) [191] : 0x05 (5) [192] : 0x20 (32) [193] : 0x00 (0) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x20 (32) [197] : 0x02 (2) [198] : 0x00 (0) [199] : 0x00 (0) [200] : 0x00 (0) [201] : 0x09 (9) [202] : 0x18 (24) [203] : 0x00 (0) [204] : 0x0c (12) [205] : 0x00 (0) [206] : 0x0f (15) [207] : 0x10 (16) [208] : 0x01 (1) [209] : 0x02 (2) [210] : 0x00 (0) [211] : 0x00 (0) [212] : 0x00 (0) [213] : 0x00 (0) [214] : 0x00 (0) [215] : 0x05 (5) [216] : 0x20 (32) [217] : 0x00 (0) [218] : 0x00 (0) [219] : 0x00 (0) [220] : 0x26 (38) [221] : 0x02 (2) [222] : 0x00 (0) [223] : 0x00 (0) [224] : 0x00 (0) [225] : 0x02 (2) [226] : 0x18 (24) [227] : 0x00 (0) [228] : 0x0c (12) [229] : 0x00 (0) [230] : 0x0f (15) [231] : 0x10 (16) [232] : 0x01 (1) [233] : 0x02 (2) [234] : 0x00 (0) [235] : 0x00 (0) [236] : 0x00 (0) [237] : 0x00 (0) [238] : 0x00 (0) [239] : 0x05 (5) [240] : 0x20 (32) [241] : 0x00 (0) [242] : 0x00 (0) [243] : 0x00 (0) [244] : 0x26 (38) [245] : 0x02 (2) [246] : 0x00 (0) [247] : 0x00 (0) size : * size : 0x000000f8 (248) length : * length : 0x000000f8 (248) result : WERR_OK [2013/11/07 14:24:53.705268, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000131-0000-0000-7b52-a5947f2c0000 enum_index : 0x00000009 (9) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:53.706170, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 31 01 00 00 00 00 00 00 7B 52 A5 94 ....1... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.706383, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:53.706472, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0016 (22) size : 0x0024 (36) name : * name : 'Share Name' type : * type : REG_SZ (1) value : * value: ARRAY(20) [0] : 0x73 (115) [1] : 0x00 (0) [2] : 0x70 (112) [3] : 0x00 (0) [4] : 0x72 (114) [5] : 0x00 (0) [6] : 0x69 (105) [7] : 0x00 (0) [8] : 0x6e (110) [9] : 0x00 (0) [10] : 0x74 (116) [11] : 0x00 (0) [12] : 0x65 (101) [13] : 0x00 (0) [14] : 0x72 (114) [15] : 0x00 (0) [16] : 0x31 (49) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) size : * size : 0x00000014 (20) length : * length : 0x00000014 (20) result : WERR_OK [2013/11/07 14:24:53.707966, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000131-0000-0000-7b52-a5947f2c0000 enum_index : 0x0000000a (10) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:53.708868, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 31 01 00 00 00 00 00 00 7B 52 A5 94 ....1... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.709017, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:53.709104, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0014 (20) size : 0x0024 (36) name : * name : 'StartTime' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:53.710078, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000131-0000-0000-7b52-a5947f2c0000 enum_index : 0x0000000b (11) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:53.710942, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 31 01 00 00 00 00 00 00 7B 52 A5 94 ....1... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.711092, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:53.711194, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0014 (20) size : 0x0024 (36) name : * name : 'UntilTime' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:53.712067, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000131-0000-0000-7b52-a5947f2c0000 enum_index : 0x0000000c (12) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:53.712956, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 31 01 00 00 00 00 00 00 7B 52 A5 94 ....1... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.713105, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:53.713191, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'ChangeID' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x33 (51) [1] : 0xac (172) [2] : 0x0e (14) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:53.714166, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000131-0000-0000-7b52-a5947f2c0000 value_name : * value_name: struct winreg_String name_len : 0x0020 (32) name_size : 0x0020 (32) name : * name : 'Default DevMode' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2013/11/07 14:24:53.714941, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 31 01 00 00 00 00 00 00 7B 52 A5 94 ....1... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.715091, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:53.715174, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2013/11/07 14:24:53.715262, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:316(_winreg_QueryValue) _winreg_QueryValue: reg_queryvalue failed with: WERR_BADFILE [2013/11/07 14:24:53.715343, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) result : WERR_BADFILE [2013/11/07 14:24:53.715802, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:24:53.716309, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2013/11/07 14:24:53.716419, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (2->3) [2013/11/07 14:24:53.716522, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2013/11/07 14:24:53.716602, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2013/11/07 14:24:53.716686, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:53.716765, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM] [2013/11/07 14:24:53.716885, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2013/11/07 14:24:53.716988, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:24:53.717076, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[3] [0000] 00 00 00 00 32 01 00 00 00 00 00 00 7B 52 A5 94 ....2... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.717226, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000132-0000-0000-7b52-a5947f2c0000 result : WERR_OK [2013/11/07 14:24:53.717606, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000132-0000-0000-7b52-a5947f2c0000 keyname: struct winreg_String name_len : 0x008c (140) name_size : 0x008c (140) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:24:53.718755, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 32 01 00 00 00 00 00 00 7B 52 A5 94 ....2... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.718914, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2013/11/07 14:24:53.719015, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (3->4) [2013/11/07 14:24:53.719100, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2013/11/07 14:24:53.719180, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2013/11/07 14:24:53.719264, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:53.719344, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE] [2013/11/07 14:24:53.719458, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2013/11/07 14:24:53.719559, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2013/11/07 14:24:53.719642, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (4->5) [2013/11/07 14:24:53.719726, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:53.719806, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:53.719890, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:53.719969, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:53.720077, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:53.720176, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2013/11/07 14:24:53.720259, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (5->6) [2013/11/07 14:24:53.720344, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:53.720456, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:53.720541, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:53.720620, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:53.720723, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:53.720838, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2013/11/07 14:24:53.720920, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (6->7) [2013/11/07 14:24:53.721007, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:53.721086, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:53.721172, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:53.721251, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:53.721432, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2013/11/07 14:24:53.721515, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (7->8) [2013/11/07 14:24:53.721603, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:53.721684, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:53.721772, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:53.721851, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:53.721960, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2013/11/07 14:24:53.722043, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (8->9) [2013/11/07 14:24:53.722128, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:53.722210, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:53.722300, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:53.722380, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:53.722486, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:53.722602, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [sprinter1] [2013/11/07 14:24:53.722686, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (9->10) [2013/11/07 14:24:53.722772, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:53.722853, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:53.722941, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:53.723020, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:53.723133, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:53.723235, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:24:53.723321, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (10->9) [2013/11/07 14:24:53.723405, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (9->8) [2013/11/07 14:24:53.723489, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (8->7) [2013/11/07 14:24:53.723572, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (7->6) [2013/11/07 14:24:53.723656, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (6->5) [2013/11/07 14:24:53.723740, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (5->4) [2013/11/07 14:24:53.723825, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[4] [0000] 00 00 00 00 33 01 00 00 00 00 00 00 7B 52 A5 94 ....3... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.723977, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000133-0000-0000-7b52-a5947f2c0000 result : WERR_OK [2013/11/07 14:24:53.724337, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000133-0000-0000-7b52-a5947f2c0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2013/11/07 14:24:53.725158, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 33 01 00 00 00 00 00 00 7B 52 A5 94 ....3... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.725338, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:53.725421, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2013/11/07 14:24:53.725504, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' (ops 0xb6d86bc0) [2013/11/07 14:24:53.725588, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:53.725696, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[0]: name[Attributes] len[4] [2013/11/07 14:24:53.725781, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[1]: name[Description] len[2] [2013/11/07 14:24:53.725865, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[2]: name[Datatype] len[8] [2013/11/07 14:24:53.725949, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[3]: name[Default Priority] len[4] [2013/11/07 14:24:53.726033, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[4]: name[Port] len[38] [2013/11/07 14:24:53.726118, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[5]: name[Name] len[20] [2013/11/07 14:24:53.726203, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[6]: name[Print Processor] len[18] [2013/11/07 14:24:53.726287, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[7]: name[Priority] len[4] [2013/11/07 14:24:53.726385, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[8]: name[Security] len[248] [2013/11/07 14:24:53.726471, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[9]: name[Share Name] len[20] [2013/11/07 14:24:53.726556, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[10]: name[StartTime] len[4] [2013/11/07 14:24:53.726642, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[11]: name[UntilTime] len[4] [2013/11/07 14:24:53.726727, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[12]: name[ChangeID] len[4] [2013/11/07 14:24:53.726813, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : NULL data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x00000000 (0) result : WERR_OK [2013/11/07 14:24:53.727267, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000133-0000-0000-7b52-a5947f2c0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_BINARY (3) data : * data: ARRAY(0) data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x00000000 (0) [2013/11/07 14:24:53.728083, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 33 01 00 00 00 00 00 00 7B 52 A5 94 ....3... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.728232, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:53.728314, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2013/11/07 14:24:53.728427, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : * data: ARRAY(248) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0xc4 (196) [55] : 0x00 (0) [56] : 0x07 (7) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x24 (36) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x05 (5) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x15 (21) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0xcd (205) [101] : 0x0e (14) [102] : 0x37 (55) [103] : 0x41 (65) [104] : 0xea (234) [105] : 0x03 (3) [106] : 0x00 (0) [107] : 0x1d (29) [108] : 0x0e (14) [109] : 0x89 (137) [110] : 0x3c (60) [111] : 0xd2 (210) [112] : 0x00 (0) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x02 (2) [118] : 0x24 (36) [119] : 0x00 (0) [120] : 0x0c (12) [121] : 0x00 (0) [122] : 0x0f (15) [123] : 0x10 (16) [124] : 0x01 (1) [125] : 0x05 (5) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x05 (5) [132] : 0x15 (21) [133] : 0x00 (0) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0xcd (205) [137] : 0x0e (14) [138] : 0x37 (55) [139] : 0x41 (65) [140] : 0xea (234) [141] : 0x03 (3) [142] : 0x00 (0) [143] : 0x1d (29) [144] : 0x0e (14) [145] : 0x89 (137) [146] : 0x3c (60) [147] : 0xd2 (210) [148] : 0x00 (0) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x09 (9) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x20 (32) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x02 (2) [178] : 0x18 (24) [179] : 0x00 (0) [180] : 0x0c (12) [181] : 0x00 (0) [182] : 0x0f (15) [183] : 0x10 (16) [184] : 0x01 (1) [185] : 0x02 (2) [186] : 0x00 (0) [187] : 0x00 (0) [188] : 0x00 (0) [189] : 0x00 (0) [190] : 0x00 (0) [191] : 0x05 (5) [192] : 0x20 (32) [193] : 0x00 (0) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x20 (32) [197] : 0x02 (2) [198] : 0x00 (0) [199] : 0x00 (0) [200] : 0x00 (0) [201] : 0x09 (9) [202] : 0x18 (24) [203] : 0x00 (0) [204] : 0x0c (12) [205] : 0x00 (0) [206] : 0x0f (15) [207] : 0x10 (16) [208] : 0x01 (1) [209] : 0x02 (2) [210] : 0x00 (0) [211] : 0x00 (0) [212] : 0x00 (0) [213] : 0x00 (0) [214] : 0x00 (0) [215] : 0x05 (5) [216] : 0x20 (32) [217] : 0x00 (0) [218] : 0x00 (0) [219] : 0x00 (0) [220] : 0x26 (38) [221] : 0x02 (2) [222] : 0x00 (0) [223] : 0x00 (0) [224] : 0x00 (0) [225] : 0x02 (2) [226] : 0x18 (24) [227] : 0x00 (0) [228] : 0x0c (12) [229] : 0x00 (0) [230] : 0x0f (15) [231] : 0x10 (16) [232] : 0x01 (1) [233] : 0x02 (2) [234] : 0x00 (0) [235] : 0x00 (0) [236] : 0x00 (0) [237] : 0x00 (0) [238] : 0x00 (0) [239] : 0x05 (5) [240] : 0x20 (32) [241] : 0x00 (0) [242] : 0x00 (0) [243] : 0x00 (0) [244] : 0x26 (38) [245] : 0x02 (2) [246] : 0x00 (0) [247] : 0x00 (0) data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x000000f8 (248) result : WERR_OK [2013/11/07 14:24:53.738866, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000133-0000-0000-7b52-a5947f2c0000 [2013/11/07 14:24:53.739150, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 33 01 00 00 00 00 00 00 7B 52 A5 94 ....3... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.739300, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 33 01 00 00 00 00 00 00 7B 52 A5 94 ....3... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.739448, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:24:53.739534, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (4->3) [2013/11/07 14:24:53.739618, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:24:53.739970, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000132-0000-0000-7b52-a5947f2c0000 [2013/11/07 14:24:53.740249, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 32 01 00 00 00 00 00 00 7B 52 A5 94 ....2... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.740427, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 32 01 00 00 00 00 00 00 7B 52 A5 94 ....2... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.740582, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:24:53.740665, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (3->2) [2013/11/07 14:24:53.740748, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:24:53.741086, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000131-0000-0000-7b52-a5947f2c0000 [2013/11/07 14:24:53.741403, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 31 01 00 00 00 00 00 00 7B 52 A5 94 ....1... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.741555, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 31 01 00 00 00 00 00 00 7B 52 A5 94 ....1... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.741705, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:24:53.741793, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (2->1) [2013/11/07 14:24:53.741877, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:24:53.742227, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000130-0000-0000-7b52-a5947f2c0000 [2013/11/07 14:24:53.742507, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 30 01 00 00 00 00 00 00 7B 52 A5 94 ....0... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.742655, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 30 01 00 00 00 00 00 00 7B 52 A5 94 ....0... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.742802, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:24:53.742885, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (1->0) [2013/11/07 14:24:53.742990, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:24:53.743329, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:416(close_policy_by_pipe) Deleted handle list for RPC connection \winreg [2013/11/07 14:24:53.743543, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) spoolss_GetPrinter: struct spoolss_GetPrinter out: struct spoolss_GetPrinter info : * info : union spoolss_PrinterInfo(case 2) info2: struct spoolss_PrinterInfo2 servername : * servername : '\\SLAVER' printername : * printername : '\\SLAVER\sprinter1' sharename : * sharename : 'sprinter1' portname : * portname : 'Samba Printer Port' drivername : * drivername : '' comment : * comment : '' location : * location : '' devmode : * devmode: struct spoolss_DeviceMode devicename : '\\SLAVER\sprinter1' specversion : DMSPEC_NT4_AND_ABOVE (1025) driverversion : 0x0400 (1024) size : 0x00dc (220) __driverextra_length : 0x0000 (0) fields : 0x00014713 (83731) 1: DEVMODE_ORIENTATION 1: DEVMODE_PAPERSIZE 0: DEVMODE_PAPERLENGTH 0: DEVMODE_PAPERWIDTH 1: DEVMODE_SCALE 0: DEVMODE_POSITION 0: DEVMODE_NUP 1: DEVMODE_COPIES 1: DEVMODE_DEFAULTSOURCE 1: DEVMODE_PRINTQUALITY 0: DEVMODE_COLOR 0: DEVMODE_DUPLEX 0: DEVMODE_YRESOLUTION 1: DEVMODE_TTOPTION 0: DEVMODE_COLLATE 1: DEVMODE_FORMNAME 0: DEVMODE_LOGPIXELS 0: DEVMODE_BITSPERPEL 0: DEVMODE_PELSWIDTH 0: DEVMODE_PELSHEIGHT 0: DEVMODE_DISPLAYFLAGS 0: DEVMODE_DISPLAYFREQUENCY 0: DEVMODE_ICMMETHOD 0: DEVMODE_ICMINTENT 0: DEVMODE_MEDIATYPE 0: DEVMODE_DITHERTYPE 0: DEVMODE_PANNINGWIDTH 0: DEVMODE_PANNINGHEIGHT orientation : DMORIENT_PORTRAIT (1) papersize : DMPAPER_LETTER (1) paperlength : 0x0000 (0) paperwidth : 0x0000 (0) scale : 0x0064 (100) copies : 0x0001 (1) defaultsource : DMBIN_FORMSOURCE (15) printquality : DMRES_HIGH (65532) color : DMRES_MONOCHROME (1) duplex : DMDUP_SIMPLEX (1) yresolution : 0x0000 (0) ttoption : DMTT_SUBDEV (3) collate : DMCOLLATE_FALSE (0) formname : 'Letter' logpixels : 0x0000 (0) bitsperpel : 0x00000000 (0) pelswidth : 0x00000000 (0) pelsheight : 0x00000000 (0) displayflags : UNKNOWN_ENUM_VALUE (0) displayfrequency : 0x00000000 (0) icmmethod : UNKNOWN_ENUM_VALUE (0) icmintent : UNKNOWN_ENUM_VALUE (0) mediatype : UNKNOWN_ENUM_VALUE (0) dithertype : UNKNOWN_ENUM_VALUE (0) reserved1 : 0x00000000 (0) reserved2 : 0x00000000 (0) panningwidth : 0x00000000 (0) panningheight : 0x00000000 (0) driverextra_data : DATA_BLOB length=0 sepfile : * sepfile : '' printprocessor : * printprocessor : 'winprint' datatype : * datatype : 'RAW' parameters : * parameters : '' secdesc : * secdesc: struct security_descriptor revision : SECURITY_DESCRIPTOR_REVISION_1 (1) type : 0x8004 (32772) 0: SEC_DESC_OWNER_DEFAULTED 0: SEC_DESC_GROUP_DEFAULTED 1: SEC_DESC_DACL_PRESENT 0: SEC_DESC_DACL_DEFAULTED 0: SEC_DESC_SACL_PRESENT 0: SEC_DESC_SACL_DEFAULTED 0: SEC_DESC_DACL_TRUSTED 0: SEC_DESC_SERVER_SECURITY 0: SEC_DESC_DACL_AUTO_INHERIT_REQ 0: SEC_DESC_SACL_AUTO_INHERIT_REQ 0: SEC_DESC_DACL_AUTO_INHERITED 0: SEC_DESC_SACL_AUTO_INHERITED 0: SEC_DESC_DACL_PROTECTED 0: SEC_DESC_SACL_PROTECTED 0: SEC_DESC_RM_CONTROL_VALID 1: SEC_DESC_SELF_RELATIVE owner_sid : * owner_sid : S-1-5-32-544 group_sid : * group_sid : S-1-5-32-544 sacl : NULL dacl : * dacl: struct security_acl revision : SECURITY_ACL_REVISION_NT4 (2) size : 0x00c4 (196) num_aces : 0x00000007 (7) aces: ARRAY(7) aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0014 (20) access_mask : 0x20020008 (537001992) object : union security_ace_object_ctr(case 0) trustee : S-1-1-0 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x09 (9) 1: SEC_ACE_FLAG_OBJECT_INHERIT 0: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 1: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0024 (36) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-21-1094127309-486540266-3527182606-512 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0024 (36) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-21-1094127309-486540266-3527182606-512 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x09 (9) 1: SEC_ACE_FLAG_OBJECT_INHERIT 0: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 1: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-544 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-544 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x09 (9) 1: SEC_ACE_FLAG_OBJECT_INHERIT 0: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 1: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-550 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-550 attributes : 0x00001048 (4168) 0: PRINTER_ATTRIBUTE_QUEUED 0: PRINTER_ATTRIBUTE_DIRECT 0: PRINTER_ATTRIBUTE_DEFAULT 1: PRINTER_ATTRIBUTE_SHARED 0: PRINTER_ATTRIBUTE_NETWORK 0: PRINTER_ATTRIBUTE_HIDDEN 1: PRINTER_ATTRIBUTE_LOCAL 0: PRINTER_ATTRIBUTE_ENABLE_DEVQ 0: PRINTER_ATTRIBUTE_KEEPPRINTEDJOBS 0: PRINTER_ATTRIBUTE_DO_COMPLETE_FIRST 0: PRINTER_ATTRIBUTE_WORK_OFFLINE 0: PRINTER_ATTRIBUTE_ENABLE_BIDI 1: PRINTER_ATTRIBUTE_RAW_ONLY 0: PRINTER_ATTRIBUTE_PUBLISHED 0: PRINTER_ATTRIBUTE_FAX 0: PRINTER_ATTRIBUTE_TS priority : 0x00000001 (1) defaultpriority : 0x00000001 (1) starttime : 0x00000000 (0) untiltime : 0x00000000 (0) status : 0x00000000 (0) 0: PRINTER_STATUS_PAUSED 0: PRINTER_STATUS_ERROR 0: PRINTER_STATUS_PENDING_DELETION 0: PRINTER_STATUS_PAPER_JAM 0: PRINTER_STATUS_PAPER_OUT 0: PRINTER_STATUS_MANUAL_FEED 0: PRINTER_STATUS_PAPER_PROBLEM 0: PRINTER_STATUS_OFFLINE 0: PRINTER_STATUS_IO_ACTIVE 0: PRINTER_STATUS_BUSY 0: PRINTER_STATUS_PRINTING 0: PRINTER_STATUS_OUTPUT_BIN_FULL 0: PRINTER_STATUS_NOT_AVAILABLE 0: PRINTER_STATUS_WAITING 0: PRINTER_STATUS_PROCESSING 0: PRINTER_STATUS_INITIALIZING 0: PRINTER_STATUS_WARMING_UP 0: PRINTER_STATUS_TONER_LOW 0: PRINTER_STATUS_NO_TONER 0: PRINTER_STATUS_PAGE_PUNT 0: PRINTER_STATUS_USER_INTERVENTION 0: PRINTER_STATUS_OUT_OF_MEMORY 0: PRINTER_STATUS_DOOR_OPEN 0: PRINTER_STATUS_SERVER_UNKNOWN 0: PRINTER_STATUS_POWER_SAVE cjobs : 0x00000000 (0) averageppm : 0x00000000 (0) needed : * needed : 0x000002f0 (752) result : WERR_OK [2013/11/07 14:24:53.755243, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1417(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2013/11/07 14:24:53.755373, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (2016, 5001) - sec_ctx_stack_ndx = 0 [2013/11/07 14:24:53.755462, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 4140 smbd_smb2_request_pending_queue: req->current_idx = 1 req->in.vector[0].iov_len = 0 req->in.vector[1].iov_len = 0 req->in.vector[2].iov_len = 64 req->in.vector[3].iov_len = 56 req->in.vector[4].iov_len = 4156 req->out.vector[0].iov_len = 4 req->out.vector[1].iov_len = 0 req->out.vector[2].iov_len = 64 req->out.vector[3].iov_len = 8 req->out.vector[4].iov_len = 0 [2013/11/07 14:24:53.755970, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:128(smbd_smb2_ioctl_pipe_write_done) smbd_smb2_ioctl_pipe_write_done: received 4156 [2013/11/07 14:24:53.756055, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:149(smbd_smb2_ioctl_pipe_write_done) smbd_smb2_ioctl_pipe_write_done: issuing np_read_send of size 4136 [2013/11/07 14:24:53.756140, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) name: \spoolss len: 4136 [2013/11/07 14:24:53.756239, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:347(read_from_internal_pipe) read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 4112. [2013/11/07 14:24:53.756337, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x1028 (4136) auth_length : 0x0000 (0) call_id : 0x0000000a (10) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00001010 (4112) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=4112 [0000] 04 00 02 00 00 10 00 00 EE 0F 00 00 C8 0F 00 00 ........ ........ [0010] B4 0F 00 00 8E 0F 00 00 8C 0F 00 00 8A 0F 00 00 ........ ........ [0020] 88 0F 00 00 8C 0E 00 00 86 0F 00 00 74 0F 00 00 ........ ....t... [0030] 6C 0F 00 00 6A 0F 00 00 94 0D 00 00 48 10 00 00 l...j... ....H... [0040] 01 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 01 00 04 80 ........ ........ [0DA0] D8 00 00 00 E8 00 00 00 00 00 00 00 14 00 00 00 ........ ........ [0DB0] 02 00 C4 00 07 00 00 00 00 02 14 00 08 00 02 20 ........ ....... [0DC0] 01 01 00 00 00 00 00 01 00 00 00 00 00 09 24 00 ........ ......$. [0DD0] 0C 00 0F 10 01 05 00 00 00 00 00 05 15 00 00 00 ........ ........ [0DE0] CD 0E 37 41 EA 03 00 1D 0E 89 3C D2 00 02 00 00 ..7A.... ..<..... [0DF0] 00 02 24 00 0C 00 0F 10 01 05 00 00 00 00 00 05 ..$..... ........ [0E00] 15 00 00 00 CD 0E 37 41 EA 03 00 1D 0E 89 3C D2 ......7A ......<. [0E10] 00 02 00 00 00 09 18 00 0C 00 0F 10 01 02 00 00 ........ ........ [0E20] 00 00 00 05 20 00 00 00 20 02 00 00 00 02 18 00 .... ... ....... [0E30] 0C 00 0F 10 01 02 00 00 00 00 00 05 20 00 00 00 ........ .... ... [0E40] 20 02 00 00 00 09 18 00 0C 00 0F 10 01 02 00 00 ....... ........ [0E50] 00 00 00 05 20 00 00 00 26 02 00 00 00 02 18 00 .... ... &....... [0E60] 0C 00 0F 10 01 02 00 00 00 00 00 05 20 00 00 00 ........ .... ... [0E70] 26 02 00 00 01 02 00 00 00 00 00 05 20 00 00 00 &....... .... ... [0E80] 20 02 00 00 01 02 00 00 00 00 00 05 20 00 00 00 ....... .... ... [0E90] 20 02 00 00 5C 00 5C 00 53 00 4C 00 41 00 56 00 ...\.\. S.L.A.V. [0EA0] 45 00 52 00 5C 00 73 00 70 00 72 00 69 00 6E 00 E.R.\.s. p.r.i.n. [0EB0] 74 00 65 00 72 00 31 00 00 00 00 00 00 00 00 00 t.e.r.1. ........ [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0ED0] 00 00 00 00 01 04 00 04 DC 00 00 00 13 47 01 00 ........ .....G.. [0EE0] 01 00 01 00 00 00 00 00 64 00 01 00 0F 00 FC FF ........ d....... [0EF0] 01 00 01 00 00 00 03 00 00 00 4C 00 65 00 74 00 ........ ..L.e.t. [0F00] 74 00 65 00 72 00 00 00 00 00 00 00 00 00 00 00 t.e.r... ........ [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F70] 00 00 00 00 52 00 41 00 57 00 00 00 77 00 69 00 ....R.A. W...w.i. [0F80] 6E 00 70 00 72 00 69 00 6E 00 74 00 00 00 00 00 n.p.r.i. n.t..... [0F90] 00 00 00 00 00 00 53 00 61 00 6D 00 62 00 61 00 ......S. a.m.b.a. [0FA0] 20 00 50 00 72 00 69 00 6E 00 74 00 65 00 72 00 .P.r.i. n.t.e.r. [0FB0] 20 00 50 00 6F 00 72 00 74 00 00 00 73 00 70 00 .P.o.r. t...s.p. [0FC0] 72 00 69 00 6E 00 74 00 65 00 72 00 31 00 00 00 r.i.n.t. e.r.1... [0FD0] 5C 00 5C 00 53 00 4C 00 41 00 56 00 45 00 52 00 \.\.S.L. A.V.E.R. [0FE0] 5C 00 73 00 70 00 72 00 69 00 6E 00 74 00 65 00 \.s.p.r. i.n.t.e. [0FF0] 72 00 31 00 00 00 5C 00 5C 00 53 00 4C 00 41 00 r.1...\. \.S.L.A. [1000] 56 00 45 00 52 00 00 00 F0 02 00 00 00 00 00 00 V.E.R... ........ [2013/11/07 14:24:53.775052, 3, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) free_pipe_context: destroying talloc pool of size 1258 [2013/11/07 14:24:53.775180, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 4136 bytes. There is no more data outstanding [2013/11/07 14:24:53.775263, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:178(smbd_smb2_ioctl_pipe_read_done) smbd_smb2_ioctl_pipe_read_done: np_read_recv nread = 4136 is_data_outstanding = 0, status = NT_STATUS_OK [2013/11/07 14:24:53.775355, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl.c:291(smbd_smb2_request_ioctl_done) smbd_smb2_request_ioctl_done: smbd_smb2_ioctl_recv returned 4136 status NT_STATUS_OK [2013/11/07 14:24:53.775439, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[48] dyn[yes:4136] at ../source3/smbd/smb2_ioctl.c:358 [2013/11/07 14:24:53.775527, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/177/127 [2013/11/07 14:24:53.779645, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) smbd_smb2_request_incoming: idx[1] of 5 vectors [2013/11/07 14:24:53.779960, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) smb2_validate_sequence_number: clearing id 177 (position 177) from bitmap [2013/11/07 14:24:53.780208, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) smbd_smb2_request_dispatch: opcode[SMB2_OP_IOCTL] mid = 177 [2013/11/07 14:24:53.780616, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2013/11/07 14:24:53.780844, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) mid 177, CreditCharge: 1, NeededCharge: 1 [2013/11/07 14:24:53.781052, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl.c:394(smbd_smb2_ioctl_send) smbd_smb2_ioctl: ctl_code[0x0011c017] spoolss, fnum 3571729150 [2013/11/07 14:24:53.781273, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:59(smb2_ioctl_named_pipe) smbd_smb2_ioctl_send: np_write_send of size 4156 [2013/11/07 14:24:53.781612, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 4156 [2013/11/07 14:24:53.781819, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 4156 [2013/11/07 14:24:53.782021, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 4156 [2013/11/07 14:24:53.782223, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) fill_rpc_header: data_to_copy = 4156, len_needed_to_complete_hdr = 16, receive_len = 0 [2013/11/07 14:24:53.782428, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 16 [2013/11/07 14:24:53.782626, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 4140 [2013/11/07 14:24:53.782824, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 4140 [2013/11/07 14:24:53.783038, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 0 [2013/11/07 14:24:53.783236, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 4140 [2013/11/07 14:24:53.783433, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 4140, incoming data = 4140 [2013/11/07 14:24:53.783643, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) PDU is in Little Endian format! [2013/11/07 14:24:53.783869, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x103c (4156) auth_length : 0x0000 (0) call_id : 0x0000000b (11) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x00001024 (4132) context_id : 0x0000 (0) opnum : 0x0008 (8) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=4132 [0000] 00 00 00 00 0F 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 02 00 00 00 00 00 02 00 00 10 00 00 .,...... ........ [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1020] 00 10 00 00 .... [2013/11/07 14:24:53.810846, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) Processing packet type 0 [2013/11/07 14:24:53.810936, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1472(dcesrv_auth_request) Checking request auth. [2013/11/07 14:24:53.811031, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(2016, 5001) : sec_ctx_stack_ndx = 1 [2013/11/07 14:24:53.811137, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (2016, 5001) - sec_ctx_stack_ndx = 1 [2013/11/07 14:24:53.811221, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (7): SID[ 0]: S-1-5-21-1094127309-486540266-3527182606-1118 SID[ 1]: S-1-5-21-1094127309-486540266-3527182606-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-32-545 SID[ 6]: S-1-5-32-554 Privileges (0x 800000): Privilege[ 0]: SeChangeNotifyPrivilege Rights (0x 400): Right[ 0]: SeRemoteInteractiveLogonRight [2013/11/07 14:24:53.811705, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 2016 Primary group is 5001 and contains 6 supplementary groups Group[ 0]: 5001 Group[ 1]: 5012 Group[ 2]: 5032 Group[ 3]: 5010 Group[ 4]: 5067 Group[ 5]: 5052 [2013/11/07 14:24:53.812052, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1324(api_pipe_request) Requested \spoolss rpc service [2013/11/07 14:24:53.812140, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1356(api_rpcTNP) api_rpcTNP: \spoolss op 0x8 - api_rpcTNP: rpc command: SPOOLSS_GETPRINTER [2013/11/07 14:24:53.812226, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1390(api_rpcTNP) api_rpc_cmds[8].fn == 0xb766e000 [2013/11/07 14:24:53.812315, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) spoolss_GetPrinter: struct spoolss_GetPrinter in: struct spoolss_GetPrinter handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000010f-0000-0000-7b52-a4947f2c0000 level : 0x00000002 (2) buffer : * buffer : DATA_BLOB length=4096 [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ offered : 0x00001000 (4096) [2013/11/07 14:24:53.829956, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0F 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.830116, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0F 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.830266, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:489(get_printer_snum) short name:sprinter1 [2013/11/07 14:24:53.830454, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) Create pipe requested \winreg [2013/11/07 14:24:53.830549, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:221(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \winreg [2013/11/07 14:24:53.830633, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg [2013/11/07 14:24:53.830778, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) Created internal pipe \winreg [2013/11/07 14:24:53.830896, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:24:53.831421, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2013/11/07 14:24:53.831506, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(2016, 5001) : sec_ctx_stack_ndx = 2 [2013/11/07 14:24:53.831594, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:485(push_conn_ctx) push_conn_ctx(2620291195) : conn_ctx_stack_ndx = 0 [2013/11/07 14:24:53.831676, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/11/07 14:24:53.831756, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/11/07 14:24:53.831835, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/11/07 14:24:53.832087, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (2016, 5001) - sec_ctx_stack_ndx = 1 [2013/11/07 14:24:53.832173, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:866(regdb_open) regdb_open: registry db opened. refcount reset (1) [2013/11/07 14:24:53.832259, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2013/11/07 14:24:53.832339, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2013/11/07 14:24:53.832486, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:53.832566, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM] [2013/11/07 14:24:53.832696, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2013/11/07 14:24:53.832800, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:24:53.832889, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 34 01 00 00 00 00 00 00 7B 52 A5 94 ....4... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.833040, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000134-0000-0000-7b52-a5947f2c0000 result : WERR_OK [2013/11/07 14:24:53.833649, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000134-0000-0000-7b52-a5947f2c0000 keyname: struct winreg_String name_len : 0x008c (140) name_size : 0x008c (140) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:24:53.834665, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 34 01 00 00 00 00 00 00 7B 52 A5 94 ....4... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.834819, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2013/11/07 14:24:53.834900, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (1->2) [2013/11/07 14:24:53.834984, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2013/11/07 14:24:53.835062, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2013/11/07 14:24:53.835146, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:53.835224, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE] [2013/11/07 14:24:53.835335, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2013/11/07 14:24:53.835436, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2013/11/07 14:24:53.835517, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (2->3) [2013/11/07 14:24:53.835601, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:53.835680, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:53.835763, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:53.835841, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:53.835961, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:53.836060, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2013/11/07 14:24:53.836141, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (3->4) [2013/11/07 14:24:53.836225, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:53.836304, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:53.836421, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:53.836504, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:53.836606, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:53.836709, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2013/11/07 14:24:53.836791, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (4->5) [2013/11/07 14:24:53.836875, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:53.836954, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:53.837039, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:53.837117, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:53.837242, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2013/11/07 14:24:53.837355, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (5->6) [2013/11/07 14:24:53.837439, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:53.837520, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:53.837608, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:53.837702, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:53.837811, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2013/11/07 14:24:53.837893, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (6->7) [2013/11/07 14:24:53.837980, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:53.838060, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:53.838148, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:53.838226, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:53.838329, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:53.838431, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [sprinter1] [2013/11/07 14:24:53.838513, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (7->8) [2013/11/07 14:24:53.838598, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:53.838679, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:53.838768, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:53.838848, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:53.838974, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:53.839077, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:24:53.839162, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (8->7) [2013/11/07 14:24:53.839246, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (7->6) [2013/11/07 14:24:53.839343, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (6->5) [2013/11/07 14:24:53.839425, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (5->4) [2013/11/07 14:24:53.839507, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (4->3) [2013/11/07 14:24:53.839590, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (3->2) [2013/11/07 14:24:53.839673, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 35 01 00 00 00 00 00 00 7B 52 A5 94 ....5... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.839822, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000135-0000-0000-7b52-a5947f2c0000 result : WERR_OK [2013/11/07 14:24:53.840170, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey in: struct winreg_QueryInfoKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000135-0000-0000-7b52-a5947f2c0000 classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL [2013/11/07 14:24:53.840673, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 35 01 00 00 00 00 00 00 7B 52 A5 94 ....5... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.840829, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' (ops 0xb6d86bc0) [2013/11/07 14:24:53.840912, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:53.841031, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[0]: name[Attributes] len[4] [2013/11/07 14:24:53.841116, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[1]: name[Description] len[2] [2013/11/07 14:24:53.841200, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[2]: name[Datatype] len[8] [2013/11/07 14:24:53.841332, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[3]: name[Default Priority] len[4] [2013/11/07 14:24:53.841433, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[4]: name[Port] len[38] [2013/11/07 14:24:53.841518, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[5]: name[Name] len[20] [2013/11/07 14:24:53.841602, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[6]: name[Print Processor] len[18] [2013/11/07 14:24:53.841687, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[7]: name[Priority] len[4] [2013/11/07 14:24:53.841772, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[8]: name[Security] len[248] [2013/11/07 14:24:53.841856, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[9]: name[Share Name] len[20] [2013/11/07 14:24:53.841941, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[10]: name[StartTime] len[4] [2013/11/07 14:24:53.842026, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[11]: name[UntilTime] len[4] [2013/11/07 14:24:53.842111, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[12]: name[ChangeID] len[4] [2013/11/07 14:24:53.842201, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:53.842306, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey out: struct winreg_QueryInfoKey classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL num_subkeys : * num_subkeys : 0x00000003 (3) max_subkeylen : * max_subkeylen : 0x00000022 (34) max_classlen : * max_classlen : 0x00000000 (0) num_values : * num_values : 0x0000000d (13) max_valnamelen : * max_valnamelen : 0x00000022 (34) max_valbufsize : * max_valbufsize : 0x000000f8 (248) secdescsize : * secdescsize : 0x00000078 (120) last_changed_time : * last_changed_time : NTTIME(0) result : WERR_OK [2013/11/07 14:24:53.843286, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000135-0000-0000-7b52-a5947f2c0000 enum_index : 0x00000000 (0) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:53.844145, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 35 01 00 00 00 00 00 00 7B 52 A5 94 ....5... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.844294, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:53.844382, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0016 (22) size : 0x0024 (36) name : * name : 'Attributes' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x48 (72) [1] : 0x10 (16) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:53.845333, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000135-0000-0000-7b52-a5947f2c0000 enum_index : 0x00000001 (1) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:53.846176, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 35 01 00 00 00 00 00 00 7B 52 A5 94 ....5... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.846338, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:53.846425, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0018 (24) size : 0x0024 (36) name : * name : 'Description' type : * type : REG_SZ (1) value : * value: ARRAY(2) [0] : 0x00 (0) [1] : 0x00 (0) size : * size : 0x00000002 (2) length : * length : 0x00000002 (2) result : WERR_OK [2013/11/07 14:24:53.847253, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000135-0000-0000-7b52-a5947f2c0000 enum_index : 0x00000002 (2) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:53.848097, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 35 01 00 00 00 00 00 00 7B 52 A5 94 ....5... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.848246, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:53.848334, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Datatype' type : * type : REG_SZ (1) value : * value: ARRAY(8) [0] : 0x52 (82) [1] : 0x00 (0) [2] : 0x41 (65) [3] : 0x00 (0) [4] : 0x57 (87) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) size : * size : 0x00000008 (8) length : * length : 0x00000008 (8) result : WERR_OK [2013/11/07 14:24:53.849424, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000135-0000-0000-7b52-a5947f2c0000 enum_index : 0x00000003 (3) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:53.850263, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 35 01 00 00 00 00 00 00 7B 52 A5 94 ....5... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.850414, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:53.850501, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0022 (34) size : 0x0024 (36) name : * name : 'Default Priority' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:53.851361, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000135-0000-0000-7b52-a5947f2c0000 enum_index : 0x00000004 (4) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:53.852234, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 35 01 00 00 00 00 00 00 7B 52 A5 94 ....5... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.852381, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:53.852497, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x000a (10) size : 0x0024 (36) name : * name : 'Port' type : * type : REG_SZ (1) value : * value: ARRAY(38) [0] : 0x53 (83) [1] : 0x00 (0) [2] : 0x61 (97) [3] : 0x00 (0) [4] : 0x6d (109) [5] : 0x00 (0) [6] : 0x62 (98) [7] : 0x00 (0) [8] : 0x61 (97) [9] : 0x00 (0) [10] : 0x20 (32) [11] : 0x00 (0) [12] : 0x50 (80) [13] : 0x00 (0) [14] : 0x72 (114) [15] : 0x00 (0) [16] : 0x69 (105) [17] : 0x00 (0) [18] : 0x6e (110) [19] : 0x00 (0) [20] : 0x74 (116) [21] : 0x00 (0) [22] : 0x65 (101) [23] : 0x00 (0) [24] : 0x72 (114) [25] : 0x00 (0) [26] : 0x20 (32) [27] : 0x00 (0) [28] : 0x50 (80) [29] : 0x00 (0) [30] : 0x6f (111) [31] : 0x00 (0) [32] : 0x72 (114) [33] : 0x00 (0) [34] : 0x74 (116) [35] : 0x00 (0) [36] : 0x00 (0) [37] : 0x00 (0) size : * size : 0x00000026 (38) length : * length : 0x00000026 (38) result : WERR_OK [2013/11/07 14:24:53.854731, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000135-0000-0000-7b52-a5947f2c0000 enum_index : 0x00000005 (5) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:53.855576, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 35 01 00 00 00 00 00 00 7B 52 A5 94 ....5... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.855724, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:53.855810, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x000a (10) size : 0x0024 (36) name : * name : 'Name' type : * type : REG_SZ (1) value : * value: ARRAY(20) [0] : 0x73 (115) [1] : 0x00 (0) [2] : 0x70 (112) [3] : 0x00 (0) [4] : 0x72 (114) [5] : 0x00 (0) [6] : 0x69 (105) [7] : 0x00 (0) [8] : 0x6e (110) [9] : 0x00 (0) [10] : 0x74 (116) [11] : 0x00 (0) [12] : 0x65 (101) [13] : 0x00 (0) [14] : 0x72 (114) [15] : 0x00 (0) [16] : 0x31 (49) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) size : * size : 0x00000014 (20) length : * length : 0x00000014 (20) result : WERR_OK [2013/11/07 14:24:53.857392, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000135-0000-0000-7b52-a5947f2c0000 enum_index : 0x00000006 (6) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:53.858237, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 35 01 00 00 00 00 00 00 7B 52 A5 94 ....5... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.858385, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:53.858472, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0020 (32) size : 0x0024 (36) name : * name : 'Print Processor' type : * type : REG_SZ (1) value : * value: ARRAY(18) [0] : 0x77 (119) [1] : 0x00 (0) [2] : 0x69 (105) [3] : 0x00 (0) [4] : 0x6e (110) [5] : 0x00 (0) [6] : 0x70 (112) [7] : 0x00 (0) [8] : 0x72 (114) [9] : 0x00 (0) [10] : 0x69 (105) [11] : 0x00 (0) [12] : 0x6e (110) [13] : 0x00 (0) [14] : 0x74 (116) [15] : 0x00 (0) [16] : 0x00 (0) [17] : 0x00 (0) size : * size : 0x00000012 (18) length : * length : 0x00000012 (18) result : WERR_OK [2013/11/07 14:24:53.859881, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000135-0000-0000-7b52-a5947f2c0000 enum_index : 0x00000007 (7) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:53.860815, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 35 01 00 00 00 00 00 00 7B 52 A5 94 ....5... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.860964, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:53.861051, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Priority' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:53.861950, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000135-0000-0000-7b52-a5947f2c0000 enum_index : 0x00000008 (8) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:53.862805, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 35 01 00 00 00 00 00 00 7B 52 A5 94 ....5... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.862956, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:53.863043, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Security' type : * type : REG_BINARY (3) value : * value: ARRAY(248) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0xc4 (196) [55] : 0x00 (0) [56] : 0x07 (7) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x24 (36) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x05 (5) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x15 (21) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0xcd (205) [101] : 0x0e (14) [102] : 0x37 (55) [103] : 0x41 (65) [104] : 0xea (234) [105] : 0x03 (3) [106] : 0x00 (0) [107] : 0x1d (29) [108] : 0x0e (14) [109] : 0x89 (137) [110] : 0x3c (60) [111] : 0xd2 (210) [112] : 0x00 (0) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x02 (2) [118] : 0x24 (36) [119] : 0x00 (0) [120] : 0x0c (12) [121] : 0x00 (0) [122] : 0x0f (15) [123] : 0x10 (16) [124] : 0x01 (1) [125] : 0x05 (5) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x05 (5) [132] : 0x15 (21) [133] : 0x00 (0) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0xcd (205) [137] : 0x0e (14) [138] : 0x37 (55) [139] : 0x41 (65) [140] : 0xea (234) [141] : 0x03 (3) [142] : 0x00 (0) [143] : 0x1d (29) [144] : 0x0e (14) [145] : 0x89 (137) [146] : 0x3c (60) [147] : 0xd2 (210) [148] : 0x00 (0) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x09 (9) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x20 (32) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x02 (2) [178] : 0x18 (24) [179] : 0x00 (0) [180] : 0x0c (12) [181] : 0x00 (0) [182] : 0x0f (15) [183] : 0x10 (16) [184] : 0x01 (1) [185] : 0x02 (2) [186] : 0x00 (0) [187] : 0x00 (0) [188] : 0x00 (0) [189] : 0x00 (0) [190] : 0x00 (0) [191] : 0x05 (5) [192] : 0x20 (32) [193] : 0x00 (0) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x20 (32) [197] : 0x02 (2) [198] : 0x00 (0) [199] : 0x00 (0) [200] : 0x00 (0) [201] : 0x09 (9) [202] : 0x18 (24) [203] : 0x00 (0) [204] : 0x0c (12) [205] : 0x00 (0) [206] : 0x0f (15) [207] : 0x10 (16) [208] : 0x01 (1) [209] : 0x02 (2) [210] : 0x00 (0) [211] : 0x00 (0) [212] : 0x00 (0) [213] : 0x00 (0) [214] : 0x00 (0) [215] : 0x05 (5) [216] : 0x20 (32) [217] : 0x00 (0) [218] : 0x00 (0) [219] : 0x00 (0) [220] : 0x26 (38) [221] : 0x02 (2) [222] : 0x00 (0) [223] : 0x00 (0) [224] : 0x00 (0) [225] : 0x02 (2) [226] : 0x18 (24) [227] : 0x00 (0) [228] : 0x0c (12) [229] : 0x00 (0) [230] : 0x0f (15) [231] : 0x10 (16) [232] : 0x01 (1) [233] : 0x02 (2) [234] : 0x00 (0) [235] : 0x00 (0) [236] : 0x00 (0) [237] : 0x00 (0) [238] : 0x00 (0) [239] : 0x05 (5) [240] : 0x20 (32) [241] : 0x00 (0) [242] : 0x00 (0) [243] : 0x00 (0) [244] : 0x26 (38) [245] : 0x02 (2) [246] : 0x00 (0) [247] : 0x00 (0) size : * size : 0x000000f8 (248) length : * length : 0x000000f8 (248) result : WERR_OK [2013/11/07 14:24:53.873553, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000135-0000-0000-7b52-a5947f2c0000 enum_index : 0x00000009 (9) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:53.874405, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 35 01 00 00 00 00 00 00 7B 52 A5 94 ....5... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.874554, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:53.874641, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0016 (22) size : 0x0024 (36) name : * name : 'Share Name' type : * type : REG_SZ (1) value : * value: ARRAY(20) [0] : 0x73 (115) [1] : 0x00 (0) [2] : 0x70 (112) [3] : 0x00 (0) [4] : 0x72 (114) [5] : 0x00 (0) [6] : 0x69 (105) [7] : 0x00 (0) [8] : 0x6e (110) [9] : 0x00 (0) [10] : 0x74 (116) [11] : 0x00 (0) [12] : 0x65 (101) [13] : 0x00 (0) [14] : 0x72 (114) [15] : 0x00 (0) [16] : 0x31 (49) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) size : * size : 0x00000014 (20) length : * length : 0x00000014 (20) result : WERR_OK [2013/11/07 14:24:53.876136, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000135-0000-0000-7b52-a5947f2c0000 enum_index : 0x0000000a (10) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:53.877007, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 35 01 00 00 00 00 00 00 7B 52 A5 94 ....5... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.877155, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:53.877242, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0014 (20) size : 0x0024 (36) name : * name : 'StartTime' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:53.878151, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000135-0000-0000-7b52-a5947f2c0000 enum_index : 0x0000000b (11) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:53.879023, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 35 01 00 00 00 00 00 00 7B 52 A5 94 ....5... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.879171, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:53.879257, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0014 (20) size : 0x0024 (36) name : * name : 'UntilTime' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:53.880125, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000135-0000-0000-7b52-a5947f2c0000 enum_index : 0x0000000c (12) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:53.881008, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 35 01 00 00 00 00 00 00 7B 52 A5 94 ....5... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.881156, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:53.881243, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'ChangeID' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x33 (51) [1] : 0xac (172) [2] : 0x0e (14) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:53.882201, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000135-0000-0000-7b52-a5947f2c0000 value_name : * value_name: struct winreg_String name_len : 0x0020 (32) name_size : 0x0020 (32) name : * name : 'Default DevMode' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2013/11/07 14:24:53.882970, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 35 01 00 00 00 00 00 00 7B 52 A5 94 ....5... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.883118, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:53.883200, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2013/11/07 14:24:53.883288, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:316(_winreg_QueryValue) _winreg_QueryValue: reg_queryvalue failed with: WERR_BADFILE [2013/11/07 14:24:53.883369, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) result : WERR_BADFILE [2013/11/07 14:24:53.883823, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:24:53.884342, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2013/11/07 14:24:53.884453, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (2->3) [2013/11/07 14:24:53.884539, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2013/11/07 14:24:53.884619, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2013/11/07 14:24:53.884703, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:53.884782, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM] [2013/11/07 14:24:53.884902, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2013/11/07 14:24:53.885004, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:24:53.885092, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[3] [0000] 00 00 00 00 36 01 00 00 00 00 00 00 7B 52 A5 94 ....6... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.885241, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000136-0000-0000-7b52-a5947f2c0000 result : WERR_OK [2013/11/07 14:24:53.885620, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000136-0000-0000-7b52-a5947f2c0000 keyname: struct winreg_String name_len : 0x008c (140) name_size : 0x008c (140) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:24:53.886634, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 36 01 00 00 00 00 00 00 7B 52 A5 94 ....6... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.886789, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2013/11/07 14:24:53.886870, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (3->4) [2013/11/07 14:24:53.886954, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2013/11/07 14:24:53.887033, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2013/11/07 14:24:53.887116, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:53.887195, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE] [2013/11/07 14:24:53.887305, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2013/11/07 14:24:53.887404, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2013/11/07 14:24:53.887486, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (4->5) [2013/11/07 14:24:53.887569, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:53.887648, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:53.887731, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:53.887810, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:53.887915, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:53.888015, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2013/11/07 14:24:53.888097, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (5->6) [2013/11/07 14:24:53.888181, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:53.888260, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:53.888358, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:53.888467, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:53.888570, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:53.888670, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2013/11/07 14:24:53.888751, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (6->7) [2013/11/07 14:24:53.888836, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:53.888915, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:53.889000, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:53.889079, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:53.889201, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2013/11/07 14:24:53.889329, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (7->8) [2013/11/07 14:24:53.889418, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:53.889498, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:53.889587, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:53.889665, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:53.889777, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2013/11/07 14:24:53.889859, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (8->9) [2013/11/07 14:24:53.889943, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:53.890024, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:53.890136, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:53.890216, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:53.890321, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:53.890423, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [sprinter1] [2013/11/07 14:24:53.890506, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (9->10) [2013/11/07 14:24:53.890591, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:53.890671, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:53.890758, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:53.890836, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:53.890948, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:53.891050, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:24:53.891135, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (10->9) [2013/11/07 14:24:53.891218, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (9->8) [2013/11/07 14:24:53.891302, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (8->7) [2013/11/07 14:24:53.891384, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (7->6) [2013/11/07 14:24:53.891467, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (6->5) [2013/11/07 14:24:53.891550, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (5->4) [2013/11/07 14:24:53.891634, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[4] [0000] 00 00 00 00 37 01 00 00 00 00 00 00 7B 52 A5 94 ....7... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.891798, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000137-0000-0000-7b52-a5947f2c0000 result : WERR_OK [2013/11/07 14:24:53.892148, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000137-0000-0000-7b52-a5947f2c0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2013/11/07 14:24:53.892949, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 37 01 00 00 00 00 00 00 7B 52 A5 94 ....7... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.893099, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:53.893181, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2013/11/07 14:24:53.893263, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' (ops 0xb6d86bc0) [2013/11/07 14:24:53.893380, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:53.893487, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[0]: name[Attributes] len[4] [2013/11/07 14:24:53.893571, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[1]: name[Description] len[2] [2013/11/07 14:24:53.893655, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[2]: name[Datatype] len[8] [2013/11/07 14:24:53.893738, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[3]: name[Default Priority] len[4] [2013/11/07 14:24:53.893822, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[4]: name[Port] len[38] [2013/11/07 14:24:53.893922, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[5]: name[Name] len[20] [2013/11/07 14:24:53.894006, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[6]: name[Print Processor] len[18] [2013/11/07 14:24:53.894091, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[7]: name[Priority] len[4] [2013/11/07 14:24:53.894175, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[8]: name[Security] len[248] [2013/11/07 14:24:53.894259, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[9]: name[Share Name] len[20] [2013/11/07 14:24:53.894344, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[10]: name[StartTime] len[4] [2013/11/07 14:24:53.894429, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[11]: name[UntilTime] len[4] [2013/11/07 14:24:53.894514, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[12]: name[ChangeID] len[4] [2013/11/07 14:24:53.894600, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : NULL data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x00000000 (0) result : WERR_OK [2013/11/07 14:24:53.895050, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000137-0000-0000-7b52-a5947f2c0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_BINARY (3) data : * data: ARRAY(0) data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x00000000 (0) [2013/11/07 14:24:53.895860, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 37 01 00 00 00 00 00 00 7B 52 A5 94 ....7... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.896009, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:53.896105, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2013/11/07 14:24:53.896192, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : * data: ARRAY(248) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0xc4 (196) [55] : 0x00 (0) [56] : 0x07 (7) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x24 (36) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x05 (5) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x15 (21) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0xcd (205) [101] : 0x0e (14) [102] : 0x37 (55) [103] : 0x41 (65) [104] : 0xea (234) [105] : 0x03 (3) [106] : 0x00 (0) [107] : 0x1d (29) [108] : 0x0e (14) [109] : 0x89 (137) [110] : 0x3c (60) [111] : 0xd2 (210) [112] : 0x00 (0) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x02 (2) [118] : 0x24 (36) [119] : 0x00 (0) [120] : 0x0c (12) [121] : 0x00 (0) [122] : 0x0f (15) [123] : 0x10 (16) [124] : 0x01 (1) [125] : 0x05 (5) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x05 (5) [132] : 0x15 (21) [133] : 0x00 (0) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0xcd (205) [137] : 0x0e (14) [138] : 0x37 (55) [139] : 0x41 (65) [140] : 0xea (234) [141] : 0x03 (3) [142] : 0x00 (0) [143] : 0x1d (29) [144] : 0x0e (14) [145] : 0x89 (137) [146] : 0x3c (60) [147] : 0xd2 (210) [148] : 0x00 (0) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x09 (9) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x20 (32) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x02 (2) [178] : 0x18 (24) [179] : 0x00 (0) [180] : 0x0c (12) [181] : 0x00 (0) [182] : 0x0f (15) [183] : 0x10 (16) [184] : 0x01 (1) [185] : 0x02 (2) [186] : 0x00 (0) [187] : 0x00 (0) [188] : 0x00 (0) [189] : 0x00 (0) [190] : 0x00 (0) [191] : 0x05 (5) [192] : 0x20 (32) [193] : 0x00 (0) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x20 (32) [197] : 0x02 (2) [198] : 0x00 (0) [199] : 0x00 (0) [200] : 0x00 (0) [201] : 0x09 (9) [202] : 0x18 (24) [203] : 0x00 (0) [204] : 0x0c (12) [205] : 0x00 (0) [206] : 0x0f (15) [207] : 0x10 (16) [208] : 0x01 (1) [209] : 0x02 (2) [210] : 0x00 (0) [211] : 0x00 (0) [212] : 0x00 (0) [213] : 0x00 (0) [214] : 0x00 (0) [215] : 0x05 (5) [216] : 0x20 (32) [217] : 0x00 (0) [218] : 0x00 (0) [219] : 0x00 (0) [220] : 0x26 (38) [221] : 0x02 (2) [222] : 0x00 (0) [223] : 0x00 (0) [224] : 0x00 (0) [225] : 0x02 (2) [226] : 0x18 (24) [227] : 0x00 (0) [228] : 0x0c (12) [229] : 0x00 (0) [230] : 0x0f (15) [231] : 0x10 (16) [232] : 0x01 (1) [233] : 0x02 (2) [234] : 0x00 (0) [235] : 0x00 (0) [236] : 0x00 (0) [237] : 0x00 (0) [238] : 0x00 (0) [239] : 0x05 (5) [240] : 0x20 (32) [241] : 0x00 (0) [242] : 0x00 (0) [243] : 0x00 (0) [244] : 0x26 (38) [245] : 0x02 (2) [246] : 0x00 (0) [247] : 0x00 (0) data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x000000f8 (248) result : WERR_OK [2013/11/07 14:24:53.906717, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000137-0000-0000-7b52-a5947f2c0000 [2013/11/07 14:24:53.907003, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 37 01 00 00 00 00 00 00 7B 52 A5 94 ....7... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.907153, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 37 01 00 00 00 00 00 00 7B 52 A5 94 ....7... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.907314, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:24:53.907401, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (4->3) [2013/11/07 14:24:53.907484, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:24:53.907820, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000136-0000-0000-7b52-a5947f2c0000 [2013/11/07 14:24:53.908097, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 36 01 00 00 00 00 00 00 7B 52 A5 94 ....6... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.908249, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 36 01 00 00 00 00 00 00 7B 52 A5 94 ....6... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.908426, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:24:53.908511, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (3->2) [2013/11/07 14:24:53.908593, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:24:53.908930, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000135-0000-0000-7b52-a5947f2c0000 [2013/11/07 14:24:53.909209, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 35 01 00 00 00 00 00 00 7B 52 A5 94 ....5... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.909389, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 35 01 00 00 00 00 00 00 7B 52 A5 94 ....5... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.909552, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:24:53.909639, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (2->1) [2013/11/07 14:24:53.909722, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:24:53.910055, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000134-0000-0000-7b52-a5947f2c0000 [2013/11/07 14:24:53.910334, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 34 01 00 00 00 00 00 00 7B 52 A5 94 ....4... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.910533, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 34 01 00 00 00 00 00 00 7B 52 A5 94 ....4... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.910680, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:24:53.910763, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (1->0) [2013/11/07 14:24:53.910867, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:24:53.911204, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:416(close_policy_by_pipe) Deleted handle list for RPC connection \winreg [2013/11/07 14:24:53.911416, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) spoolss_GetPrinter: struct spoolss_GetPrinter out: struct spoolss_GetPrinter info : * info : union spoolss_PrinterInfo(case 2) info2: struct spoolss_PrinterInfo2 servername : * servername : '\\SLAVER' printername : * printername : '\\SLAVER\sprinter1' sharename : * sharename : 'sprinter1' portname : * portname : 'Samba Printer Port' drivername : * drivername : '' comment : * comment : '' location : * location : '' devmode : * devmode: struct spoolss_DeviceMode devicename : '\\SLAVER\sprinter1' specversion : DMSPEC_NT4_AND_ABOVE (1025) driverversion : 0x0400 (1024) size : 0x00dc (220) __driverextra_length : 0x0000 (0) fields : 0x00014713 (83731) 1: DEVMODE_ORIENTATION 1: DEVMODE_PAPERSIZE 0: DEVMODE_PAPERLENGTH 0: DEVMODE_PAPERWIDTH 1: DEVMODE_SCALE 0: DEVMODE_POSITION 0: DEVMODE_NUP 1: DEVMODE_COPIES 1: DEVMODE_DEFAULTSOURCE 1: DEVMODE_PRINTQUALITY 0: DEVMODE_COLOR 0: DEVMODE_DUPLEX 0: DEVMODE_YRESOLUTION 1: DEVMODE_TTOPTION 0: DEVMODE_COLLATE 1: DEVMODE_FORMNAME 0: DEVMODE_LOGPIXELS 0: DEVMODE_BITSPERPEL 0: DEVMODE_PELSWIDTH 0: DEVMODE_PELSHEIGHT 0: DEVMODE_DISPLAYFLAGS 0: DEVMODE_DISPLAYFREQUENCY 0: DEVMODE_ICMMETHOD 0: DEVMODE_ICMINTENT 0: DEVMODE_MEDIATYPE 0: DEVMODE_DITHERTYPE 0: DEVMODE_PANNINGWIDTH 0: DEVMODE_PANNINGHEIGHT orientation : DMORIENT_PORTRAIT (1) papersize : DMPAPER_LETTER (1) paperlength : 0x0000 (0) paperwidth : 0x0000 (0) scale : 0x0064 (100) copies : 0x0001 (1) defaultsource : DMBIN_FORMSOURCE (15) printquality : DMRES_HIGH (65532) color : DMRES_MONOCHROME (1) duplex : DMDUP_SIMPLEX (1) yresolution : 0x0000 (0) ttoption : DMTT_SUBDEV (3) collate : DMCOLLATE_FALSE (0) formname : 'Letter' logpixels : 0x0000 (0) bitsperpel : 0x00000000 (0) pelswidth : 0x00000000 (0) pelsheight : 0x00000000 (0) displayflags : UNKNOWN_ENUM_VALUE (0) displayfrequency : 0x00000000 (0) icmmethod : UNKNOWN_ENUM_VALUE (0) icmintent : UNKNOWN_ENUM_VALUE (0) mediatype : UNKNOWN_ENUM_VALUE (0) dithertype : UNKNOWN_ENUM_VALUE (0) reserved1 : 0x00000000 (0) reserved2 : 0x00000000 (0) panningwidth : 0x00000000 (0) panningheight : 0x00000000 (0) driverextra_data : DATA_BLOB length=0 sepfile : * sepfile : '' printprocessor : * printprocessor : 'winprint' datatype : * datatype : 'RAW' parameters : * parameters : '' secdesc : * secdesc: struct security_descriptor revision : SECURITY_DESCRIPTOR_REVISION_1 (1) type : 0x8004 (32772) 0: SEC_DESC_OWNER_DEFAULTED 0: SEC_DESC_GROUP_DEFAULTED 1: SEC_DESC_DACL_PRESENT 0: SEC_DESC_DACL_DEFAULTED 0: SEC_DESC_SACL_PRESENT 0: SEC_DESC_SACL_DEFAULTED 0: SEC_DESC_DACL_TRUSTED 0: SEC_DESC_SERVER_SECURITY 0: SEC_DESC_DACL_AUTO_INHERIT_REQ 0: SEC_DESC_SACL_AUTO_INHERIT_REQ 0: SEC_DESC_DACL_AUTO_INHERITED 0: SEC_DESC_SACL_AUTO_INHERITED 0: SEC_DESC_DACL_PROTECTED 0: SEC_DESC_SACL_PROTECTED 0: SEC_DESC_RM_CONTROL_VALID 1: SEC_DESC_SELF_RELATIVE owner_sid : * owner_sid : S-1-5-32-544 group_sid : * group_sid : S-1-5-32-544 sacl : NULL dacl : * dacl: struct security_acl revision : SECURITY_ACL_REVISION_NT4 (2) size : 0x00c4 (196) num_aces : 0x00000007 (7) aces: ARRAY(7) aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0014 (20) access_mask : 0x20020008 (537001992) object : union security_ace_object_ctr(case 0) trustee : S-1-1-0 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x09 (9) 1: SEC_ACE_FLAG_OBJECT_INHERIT 0: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 1: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0024 (36) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-21-1094127309-486540266-3527182606-512 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0024 (36) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-21-1094127309-486540266-3527182606-512 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x09 (9) 1: SEC_ACE_FLAG_OBJECT_INHERIT 0: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 1: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-544 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-544 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x09 (9) 1: SEC_ACE_FLAG_OBJECT_INHERIT 0: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 1: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-550 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-550 attributes : 0x00001048 (4168) 0: PRINTER_ATTRIBUTE_QUEUED 0: PRINTER_ATTRIBUTE_DIRECT 0: PRINTER_ATTRIBUTE_DEFAULT 1: PRINTER_ATTRIBUTE_SHARED 0: PRINTER_ATTRIBUTE_NETWORK 0: PRINTER_ATTRIBUTE_HIDDEN 1: PRINTER_ATTRIBUTE_LOCAL 0: PRINTER_ATTRIBUTE_ENABLE_DEVQ 0: PRINTER_ATTRIBUTE_KEEPPRINTEDJOBS 0: PRINTER_ATTRIBUTE_DO_COMPLETE_FIRST 0: PRINTER_ATTRIBUTE_WORK_OFFLINE 0: PRINTER_ATTRIBUTE_ENABLE_BIDI 1: PRINTER_ATTRIBUTE_RAW_ONLY 0: PRINTER_ATTRIBUTE_PUBLISHED 0: PRINTER_ATTRIBUTE_FAX 0: PRINTER_ATTRIBUTE_TS priority : 0x00000001 (1) defaultpriority : 0x00000001 (1) starttime : 0x00000000 (0) untiltime : 0x00000000 (0) status : 0x00000000 (0) 0: PRINTER_STATUS_PAUSED 0: PRINTER_STATUS_ERROR 0: PRINTER_STATUS_PENDING_DELETION 0: PRINTER_STATUS_PAPER_JAM 0: PRINTER_STATUS_PAPER_OUT 0: PRINTER_STATUS_MANUAL_FEED 0: PRINTER_STATUS_PAPER_PROBLEM 0: PRINTER_STATUS_OFFLINE 0: PRINTER_STATUS_IO_ACTIVE 0: PRINTER_STATUS_BUSY 0: PRINTER_STATUS_PRINTING 0: PRINTER_STATUS_OUTPUT_BIN_FULL 0: PRINTER_STATUS_NOT_AVAILABLE 0: PRINTER_STATUS_WAITING 0: PRINTER_STATUS_PROCESSING 0: PRINTER_STATUS_INITIALIZING 0: PRINTER_STATUS_WARMING_UP 0: PRINTER_STATUS_TONER_LOW 0: PRINTER_STATUS_NO_TONER 0: PRINTER_STATUS_PAGE_PUNT 0: PRINTER_STATUS_USER_INTERVENTION 0: PRINTER_STATUS_OUT_OF_MEMORY 0: PRINTER_STATUS_DOOR_OPEN 0: PRINTER_STATUS_SERVER_UNKNOWN 0: PRINTER_STATUS_POWER_SAVE cjobs : 0x00000000 (0) averageppm : 0x00000000 (0) needed : * needed : 0x000002f0 (752) result : WERR_OK [2013/11/07 14:24:53.923033, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1417(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2013/11/07 14:24:53.923159, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (2016, 5001) - sec_ctx_stack_ndx = 0 [2013/11/07 14:24:53.923247, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 4140 smbd_smb2_request_pending_queue: req->current_idx = 1 req->in.vector[0].iov_len = 0 req->in.vector[1].iov_len = 0 req->in.vector[2].iov_len = 64 req->in.vector[3].iov_len = 56 req->in.vector[4].iov_len = 4156 req->out.vector[0].iov_len = 4 req->out.vector[1].iov_len = 0 req->out.vector[2].iov_len = 64 req->out.vector[3].iov_len = 8 req->out.vector[4].iov_len = 0 [2013/11/07 14:24:53.923793, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:128(smbd_smb2_ioctl_pipe_write_done) smbd_smb2_ioctl_pipe_write_done: received 4156 [2013/11/07 14:24:53.923879, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:149(smbd_smb2_ioctl_pipe_write_done) smbd_smb2_ioctl_pipe_write_done: issuing np_read_send of size 4136 [2013/11/07 14:24:53.923964, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) name: \spoolss len: 4136 [2013/11/07 14:24:53.924048, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:347(read_from_internal_pipe) read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 4112. [2013/11/07 14:24:53.924162, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x1028 (4136) auth_length : 0x0000 (0) call_id : 0x0000000b (11) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00001010 (4112) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=4112 [0000] 04 00 02 00 00 10 00 00 EE 0F 00 00 C8 0F 00 00 ........ ........ [0010] B4 0F 00 00 8E 0F 00 00 8C 0F 00 00 8A 0F 00 00 ........ ........ [0020] 88 0F 00 00 8C 0E 00 00 86 0F 00 00 74 0F 00 00 ........ ....t... [0030] 6C 0F 00 00 6A 0F 00 00 94 0D 00 00 48 10 00 00 l...j... ....H... [0040] 01 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 01 00 04 80 ........ ........ [0DA0] D8 00 00 00 E8 00 00 00 00 00 00 00 14 00 00 00 ........ ........ [0DB0] 02 00 C4 00 07 00 00 00 00 02 14 00 08 00 02 20 ........ ....... [0DC0] 01 01 00 00 00 00 00 01 00 00 00 00 00 09 24 00 ........ ......$. [0DD0] 0C 00 0F 10 01 05 00 00 00 00 00 05 15 00 00 00 ........ ........ [0DE0] CD 0E 37 41 EA 03 00 1D 0E 89 3C D2 00 02 00 00 ..7A.... ..<..... [0DF0] 00 02 24 00 0C 00 0F 10 01 05 00 00 00 00 00 05 ..$..... ........ [0E00] 15 00 00 00 CD 0E 37 41 EA 03 00 1D 0E 89 3C D2 ......7A ......<. [0E10] 00 02 00 00 00 09 18 00 0C 00 0F 10 01 02 00 00 ........ ........ [0E20] 00 00 00 05 20 00 00 00 20 02 00 00 00 02 18 00 .... ... ....... [0E30] 0C 00 0F 10 01 02 00 00 00 00 00 05 20 00 00 00 ........ .... ... [0E40] 20 02 00 00 00 09 18 00 0C 00 0F 10 01 02 00 00 ....... ........ [0E50] 00 00 00 05 20 00 00 00 26 02 00 00 00 02 18 00 .... ... &....... [0E60] 0C 00 0F 10 01 02 00 00 00 00 00 05 20 00 00 00 ........ .... ... [0E70] 26 02 00 00 01 02 00 00 00 00 00 05 20 00 00 00 &....... .... ... [0E80] 20 02 00 00 01 02 00 00 00 00 00 05 20 00 00 00 ....... .... ... [0E90] 20 02 00 00 5C 00 5C 00 53 00 4C 00 41 00 56 00 ...\.\. S.L.A.V. [0EA0] 45 00 52 00 5C 00 73 00 70 00 72 00 69 00 6E 00 E.R.\.s. p.r.i.n. [0EB0] 74 00 65 00 72 00 31 00 00 00 00 00 00 00 00 00 t.e.r.1. ........ [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0ED0] 00 00 00 00 01 04 00 04 DC 00 00 00 13 47 01 00 ........ .....G.. [0EE0] 01 00 01 00 00 00 00 00 64 00 01 00 0F 00 FC FF ........ d....... [0EF0] 01 00 01 00 00 00 03 00 00 00 4C 00 65 00 74 00 ........ ..L.e.t. [0F00] 74 00 65 00 72 00 00 00 00 00 00 00 00 00 00 00 t.e.r... ........ [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F70] 00 00 00 00 52 00 41 00 57 00 00 00 77 00 69 00 ....R.A. W...w.i. [0F80] 6E 00 70 00 72 00 69 00 6E 00 74 00 00 00 00 00 n.p.r.i. n.t..... [0F90] 00 00 00 00 00 00 53 00 61 00 6D 00 62 00 61 00 ......S. a.m.b.a. [0FA0] 20 00 50 00 72 00 69 00 6E 00 74 00 65 00 72 00 .P.r.i. n.t.e.r. [0FB0] 20 00 50 00 6F 00 72 00 74 00 00 00 73 00 70 00 .P.o.r. t...s.p. [0FC0] 72 00 69 00 6E 00 74 00 65 00 72 00 31 00 00 00 r.i.n.t. e.r.1... [0FD0] 5C 00 5C 00 53 00 4C 00 41 00 56 00 45 00 52 00 \.\.S.L. A.V.E.R. [0FE0] 5C 00 73 00 70 00 72 00 69 00 6E 00 74 00 65 00 \.s.p.r. i.n.t.e. [0FF0] 72 00 31 00 00 00 5C 00 5C 00 53 00 4C 00 41 00 r.1...\. \.S.L.A. [1000] 56 00 45 00 52 00 00 00 F0 02 00 00 00 00 00 00 V.E.R... ........ [2013/11/07 14:24:53.942685, 3, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) free_pipe_context: destroying talloc pool of size 1258 [2013/11/07 14:24:53.942803, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 4136 bytes. There is no more data outstanding [2013/11/07 14:24:53.942885, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:178(smbd_smb2_ioctl_pipe_read_done) smbd_smb2_ioctl_pipe_read_done: np_read_recv nread = 4136 is_data_outstanding = 0, status = NT_STATUS_OK [2013/11/07 14:24:53.942974, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl.c:291(smbd_smb2_request_ioctl_done) smbd_smb2_request_ioctl_done: smbd_smb2_ioctl_recv returned 4136 status NT_STATUS_OK [2013/11/07 14:24:53.943058, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[48] dyn[yes:4136] at ../source3/smbd/smb2_ioctl.c:358 [2013/11/07 14:24:53.943145, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/178/127 [2013/11/07 14:24:53.946164, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) smbd_smb2_request_incoming: idx[1] of 5 vectors [2013/11/07 14:24:53.947480, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) smb2_validate_sequence_number: clearing id 178 (position 178) from bitmap [2013/11/07 14:24:53.947596, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) smbd_smb2_request_dispatch: opcode[SMB2_OP_IOCTL] mid = 178 [2013/11/07 14:24:53.947734, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2013/11/07 14:24:53.947828, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) mid 178, CreditCharge: 1, NeededCharge: 1 [2013/11/07 14:24:53.947911, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl.c:394(smbd_smb2_ioctl_send) smbd_smb2_ioctl: ctl_code[0x0011c017] spoolss, fnum 3571729150 [2013/11/07 14:24:53.948002, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:59(smb2_ioctl_named_pipe) smbd_smb2_ioctl_send: np_write_send of size 4156 [2013/11/07 14:24:53.948084, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 4156 [2013/11/07 14:24:53.948165, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 4156 [2013/11/07 14:24:53.948246, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 4156 [2013/11/07 14:24:53.948327, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) fill_rpc_header: data_to_copy = 4156, len_needed_to_complete_hdr = 16, receive_len = 0 [2013/11/07 14:24:53.948449, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 16 [2013/11/07 14:24:53.948530, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 4140 [2013/11/07 14:24:53.948609, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 4140 [2013/11/07 14:24:53.948695, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 0 [2013/11/07 14:24:53.948774, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 4140 [2013/11/07 14:24:53.948853, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 4140, incoming data = 4140 [2013/11/07 14:24:53.948938, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) PDU is in Little Endian format! [2013/11/07 14:24:53.949032, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x103c (4156) auth_length : 0x0000 (0) call_id : 0x0000000c (12) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x00001024 (4132) context_id : 0x0000 (0) opnum : 0x0008 (8) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=4132 [0000] 00 00 00 00 0F 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 02 00 00 00 00 00 02 00 00 10 00 00 .,...... ........ [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1020] 00 10 00 00 .... [2013/11/07 14:24:53.967565, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) Processing packet type 0 [2013/11/07 14:24:53.967649, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1472(dcesrv_auth_request) Checking request auth. [2013/11/07 14:24:53.967741, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(2016, 5001) : sec_ctx_stack_ndx = 1 [2013/11/07 14:24:53.967831, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (2016, 5001) - sec_ctx_stack_ndx = 1 [2013/11/07 14:24:53.967915, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (7): SID[ 0]: S-1-5-21-1094127309-486540266-3527182606-1118 SID[ 1]: S-1-5-21-1094127309-486540266-3527182606-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-32-545 SID[ 6]: S-1-5-32-554 Privileges (0x 800000): Privilege[ 0]: SeChangeNotifyPrivilege Rights (0x 400): Right[ 0]: SeRemoteInteractiveLogonRight [2013/11/07 14:24:53.968421, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 2016 Primary group is 5001 and contains 6 supplementary groups Group[ 0]: 5001 Group[ 1]: 5012 Group[ 2]: 5032 Group[ 3]: 5010 Group[ 4]: 5067 Group[ 5]: 5052 [2013/11/07 14:24:53.968769, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1324(api_pipe_request) Requested \spoolss rpc service [2013/11/07 14:24:53.968856, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1356(api_rpcTNP) api_rpcTNP: \spoolss op 0x8 - api_rpcTNP: rpc command: SPOOLSS_GETPRINTER [2013/11/07 14:24:53.968941, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1390(api_rpcTNP) api_rpc_cmds[8].fn == 0xb766e000 [2013/11/07 14:24:53.969030, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) spoolss_GetPrinter: struct spoolss_GetPrinter in: struct spoolss_GetPrinter handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000010f-0000-0000-7b52-a4947f2c0000 level : 0x00000002 (2) buffer : * buffer : DATA_BLOB length=4096 [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ offered : 0x00001000 (4096) [2013/11/07 14:24:53.986536, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0F 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.986691, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0F 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.986840, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:489(get_printer_snum) short name:sprinter1 [2013/11/07 14:24:53.987009, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) Create pipe requested \winreg [2013/11/07 14:24:53.987103, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:221(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \winreg [2013/11/07 14:24:53.987200, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg [2013/11/07 14:24:53.987341, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) Created internal pipe \winreg [2013/11/07 14:24:53.987457, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:24:53.987967, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2013/11/07 14:24:53.988053, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(2016, 5001) : sec_ctx_stack_ndx = 2 [2013/11/07 14:24:53.988140, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:485(push_conn_ctx) push_conn_ctx(2620291195) : conn_ctx_stack_ndx = 0 [2013/11/07 14:24:53.988222, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/11/07 14:24:53.988302, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/11/07 14:24:53.988381, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/11/07 14:24:53.988687, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (2016, 5001) - sec_ctx_stack_ndx = 1 [2013/11/07 14:24:53.988771, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:866(regdb_open) regdb_open: registry db opened. refcount reset (1) [2013/11/07 14:24:53.988857, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2013/11/07 14:24:53.988938, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2013/11/07 14:24:53.989021, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:53.989100, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM] [2013/11/07 14:24:53.989229, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2013/11/07 14:24:53.989375, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:24:53.989464, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 38 01 00 00 00 00 00 00 7B 52 A5 94 ....8... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.989632, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000138-0000-0000-7b52-a5947f2c0000 result : WERR_OK [2013/11/07 14:24:53.989996, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000138-0000-0000-7b52-a5947f2c0000 keyname: struct winreg_String name_len : 0x008c (140) name_size : 0x008c (140) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:24:53.990998, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 38 01 00 00 00 00 00 00 7B 52 A5 94 ....8... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.991152, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2013/11/07 14:24:53.991234, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (1->2) [2013/11/07 14:24:53.991317, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2013/11/07 14:24:53.991396, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2013/11/07 14:24:53.991480, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:53.991558, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE] [2013/11/07 14:24:53.991669, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2013/11/07 14:24:53.991769, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2013/11/07 14:24:53.991850, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (2->3) [2013/11/07 14:24:53.991949, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:53.992028, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:53.992111, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:53.992190, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:53.992294, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:53.992431, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2013/11/07 14:24:53.992517, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (3->4) [2013/11/07 14:24:53.992601, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:53.992680, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:53.992765, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:53.992843, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:53.992945, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:53.993048, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2013/11/07 14:24:53.993129, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (4->5) [2013/11/07 14:24:53.993213, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:53.993311, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:53.993397, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:53.993475, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:53.993600, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2013/11/07 14:24:53.993696, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (5->6) [2013/11/07 14:24:53.993781, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:53.993861, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:53.993950, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:53.994029, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:53.994137, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2013/11/07 14:24:53.994218, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (6->7) [2013/11/07 14:24:53.994305, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:53.994385, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:53.994473, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:53.994551, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:53.994655, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:53.994756, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [sprinter1] [2013/11/07 14:24:53.994838, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (7->8) [2013/11/07 14:24:53.994923, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:53.995004, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:53.995093, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:53.995172, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:53.995299, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:53.995415, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:24:53.995500, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (8->7) [2013/11/07 14:24:53.995584, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (7->6) [2013/11/07 14:24:53.995668, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (6->5) [2013/11/07 14:24:53.995751, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (5->4) [2013/11/07 14:24:53.995833, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (4->3) [2013/11/07 14:24:53.995916, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (3->2) [2013/11/07 14:24:53.996000, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 39 01 00 00 00 00 00 00 7B 52 A5 94 ....9... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.996149, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000139-0000-0000-7b52-a5947f2c0000 result : WERR_OK [2013/11/07 14:24:53.996534, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey in: struct winreg_QueryInfoKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000139-0000-0000-7b52-a5947f2c0000 classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL [2013/11/07 14:24:53.997004, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 39 01 00 00 00 00 00 00 7B 52 A5 94 ....9... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:53.997160, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' (ops 0xb6d86bc0) [2013/11/07 14:24:53.997244, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:53.997402, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[0]: name[Attributes] len[4] [2013/11/07 14:24:53.997503, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[1]: name[Description] len[2] [2013/11/07 14:24:53.997587, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[2]: name[Datatype] len[8] [2013/11/07 14:24:53.997670, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[3]: name[Default Priority] len[4] [2013/11/07 14:24:53.997754, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[4]: name[Port] len[38] [2013/11/07 14:24:53.997839, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[5]: name[Name] len[20] [2013/11/07 14:24:53.997923, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[6]: name[Print Processor] len[18] [2013/11/07 14:24:53.998007, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[7]: name[Priority] len[4] [2013/11/07 14:24:53.998092, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[8]: name[Security] len[248] [2013/11/07 14:24:53.998176, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[9]: name[Share Name] len[20] [2013/11/07 14:24:53.998261, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[10]: name[StartTime] len[4] [2013/11/07 14:24:53.998346, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[11]: name[UntilTime] len[4] [2013/11/07 14:24:53.998430, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[12]: name[ChangeID] len[4] [2013/11/07 14:24:53.998516, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:53.998621, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey out: struct winreg_QueryInfoKey classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL num_subkeys : * num_subkeys : 0x00000003 (3) max_subkeylen : * max_subkeylen : 0x00000022 (34) max_classlen : * max_classlen : 0x00000000 (0) num_values : * num_values : 0x0000000d (13) max_valnamelen : * max_valnamelen : 0x00000022 (34) max_valbufsize : * max_valbufsize : 0x000000f8 (248) secdescsize : * secdescsize : 0x00000078 (120) last_changed_time : * last_changed_time : NTTIME(0) result : WERR_OK [2013/11/07 14:24:53.999615, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000139-0000-0000-7b52-a5947f2c0000 enum_index : 0x00000000 (0) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:54.000501, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 39 01 00 00 00 00 00 00 7B 52 A5 94 ....9... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:54.000651, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:54.000739, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0016 (22) size : 0x0024 (36) name : * name : 'Attributes' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x48 (72) [1] : 0x10 (16) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:54.001628, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000139-0000-0000-7b52-a5947f2c0000 enum_index : 0x00000001 (1) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:54.002487, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 39 01 00 00 00 00 00 00 7B 52 A5 94 ....9... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:54.002636, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:54.002723, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0018 (24) size : 0x0024 (36) name : * name : 'Description' type : * type : REG_SZ (1) value : * value: ARRAY(2) [0] : 0x00 (0) [1] : 0x00 (0) size : * size : 0x00000002 (2) length : * length : 0x00000002 (2) result : WERR_OK [2013/11/07 14:24:54.003505, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000139-0000-0000-7b52-a5947f2c0000 enum_index : 0x00000002 (2) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:54.004346, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 39 01 00 00 00 00 00 00 7B 52 A5 94 ....9... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:54.004523, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:54.004624, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Datatype' type : * type : REG_SZ (1) value : * value: ARRAY(8) [0] : 0x52 (82) [1] : 0x00 (0) [2] : 0x41 (65) [3] : 0x00 (0) [4] : 0x57 (87) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) size : * size : 0x00000008 (8) length : * length : 0x00000008 (8) result : WERR_OK [2013/11/07 14:24:54.005662, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000139-0000-0000-7b52-a5947f2c0000 enum_index : 0x00000003 (3) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:54.006501, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 39 01 00 00 00 00 00 00 7B 52 A5 94 ....9... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:54.006653, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:54.006798, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0022 (34) size : 0x0024 (36) name : * name : 'Default Priority' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:54.007680, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000139-0000-0000-7b52-a5947f2c0000 enum_index : 0x00000004 (4) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:54.008564, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 39 01 00 00 00 00 00 00 7B 52 A5 94 ....9... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:54.008713, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:54.008799, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x000a (10) size : 0x0024 (36) name : * name : 'Port' type : * type : REG_SZ (1) value : * value: ARRAY(38) [0] : 0x53 (83) [1] : 0x00 (0) [2] : 0x61 (97) [3] : 0x00 (0) [4] : 0x6d (109) [5] : 0x00 (0) [6] : 0x62 (98) [7] : 0x00 (0) [8] : 0x61 (97) [9] : 0x00 (0) [10] : 0x20 (32) [11] : 0x00 (0) [12] : 0x50 (80) [13] : 0x00 (0) [14] : 0x72 (114) [15] : 0x00 (0) [16] : 0x69 (105) [17] : 0x00 (0) [18] : 0x6e (110) [19] : 0x00 (0) [20] : 0x74 (116) [21] : 0x00 (0) [22] : 0x65 (101) [23] : 0x00 (0) [24] : 0x72 (114) [25] : 0x00 (0) [26] : 0x20 (32) [27] : 0x00 (0) [28] : 0x50 (80) [29] : 0x00 (0) [30] : 0x6f (111) [31] : 0x00 (0) [32] : 0x72 (114) [33] : 0x00 (0) [34] : 0x74 (116) [35] : 0x00 (0) [36] : 0x00 (0) [37] : 0x00 (0) size : * size : 0x00000026 (38) length : * length : 0x00000026 (38) result : WERR_OK [2013/11/07 14:24:54.011064, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000139-0000-0000-7b52-a5947f2c0000 enum_index : 0x00000005 (5) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:54.011915, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 39 01 00 00 00 00 00 00 7B 52 A5 94 ....9... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:54.012064, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:54.012151, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x000a (10) size : 0x0024 (36) name : * name : 'Name' type : * type : REG_SZ (1) value : * value: ARRAY(20) [0] : 0x73 (115) [1] : 0x00 (0) [2] : 0x70 (112) [3] : 0x00 (0) [4] : 0x72 (114) [5] : 0x00 (0) [6] : 0x69 (105) [7] : 0x00 (0) [8] : 0x6e (110) [9] : 0x00 (0) [10] : 0x74 (116) [11] : 0x00 (0) [12] : 0x65 (101) [13] : 0x00 (0) [14] : 0x72 (114) [15] : 0x00 (0) [16] : 0x31 (49) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) size : * size : 0x00000014 (20) length : * length : 0x00000014 (20) result : WERR_OK [2013/11/07 14:24:54.013723, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000139-0000-0000-7b52-a5947f2c0000 enum_index : 0x00000006 (6) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:54.014566, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 39 01 00 00 00 00 00 00 7B 52 A5 94 ....9... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:54.014715, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:54.014802, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0020 (32) size : 0x0024 (36) name : * name : 'Print Processor' type : * type : REG_SZ (1) value : * value: ARRAY(18) [0] : 0x77 (119) [1] : 0x00 (0) [2] : 0x69 (105) [3] : 0x00 (0) [4] : 0x6e (110) [5] : 0x00 (0) [6] : 0x70 (112) [7] : 0x00 (0) [8] : 0x72 (114) [9] : 0x00 (0) [10] : 0x69 (105) [11] : 0x00 (0) [12] : 0x6e (110) [13] : 0x00 (0) [14] : 0x74 (116) [15] : 0x00 (0) [16] : 0x00 (0) [17] : 0x00 (0) size : * size : 0x00000012 (18) length : * length : 0x00000012 (18) result : WERR_OK [2013/11/07 14:24:54.016214, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000139-0000-0000-7b52-a5947f2c0000 enum_index : 0x00000007 (7) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:54.017137, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 39 01 00 00 00 00 00 00 7B 52 A5 94 ....9... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:54.017302, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:54.017394, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Priority' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:54.018282, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000139-0000-0000-7b52-a5947f2c0000 enum_index : 0x00000008 (8) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:54.019270, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 39 01 00 00 00 00 00 00 7B 52 A5 94 ....9... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:54.019424, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:54.019512, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Security' type : * type : REG_BINARY (3) value : * value: ARRAY(248) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0xc4 (196) [55] : 0x00 (0) [56] : 0x07 (7) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x24 (36) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x05 (5) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x15 (21) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0xcd (205) [101] : 0x0e (14) [102] : 0x37 (55) [103] : 0x41 (65) [104] : 0xea (234) [105] : 0x03 (3) [106] : 0x00 (0) [107] : 0x1d (29) [108] : 0x0e (14) [109] : 0x89 (137) [110] : 0x3c (60) [111] : 0xd2 (210) [112] : 0x00 (0) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x02 (2) [118] : 0x24 (36) [119] : 0x00 (0) [120] : 0x0c (12) [121] : 0x00 (0) [122] : 0x0f (15) [123] : 0x10 (16) [124] : 0x01 (1) [125] : 0x05 (5) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x05 (5) [132] : 0x15 (21) [133] : 0x00 (0) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0xcd (205) [137] : 0x0e (14) [138] : 0x37 (55) [139] : 0x41 (65) [140] : 0xea (234) [141] : 0x03 (3) [142] : 0x00 (0) [143] : 0x1d (29) [144] : 0x0e (14) [145] : 0x89 (137) [146] : 0x3c (60) [147] : 0xd2 (210) [148] : 0x00 (0) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x09 (9) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x20 (32) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x02 (2) [178] : 0x18 (24) [179] : 0x00 (0) [180] : 0x0c (12) [181] : 0x00 (0) [182] : 0x0f (15) [183] : 0x10 (16) [184] : 0x01 (1) [185] : 0x02 (2) [186] : 0x00 (0) [187] : 0x00 (0) [188] : 0x00 (0) [189] : 0x00 (0) [190] : 0x00 (0) [191] : 0x05 (5) [192] : 0x20 (32) [193] : 0x00 (0) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x20 (32) [197] : 0x02 (2) [198] : 0x00 (0) [199] : 0x00 (0) [200] : 0x00 (0) [201] : 0x09 (9) [202] : 0x18 (24) [203] : 0x00 (0) [204] : 0x0c (12) [205] : 0x00 (0) [206] : 0x0f (15) [207] : 0x10 (16) [208] : 0x01 (1) [209] : 0x02 (2) [210] : 0x00 (0) [211] : 0x00 (0) [212] : 0x00 (0) [213] : 0x00 (0) [214] : 0x00 (0) [215] : 0x05 (5) [216] : 0x20 (32) [217] : 0x00 (0) [218] : 0x00 (0) [219] : 0x00 (0) [220] : 0x26 (38) [221] : 0x02 (2) [222] : 0x00 (0) [223] : 0x00 (0) [224] : 0x00 (0) [225] : 0x02 (2) [226] : 0x18 (24) [227] : 0x00 (0) [228] : 0x0c (12) [229] : 0x00 (0) [230] : 0x0f (15) [231] : 0x10 (16) [232] : 0x01 (1) [233] : 0x02 (2) [234] : 0x00 (0) [235] : 0x00 (0) [236] : 0x00 (0) [237] : 0x00 (0) [238] : 0x00 (0) [239] : 0x05 (5) [240] : 0x20 (32) [241] : 0x00 (0) [242] : 0x00 (0) [243] : 0x00 (0) [244] : 0x26 (38) [245] : 0x02 (2) [246] : 0x00 (0) [247] : 0x00 (0) size : * size : 0x000000f8 (248) length : * length : 0x000000f8 (248) result : WERR_OK [2013/11/07 14:24:54.030057, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000139-0000-0000-7b52-a5947f2c0000 enum_index : 0x00000009 (9) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:54.030919, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 39 01 00 00 00 00 00 00 7B 52 A5 94 ....9... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:54.031068, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:54.031157, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0016 (22) size : 0x0024 (36) name : * name : 'Share Name' type : * type : REG_SZ (1) value : * value: ARRAY(20) [0] : 0x73 (115) [1] : 0x00 (0) [2] : 0x70 (112) [3] : 0x00 (0) [4] : 0x72 (114) [5] : 0x00 (0) [6] : 0x69 (105) [7] : 0x00 (0) [8] : 0x6e (110) [9] : 0x00 (0) [10] : 0x74 (116) [11] : 0x00 (0) [12] : 0x65 (101) [13] : 0x00 (0) [14] : 0x72 (114) [15] : 0x00 (0) [16] : 0x31 (49) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) size : * size : 0x00000014 (20) length : * length : 0x00000014 (20) result : WERR_OK [2013/11/07 14:24:54.032689, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000139-0000-0000-7b52-a5947f2c0000 enum_index : 0x0000000a (10) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:54.033567, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 39 01 00 00 00 00 00 00 7B 52 A5 94 ....9... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:54.033716, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:54.033806, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0014 (20) size : 0x0024 (36) name : * name : 'StartTime' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:54.034673, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000139-0000-0000-7b52-a5947f2c0000 enum_index : 0x0000000b (11) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:54.035546, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 39 01 00 00 00 00 00 00 7B 52 A5 94 ....9... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:54.035695, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:54.035782, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0014 (20) size : 0x0024 (36) name : * name : 'UntilTime' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:54.036681, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000139-0000-0000-7b52-a5947f2c0000 enum_index : 0x0000000c (12) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:54.037555, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 39 01 00 00 00 00 00 00 7B 52 A5 94 ....9... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:54.037718, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:54.037805, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'ChangeID' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x33 (51) [1] : 0xac (172) [2] : 0x0e (14) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:54.038725, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000139-0000-0000-7b52-a5947f2c0000 value_name : * value_name: struct winreg_String name_len : 0x0020 (32) name_size : 0x0020 (32) name : * name : 'Default DevMode' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2013/11/07 14:24:54.039498, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 39 01 00 00 00 00 00 00 7B 52 A5 94 ....9... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:54.039648, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:54.039730, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2013/11/07 14:24:54.039819, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:316(_winreg_QueryValue) _winreg_QueryValue: reg_queryvalue failed with: WERR_BADFILE [2013/11/07 14:24:54.039900, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) result : WERR_BADFILE [2013/11/07 14:24:54.040369, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:24:54.040904, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2013/11/07 14:24:54.040988, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (2->3) [2013/11/07 14:24:54.041073, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2013/11/07 14:24:54.041153, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2013/11/07 14:24:54.041237, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:54.041329, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM] [2013/11/07 14:24:54.041449, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2013/11/07 14:24:54.041552, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:24:54.041640, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[3] [0000] 00 00 00 00 3A 01 00 00 00 00 00 00 7B 52 A6 94 ....:... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:54.041789, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000013a-0000-0000-7b52-a6947f2c0000 result : WERR_OK [2013/11/07 14:24:54.042135, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000013a-0000-0000-7b52-a6947f2c0000 keyname: struct winreg_String name_len : 0x008c (140) name_size : 0x008c (140) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:24:54.043150, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 3A 01 00 00 00 00 00 00 7B 52 A6 94 ....:... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:54.043306, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2013/11/07 14:24:54.043389, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (3->4) [2013/11/07 14:24:54.043474, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2013/11/07 14:24:54.043553, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2013/11/07 14:24:54.043637, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:54.043716, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE] [2013/11/07 14:24:54.043826, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2013/11/07 14:24:54.043925, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2013/11/07 14:24:54.044007, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (4->5) [2013/11/07 14:24:54.044091, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:54.044171, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:54.044254, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:54.044333, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:54.044469, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:54.044585, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2013/11/07 14:24:54.044668, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (5->6) [2013/11/07 14:24:54.044752, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:54.044832, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:54.044916, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:54.044995, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:54.045097, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:54.045197, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2013/11/07 14:24:54.045301, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (6->7) [2013/11/07 14:24:54.045390, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:54.045469, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:54.045555, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:54.045633, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:54.045761, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2013/11/07 14:24:54.045844, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (7->8) [2013/11/07 14:24:54.045931, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:54.046011, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:54.046100, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:54.046179, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:54.046301, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2013/11/07 14:24:54.046383, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (8->9) [2013/11/07 14:24:54.046468, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:54.046550, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:54.046639, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:54.046719, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:54.046824, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:54.046926, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [sprinter1] [2013/11/07 14:24:54.047009, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (9->10) [2013/11/07 14:24:54.047095, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:54.047175, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:54.047263, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:54.047341, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:54.047454, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:54.047556, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:24:54.047641, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (10->9) [2013/11/07 14:24:54.047725, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (9->8) [2013/11/07 14:24:54.047808, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (8->7) [2013/11/07 14:24:54.047891, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (7->6) [2013/11/07 14:24:54.047989, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (6->5) [2013/11/07 14:24:54.048073, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (5->4) [2013/11/07 14:24:54.048157, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[4] [0000] 00 00 00 00 3B 01 00 00 00 00 00 00 7B 52 A6 94 ....;... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:54.048308, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000013b-0000-0000-7b52-a6947f2c0000 result : WERR_OK [2013/11/07 14:24:54.048688, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000013b-0000-0000-7b52-a6947f2c0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2013/11/07 14:24:54.049477, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 3B 01 00 00 00 00 00 00 7B 52 A6 94 ....;... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:54.049627, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:54.049709, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2013/11/07 14:24:54.049792, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' (ops 0xb6d86bc0) [2013/11/07 14:24:54.049876, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:54.049983, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[0]: name[Attributes] len[4] [2013/11/07 14:24:54.050082, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[1]: name[Description] len[2] [2013/11/07 14:24:54.050166, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[2]: name[Datatype] len[8] [2013/11/07 14:24:54.050250, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[3]: name[Default Priority] len[4] [2013/11/07 14:24:54.050335, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[4]: name[Port] len[38] [2013/11/07 14:24:54.050419, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[5]: name[Name] len[20] [2013/11/07 14:24:54.050504, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[6]: name[Print Processor] len[18] [2013/11/07 14:24:54.050588, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[7]: name[Priority] len[4] [2013/11/07 14:24:54.050673, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[8]: name[Security] len[248] [2013/11/07 14:24:54.050758, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[9]: name[Share Name] len[20] [2013/11/07 14:24:54.050843, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[10]: name[StartTime] len[4] [2013/11/07 14:24:54.050929, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[11]: name[UntilTime] len[4] [2013/11/07 14:24:54.051014, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[12]: name[ChangeID] len[4] [2013/11/07 14:24:54.051100, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : NULL data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x00000000 (0) result : WERR_OK [2013/11/07 14:24:54.051552, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000013b-0000-0000-7b52-a6947f2c0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_BINARY (3) data : * data: ARRAY(0) data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x00000000 (0) [2013/11/07 14:24:54.052379, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 3B 01 00 00 00 00 00 00 7B 52 A6 94 ....;... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:54.052557, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:54.052639, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2013/11/07 14:24:54.052727, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : * data: ARRAY(248) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0xc4 (196) [55] : 0x00 (0) [56] : 0x07 (7) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x24 (36) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x05 (5) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x15 (21) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0xcd (205) [101] : 0x0e (14) [102] : 0x37 (55) [103] : 0x41 (65) [104] : 0xea (234) [105] : 0x03 (3) [106] : 0x00 (0) [107] : 0x1d (29) [108] : 0x0e (14) [109] : 0x89 (137) [110] : 0x3c (60) [111] : 0xd2 (210) [112] : 0x00 (0) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x02 (2) [118] : 0x24 (36) [119] : 0x00 (0) [120] : 0x0c (12) [121] : 0x00 (0) [122] : 0x0f (15) [123] : 0x10 (16) [124] : 0x01 (1) [125] : 0x05 (5) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x05 (5) [132] : 0x15 (21) [133] : 0x00 (0) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0xcd (205) [137] : 0x0e (14) [138] : 0x37 (55) [139] : 0x41 (65) [140] : 0xea (234) [141] : 0x03 (3) [142] : 0x00 (0) [143] : 0x1d (29) [144] : 0x0e (14) [145] : 0x89 (137) [146] : 0x3c (60) [147] : 0xd2 (210) [148] : 0x00 (0) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x09 (9) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x20 (32) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x02 (2) [178] : 0x18 (24) [179] : 0x00 (0) [180] : 0x0c (12) [181] : 0x00 (0) [182] : 0x0f (15) [183] : 0x10 (16) [184] : 0x01 (1) [185] : 0x02 (2) [186] : 0x00 (0) [187] : 0x00 (0) [188] : 0x00 (0) [189] : 0x00 (0) [190] : 0x00 (0) [191] : 0x05 (5) [192] : 0x20 (32) [193] : 0x00 (0) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x20 (32) [197] : 0x02 (2) [198] : 0x00 (0) [199] : 0x00 (0) [200] : 0x00 (0) [201] : 0x09 (9) [202] : 0x18 (24) [203] : 0x00 (0) [204] : 0x0c (12) [205] : 0x00 (0) [206] : 0x0f (15) [207] : 0x10 (16) [208] : 0x01 (1) [209] : 0x02 (2) [210] : 0x00 (0) [211] : 0x00 (0) [212] : 0x00 (0) [213] : 0x00 (0) [214] : 0x00 (0) [215] : 0x05 (5) [216] : 0x20 (32) [217] : 0x00 (0) [218] : 0x00 (0) [219] : 0x00 (0) [220] : 0x26 (38) [221] : 0x02 (2) [222] : 0x00 (0) [223] : 0x00 (0) [224] : 0x00 (0) [225] : 0x02 (2) [226] : 0x18 (24) [227] : 0x00 (0) [228] : 0x0c (12) [229] : 0x00 (0) [230] : 0x0f (15) [231] : 0x10 (16) [232] : 0x01 (1) [233] : 0x02 (2) [234] : 0x00 (0) [235] : 0x00 (0) [236] : 0x00 (0) [237] : 0x00 (0) [238] : 0x00 (0) [239] : 0x05 (5) [240] : 0x20 (32) [241] : 0x00 (0) [242] : 0x00 (0) [243] : 0x00 (0) [244] : 0x26 (38) [245] : 0x02 (2) [246] : 0x00 (0) [247] : 0x00 (0) data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x000000f8 (248) result : WERR_OK [2013/11/07 14:24:54.063124, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000013b-0000-0000-7b52-a6947f2c0000 [2013/11/07 14:24:54.063423, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 3B 01 00 00 00 00 00 00 7B 52 A6 94 ....;... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:54.063574, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 3B 01 00 00 00 00 00 00 7B 52 A6 94 ....;... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:54.063721, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:24:54.063807, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (4->3) [2013/11/07 14:24:54.063891, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:24:54.064227, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000013a-0000-0000-7b52-a6947f2c0000 [2013/11/07 14:24:54.064534, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 3A 01 00 00 00 00 00 00 7B 52 A6 94 ....:... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:54.064687, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 3A 01 00 00 00 00 00 00 7B 52 A6 94 ....:... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:54.064839, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:24:54.064921, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (3->2) [2013/11/07 14:24:54.065003, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:24:54.065354, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000139-0000-0000-7b52-a5947f2c0000 [2013/11/07 14:24:54.065648, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 39 01 00 00 00 00 00 00 7B 52 A5 94 ....9... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:54.065800, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 39 01 00 00 00 00 00 00 7B 52 A5 94 ....9... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:54.065949, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:24:54.066036, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (2->1) [2013/11/07 14:24:54.066120, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:24:54.066454, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000138-0000-0000-7b52-a5947f2c0000 [2013/11/07 14:24:54.066732, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 38 01 00 00 00 00 00 00 7B 52 A5 94 ....8... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:54.066880, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 38 01 00 00 00 00 00 00 7B 52 A5 94 ....8... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:54.067027, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:24:54.067109, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (1->0) [2013/11/07 14:24:54.067214, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:24:54.067551, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:416(close_policy_by_pipe) Deleted handle list for RPC connection \winreg [2013/11/07 14:24:54.067761, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) spoolss_GetPrinter: struct spoolss_GetPrinter out: struct spoolss_GetPrinter info : * info : union spoolss_PrinterInfo(case 2) info2: struct spoolss_PrinterInfo2 servername : * servername : '\\SLAVER' printername : * printername : '\\SLAVER\sprinter1' sharename : * sharename : 'sprinter1' portname : * portname : 'Samba Printer Port' drivername : * drivername : '' comment : * comment : '' location : * location : '' devmode : * devmode: struct spoolss_DeviceMode devicename : '\\SLAVER\sprinter1' specversion : DMSPEC_NT4_AND_ABOVE (1025) driverversion : 0x0400 (1024) size : 0x00dc (220) __driverextra_length : 0x0000 (0) fields : 0x00014713 (83731) 1: DEVMODE_ORIENTATION 1: DEVMODE_PAPERSIZE 0: DEVMODE_PAPERLENGTH 0: DEVMODE_PAPERWIDTH 1: DEVMODE_SCALE 0: DEVMODE_POSITION 0: DEVMODE_NUP 1: DEVMODE_COPIES 1: DEVMODE_DEFAULTSOURCE 1: DEVMODE_PRINTQUALITY 0: DEVMODE_COLOR 0: DEVMODE_DUPLEX 0: DEVMODE_YRESOLUTION 1: DEVMODE_TTOPTION 0: DEVMODE_COLLATE 1: DEVMODE_FORMNAME 0: DEVMODE_LOGPIXELS 0: DEVMODE_BITSPERPEL 0: DEVMODE_PELSWIDTH 0: DEVMODE_PELSHEIGHT 0: DEVMODE_DISPLAYFLAGS 0: DEVMODE_DISPLAYFREQUENCY 0: DEVMODE_ICMMETHOD 0: DEVMODE_ICMINTENT 0: DEVMODE_MEDIATYPE 0: DEVMODE_DITHERTYPE 0: DEVMODE_PANNINGWIDTH 0: DEVMODE_PANNINGHEIGHT orientation : DMORIENT_PORTRAIT (1) papersize : DMPAPER_LETTER (1) paperlength : 0x0000 (0) paperwidth : 0x0000 (0) scale : 0x0064 (100) copies : 0x0001 (1) defaultsource : DMBIN_FORMSOURCE (15) printquality : DMRES_HIGH (65532) color : DMRES_MONOCHROME (1) duplex : DMDUP_SIMPLEX (1) yresolution : 0x0000 (0) ttoption : DMTT_SUBDEV (3) collate : DMCOLLATE_FALSE (0) formname : 'Letter' logpixels : 0x0000 (0) bitsperpel : 0x00000000 (0) pelswidth : 0x00000000 (0) pelsheight : 0x00000000 (0) displayflags : UNKNOWN_ENUM_VALUE (0) displayfrequency : 0x00000000 (0) icmmethod : UNKNOWN_ENUM_VALUE (0) icmintent : UNKNOWN_ENUM_VALUE (0) mediatype : UNKNOWN_ENUM_VALUE (0) dithertype : UNKNOWN_ENUM_VALUE (0) reserved1 : 0x00000000 (0) reserved2 : 0x00000000 (0) panningwidth : 0x00000000 (0) panningheight : 0x00000000 (0) driverextra_data : DATA_BLOB length=0 sepfile : * sepfile : '' printprocessor : * printprocessor : 'winprint' datatype : * datatype : 'RAW' parameters : * parameters : '' secdesc : * secdesc: struct security_descriptor revision : SECURITY_DESCRIPTOR_REVISION_1 (1) type : 0x8004 (32772) 0: SEC_DESC_OWNER_DEFAULTED 0: SEC_DESC_GROUP_DEFAULTED 1: SEC_DESC_DACL_PRESENT 0: SEC_DESC_DACL_DEFAULTED 0: SEC_DESC_SACL_PRESENT 0: SEC_DESC_SACL_DEFAULTED 0: SEC_DESC_DACL_TRUSTED 0: SEC_DESC_SERVER_SECURITY 0: SEC_DESC_DACL_AUTO_INHERIT_REQ 0: SEC_DESC_SACL_AUTO_INHERIT_REQ 0: SEC_DESC_DACL_AUTO_INHERITED 0: SEC_DESC_SACL_AUTO_INHERITED 0: SEC_DESC_DACL_PROTECTED 0: SEC_DESC_SACL_PROTECTED 0: SEC_DESC_RM_CONTROL_VALID 1: SEC_DESC_SELF_RELATIVE owner_sid : * owner_sid : S-1-5-32-544 group_sid : * group_sid : S-1-5-32-544 sacl : NULL dacl : * dacl: struct security_acl revision : SECURITY_ACL_REVISION_NT4 (2) size : 0x00c4 (196) num_aces : 0x00000007 (7) aces: ARRAY(7) aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0014 (20) access_mask : 0x20020008 (537001992) object : union security_ace_object_ctr(case 0) trustee : S-1-1-0 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x09 (9) 1: SEC_ACE_FLAG_OBJECT_INHERIT 0: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 1: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0024 (36) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-21-1094127309-486540266-3527182606-512 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0024 (36) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-21-1094127309-486540266-3527182606-512 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x09 (9) 1: SEC_ACE_FLAG_OBJECT_INHERIT 0: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 1: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-544 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-544 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x09 (9) 1: SEC_ACE_FLAG_OBJECT_INHERIT 0: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 1: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-550 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-550 attributes : 0x00001048 (4168) 0: PRINTER_ATTRIBUTE_QUEUED 0: PRINTER_ATTRIBUTE_DIRECT 0: PRINTER_ATTRIBUTE_DEFAULT 1: PRINTER_ATTRIBUTE_SHARED 0: PRINTER_ATTRIBUTE_NETWORK 0: PRINTER_ATTRIBUTE_HIDDEN 1: PRINTER_ATTRIBUTE_LOCAL 0: PRINTER_ATTRIBUTE_ENABLE_DEVQ 0: PRINTER_ATTRIBUTE_KEEPPRINTEDJOBS 0: PRINTER_ATTRIBUTE_DO_COMPLETE_FIRST 0: PRINTER_ATTRIBUTE_WORK_OFFLINE 0: PRINTER_ATTRIBUTE_ENABLE_BIDI 1: PRINTER_ATTRIBUTE_RAW_ONLY 0: PRINTER_ATTRIBUTE_PUBLISHED 0: PRINTER_ATTRIBUTE_FAX 0: PRINTER_ATTRIBUTE_TS priority : 0x00000001 (1) defaultpriority : 0x00000001 (1) starttime : 0x00000000 (0) untiltime : 0x00000000 (0) status : 0x00000000 (0) 0: PRINTER_STATUS_PAUSED 0: PRINTER_STATUS_ERROR 0: PRINTER_STATUS_PENDING_DELETION 0: PRINTER_STATUS_PAPER_JAM 0: PRINTER_STATUS_PAPER_OUT 0: PRINTER_STATUS_MANUAL_FEED 0: PRINTER_STATUS_PAPER_PROBLEM 0: PRINTER_STATUS_OFFLINE 0: PRINTER_STATUS_IO_ACTIVE 0: PRINTER_STATUS_BUSY 0: PRINTER_STATUS_PRINTING 0: PRINTER_STATUS_OUTPUT_BIN_FULL 0: PRINTER_STATUS_NOT_AVAILABLE 0: PRINTER_STATUS_WAITING 0: PRINTER_STATUS_PROCESSING 0: PRINTER_STATUS_INITIALIZING 0: PRINTER_STATUS_WARMING_UP 0: PRINTER_STATUS_TONER_LOW 0: PRINTER_STATUS_NO_TONER 0: PRINTER_STATUS_PAGE_PUNT 0: PRINTER_STATUS_USER_INTERVENTION 0: PRINTER_STATUS_OUT_OF_MEMORY 0: PRINTER_STATUS_DOOR_OPEN 0: PRINTER_STATUS_SERVER_UNKNOWN 0: PRINTER_STATUS_POWER_SAVE cjobs : 0x00000000 (0) averageppm : 0x00000000 (0) needed : * needed : 0x000002f0 (752) result : WERR_OK [2013/11/07 14:24:54.079174, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1417(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2013/11/07 14:24:54.079296, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (2016, 5001) - sec_ctx_stack_ndx = 0 [2013/11/07 14:24:54.079384, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 4140 smbd_smb2_request_pending_queue: req->current_idx = 1 req->in.vector[0].iov_len = 0 req->in.vector[1].iov_len = 0 req->in.vector[2].iov_len = 64 req->in.vector[3].iov_len = 56 req->in.vector[4].iov_len = 4156 req->out.vector[0].iov_len = 4 req->out.vector[1].iov_len = 0 req->out.vector[2].iov_len = 64 req->out.vector[3].iov_len = 8 req->out.vector[4].iov_len = 0 [2013/11/07 14:24:54.079889, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:128(smbd_smb2_ioctl_pipe_write_done) smbd_smb2_ioctl_pipe_write_done: received 4156 [2013/11/07 14:24:54.079974, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:149(smbd_smb2_ioctl_pipe_write_done) smbd_smb2_ioctl_pipe_write_done: issuing np_read_send of size 4136 [2013/11/07 14:24:54.080059, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) name: \spoolss len: 4136 [2013/11/07 14:24:54.080143, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:347(read_from_internal_pipe) read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 4112. [2013/11/07 14:24:54.080240, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x1028 (4136) auth_length : 0x0000 (0) call_id : 0x0000000c (12) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00001010 (4112) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=4112 [0000] 04 00 02 00 00 10 00 00 EE 0F 00 00 C8 0F 00 00 ........ ........ [0010] B4 0F 00 00 8E 0F 00 00 8C 0F 00 00 8A 0F 00 00 ........ ........ [0020] 88 0F 00 00 8C 0E 00 00 86 0F 00 00 74 0F 00 00 ........ ....t... [0030] 6C 0F 00 00 6A 0F 00 00 94 0D 00 00 48 10 00 00 l...j... ....H... [0040] 01 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 01 00 04 80 ........ ........ [0DA0] D8 00 00 00 E8 00 00 00 00 00 00 00 14 00 00 00 ........ ........ [0DB0] 02 00 C4 00 07 00 00 00 00 02 14 00 08 00 02 20 ........ ....... [0DC0] 01 01 00 00 00 00 00 01 00 00 00 00 00 09 24 00 ........ ......$. [0DD0] 0C 00 0F 10 01 05 00 00 00 00 00 05 15 00 00 00 ........ ........ [0DE0] CD 0E 37 41 EA 03 00 1D 0E 89 3C D2 00 02 00 00 ..7A.... ..<..... [0DF0] 00 02 24 00 0C 00 0F 10 01 05 00 00 00 00 00 05 ..$..... ........ [0E00] 15 00 00 00 CD 0E 37 41 EA 03 00 1D 0E 89 3C D2 ......7A ......<. [0E10] 00 02 00 00 00 09 18 00 0C 00 0F 10 01 02 00 00 ........ ........ [0E20] 00 00 00 05 20 00 00 00 20 02 00 00 00 02 18 00 .... ... ....... [0E30] 0C 00 0F 10 01 02 00 00 00 00 00 05 20 00 00 00 ........ .... ... [0E40] 20 02 00 00 00 09 18 00 0C 00 0F 10 01 02 00 00 ....... ........ [0E50] 00 00 00 05 20 00 00 00 26 02 00 00 00 02 18 00 .... ... &....... [0E60] 0C 00 0F 10 01 02 00 00 00 00 00 05 20 00 00 00 ........ .... ... [0E70] 26 02 00 00 01 02 00 00 00 00 00 05 20 00 00 00 &....... .... ... [0E80] 20 02 00 00 01 02 00 00 00 00 00 05 20 00 00 00 ....... .... ... [0E90] 20 02 00 00 5C 00 5C 00 53 00 4C 00 41 00 56 00 ...\.\. S.L.A.V. [0EA0] 45 00 52 00 5C 00 73 00 70 00 72 00 69 00 6E 00 E.R.\.s. p.r.i.n. [0EB0] 74 00 65 00 72 00 31 00 00 00 00 00 00 00 00 00 t.e.r.1. ........ [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0ED0] 00 00 00 00 01 04 00 04 DC 00 00 00 13 47 01 00 ........ .....G.. [0EE0] 01 00 01 00 00 00 00 00 64 00 01 00 0F 00 FC FF ........ d....... [0EF0] 01 00 01 00 00 00 03 00 00 00 4C 00 65 00 74 00 ........ ..L.e.t. [0F00] 74 00 65 00 72 00 00 00 00 00 00 00 00 00 00 00 t.e.r... ........ [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F70] 00 00 00 00 52 00 41 00 57 00 00 00 77 00 69 00 ....R.A. W...w.i. [0F80] 6E 00 70 00 72 00 69 00 6E 00 74 00 00 00 00 00 n.p.r.i. n.t..... [0F90] 00 00 00 00 00 00 53 00 61 00 6D 00 62 00 61 00 ......S. a.m.b.a. [0FA0] 20 00 50 00 72 00 69 00 6E 00 74 00 65 00 72 00 .P.r.i. n.t.e.r. [0FB0] 20 00 50 00 6F 00 72 00 74 00 00 00 73 00 70 00 .P.o.r. t...s.p. [0FC0] 72 00 69 00 6E 00 74 00 65 00 72 00 31 00 00 00 r.i.n.t. e.r.1... [0FD0] 5C 00 5C 00 53 00 4C 00 41 00 56 00 45 00 52 00 \.\.S.L. A.V.E.R. [0FE0] 5C 00 73 00 70 00 72 00 69 00 6E 00 74 00 65 00 \.s.p.r. i.n.t.e. [0FF0] 72 00 31 00 00 00 5C 00 5C 00 53 00 4C 00 41 00 r.1...\. \.S.L.A. [1000] 56 00 45 00 52 00 00 00 F0 02 00 00 00 00 00 00 V.E.R... ........ [2013/11/07 14:24:54.098765, 3, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) free_pipe_context: destroying talloc pool of size 1258 [2013/11/07 14:24:54.098896, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 4136 bytes. There is no more data outstanding [2013/11/07 14:24:54.098980, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:178(smbd_smb2_ioctl_pipe_read_done) smbd_smb2_ioctl_pipe_read_done: np_read_recv nread = 4136 is_data_outstanding = 0, status = NT_STATUS_OK [2013/11/07 14:24:54.099071, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl.c:291(smbd_smb2_request_ioctl_done) smbd_smb2_request_ioctl_done: smbd_smb2_ioctl_recv returned 4136 status NT_STATUS_OK [2013/11/07 14:24:54.099155, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[48] dyn[yes:4136] at ../source3/smbd/smb2_ioctl.c:358 [2013/11/07 14:24:54.099242, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/179/127 [2013/11/07 14:24:54.110579, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) smbd_smb2_request_incoming: idx[1] of 5 vectors [2013/11/07 14:24:54.111092, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) smb2_validate_sequence_number: clearing id 179 (position 179) from bitmap [2013/11/07 14:24:54.111317, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) smbd_smb2_request_dispatch: opcode[SMB2_OP_IOCTL] mid = 179 [2013/11/07 14:24:54.111592, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2013/11/07 14:24:54.111814, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) mid 179, CreditCharge: 1, NeededCharge: 1 [2013/11/07 14:24:54.112022, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl.c:394(smbd_smb2_ioctl_send) smbd_smb2_ioctl: ctl_code[0x0011c017] spoolss, fnum 3571729150 [2013/11/07 14:24:54.112244, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:59(smb2_ioctl_named_pipe) smbd_smb2_ioctl_send: np_write_send of size 4156 [2013/11/07 14:24:54.112518, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 4156 [2013/11/07 14:24:54.112726, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 4156 [2013/11/07 14:24:54.112928, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 4156 [2013/11/07 14:24:54.113131, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) fill_rpc_header: data_to_copy = 4156, len_needed_to_complete_hdr = 16, receive_len = 0 [2013/11/07 14:24:54.113367, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 16 [2013/11/07 14:24:54.113583, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 4140 [2013/11/07 14:24:54.113784, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 4140 [2013/11/07 14:24:54.114000, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 0 [2013/11/07 14:24:54.114197, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 4140 [2013/11/07 14:24:54.114395, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 4140, incoming data = 4140 [2013/11/07 14:24:54.114621, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) PDU is in Little Endian format! [2013/11/07 14:24:54.114852, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x103c (4156) auth_length : 0x0000 (0) call_id : 0x0000000d (13) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x00001024 (4132) context_id : 0x0000 (0) opnum : 0x0008 (8) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=4132 [0000] 00 00 00 00 0F 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 02 00 00 00 00 00 02 00 00 10 00 00 .,...... ........ [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1020] 00 10 00 00 .... [2013/11/07 14:24:54.142258, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) Processing packet type 0 [2013/11/07 14:24:54.142348, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1472(dcesrv_auth_request) Checking request auth. [2013/11/07 14:24:54.142443, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(2016, 5001) : sec_ctx_stack_ndx = 1 [2013/11/07 14:24:54.142536, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (2016, 5001) - sec_ctx_stack_ndx = 1 [2013/11/07 14:24:54.142620, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (7): SID[ 0]: S-1-5-21-1094127309-486540266-3527182606-1118 SID[ 1]: S-1-5-21-1094127309-486540266-3527182606-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-32-545 SID[ 6]: S-1-5-32-554 Privileges (0x 800000): Privilege[ 0]: SeChangeNotifyPrivilege Rights (0x 400): Right[ 0]: SeRemoteInteractiveLogonRight [2013/11/07 14:24:54.143103, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 2016 Primary group is 5001 and contains 6 supplementary groups Group[ 0]: 5001 Group[ 1]: 5012 Group[ 2]: 5032 Group[ 3]: 5010 Group[ 4]: 5067 Group[ 5]: 5052 [2013/11/07 14:24:54.143453, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1324(api_pipe_request) Requested \spoolss rpc service [2013/11/07 14:24:54.143541, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1356(api_rpcTNP) api_rpcTNP: \spoolss op 0x8 - api_rpcTNP: rpc command: SPOOLSS_GETPRINTER [2013/11/07 14:24:54.143627, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1390(api_rpcTNP) api_rpc_cmds[8].fn == 0xb766e000 [2013/11/07 14:24:54.143718, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) spoolss_GetPrinter: struct spoolss_GetPrinter in: struct spoolss_GetPrinter handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000010f-0000-0000-7b52-a4947f2c0000 level : 0x00000002 (2) buffer : * buffer : DATA_BLOB length=4096 [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ offered : 0x00001000 (4096) [2013/11/07 14:24:54.161168, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0F 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:54.161345, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0F 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:54.161510, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:489(get_printer_snum) short name:sprinter1 [2013/11/07 14:24:54.161693, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) Create pipe requested \winreg [2013/11/07 14:24:54.161788, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:221(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \winreg [2013/11/07 14:24:54.161871, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg [2013/11/07 14:24:54.162014, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) Created internal pipe \winreg [2013/11/07 14:24:54.162131, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:24:54.162642, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2013/11/07 14:24:54.162728, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(2016, 5001) : sec_ctx_stack_ndx = 2 [2013/11/07 14:24:54.162816, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:485(push_conn_ctx) push_conn_ctx(2620291195) : conn_ctx_stack_ndx = 0 [2013/11/07 14:24:54.162898, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/11/07 14:24:54.162978, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/11/07 14:24:54.163058, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/11/07 14:24:54.163309, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (2016, 5001) - sec_ctx_stack_ndx = 1 [2013/11/07 14:24:54.163394, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:866(regdb_open) regdb_open: registry db opened. refcount reset (1) [2013/11/07 14:24:54.163481, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2013/11/07 14:24:54.163561, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2013/11/07 14:24:54.163645, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:54.163724, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM] [2013/11/07 14:24:54.163870, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2013/11/07 14:24:54.163973, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:24:54.164062, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 3C 01 00 00 00 00 00 00 7B 52 A6 94 ....<... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:54.164215, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000013c-0000-0000-7b52-a6947f2c0000 result : WERR_OK [2013/11/07 14:24:54.164647, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000013c-0000-0000-7b52-a6947f2c0000 keyname: struct winreg_String name_len : 0x008c (140) name_size : 0x008c (140) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:24:54.165697, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 3C 01 00 00 00 00 00 00 7B 52 A6 94 ....<... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:54.165857, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2013/11/07 14:24:54.165940, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (1->2) [2013/11/07 14:24:54.166024, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2013/11/07 14:24:54.166103, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2013/11/07 14:24:54.166187, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:54.166281, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE] [2013/11/07 14:24:54.166394, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2013/11/07 14:24:54.166496, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2013/11/07 14:24:54.166578, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (2->3) [2013/11/07 14:24:54.166662, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:54.166741, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:54.166825, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:54.166904, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:54.167008, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:54.167108, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2013/11/07 14:24:54.167189, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (3->4) [2013/11/07 14:24:54.167273, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:54.167352, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:54.167436, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:54.167515, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:54.167615, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:54.167718, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2013/11/07 14:24:54.167800, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (4->5) [2013/11/07 14:24:54.167884, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:54.167963, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:54.168063, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:54.168141, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:54.168266, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2013/11/07 14:24:54.168349, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (5->6) [2013/11/07 14:24:54.168473, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:54.168554, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:54.168642, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:54.168721, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:54.168830, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2013/11/07 14:24:54.168912, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (6->7) [2013/11/07 14:24:54.168999, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:54.169079, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:54.169167, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:54.169246, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:54.169381, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:54.169483, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [sprinter1] [2013/11/07 14:24:54.169566, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (7->8) [2013/11/07 14:24:54.169651, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:54.169733, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:54.169837, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:54.169916, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:54.170042, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:54.170146, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:24:54.170231, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (8->7) [2013/11/07 14:24:54.170315, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (7->6) [2013/11/07 14:24:54.170399, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (6->5) [2013/11/07 14:24:54.170481, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (5->4) [2013/11/07 14:24:54.170563, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (4->3) [2013/11/07 14:24:54.170646, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (3->2) [2013/11/07 14:24:54.170729, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 3D 01 00 00 00 00 00 00 7B 52 A6 94 ....=... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:54.170879, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000013d-0000-0000-7b52-a6947f2c0000 result : WERR_OK [2013/11/07 14:24:54.171230, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey in: struct winreg_QueryInfoKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000013d-0000-0000-7b52-a6947f2c0000 classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL [2013/11/07 14:24:54.171701, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 3D 01 00 00 00 00 00 00 7B 52 A6 94 ....=... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:54.171880, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' (ops 0xb6d86bc0) [2013/11/07 14:24:54.171964, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:54.172082, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[0]: name[Attributes] len[4] [2013/11/07 14:24:54.172167, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[1]: name[Description] len[2] [2013/11/07 14:24:54.172251, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[2]: name[Datatype] len[8] [2013/11/07 14:24:54.172335, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[3]: name[Default Priority] len[4] [2013/11/07 14:24:54.172452, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[4]: name[Port] len[38] [2013/11/07 14:24:54.172537, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[5]: name[Name] len[20] [2013/11/07 14:24:54.172621, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[6]: name[Print Processor] len[18] [2013/11/07 14:24:54.172706, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[7]: name[Priority] len[4] [2013/11/07 14:24:54.172791, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[8]: name[Security] len[248] [2013/11/07 14:24:54.172875, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[9]: name[Share Name] len[20] [2013/11/07 14:24:54.172960, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[10]: name[StartTime] len[4] [2013/11/07 14:24:54.173045, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[11]: name[UntilTime] len[4] [2013/11/07 14:24:54.173130, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[12]: name[ChangeID] len[4] [2013/11/07 14:24:54.173215, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:54.173341, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey out: struct winreg_QueryInfoKey classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL num_subkeys : * num_subkeys : 0x00000003 (3) max_subkeylen : * max_subkeylen : 0x00000022 (34) max_classlen : * max_classlen : 0x00000000 (0) num_values : * num_values : 0x0000000d (13) max_valnamelen : * max_valnamelen : 0x00000022 (34) max_valbufsize : * max_valbufsize : 0x000000f8 (248) secdescsize : * secdescsize : 0x00000078 (120) last_changed_time : * last_changed_time : NTTIME(0) result : WERR_OK [2013/11/07 14:24:54.174340, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000013d-0000-0000-7b52-a6947f2c0000 enum_index : 0x00000000 (0) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:54.175190, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 3D 01 00 00 00 00 00 00 7B 52 A6 94 ....=... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:54.175340, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:54.175427, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0016 (22) size : 0x0024 (36) name : * name : 'Attributes' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x48 (72) [1] : 0x10 (16) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:54.176311, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000013d-0000-0000-7b52-a6947f2c0000 enum_index : 0x00000001 (1) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:54.177210, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 3D 01 00 00 00 00 00 00 7B 52 A6 94 ....=... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:54.177392, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:54.177483, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0018 (24) size : 0x0024 (36) name : * name : 'Description' type : * type : REG_SZ (1) value : * value: ARRAY(2) [0] : 0x00 (0) [1] : 0x00 (0) size : * size : 0x00000002 (2) length : * length : 0x00000002 (2) result : WERR_OK [2013/11/07 14:24:54.178273, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000013d-0000-0000-7b52-a6947f2c0000 enum_index : 0x00000002 (2) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:54.179131, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 3D 01 00 00 00 00 00 00 7B 52 A6 94 ....=... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:54.179280, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:54.179367, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Datatype' type : * type : REG_SZ (1) value : * value: ARRAY(8) [0] : 0x52 (82) [1] : 0x00 (0) [2] : 0x41 (65) [3] : 0x00 (0) [4] : 0x57 (87) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) size : * size : 0x00000008 (8) length : * length : 0x00000008 (8) result : WERR_OK [2013/11/07 14:24:54.180381, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000013d-0000-0000-7b52-a6947f2c0000 enum_index : 0x00000003 (3) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:54.181305, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 3D 01 00 00 00 00 00 00 7B 52 A6 94 ....=... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:54.181458, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:54.181545, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0022 (34) size : 0x0024 (36) name : * name : 'Default Priority' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:54.182425, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000013d-0000-0000-7b52-a6947f2c0000 enum_index : 0x00000004 (4) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:54.183281, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 3D 01 00 00 00 00 00 00 7B 52 A6 94 ....=... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:54.183429, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:54.183515, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x000a (10) size : 0x0024 (36) name : * name : 'Port' type : * type : REG_SZ (1) value : * value: ARRAY(38) [0] : 0x53 (83) [1] : 0x00 (0) [2] : 0x61 (97) [3] : 0x00 (0) [4] : 0x6d (109) [5] : 0x00 (0) [6] : 0x62 (98) [7] : 0x00 (0) [8] : 0x61 (97) [9] : 0x00 (0) [10] : 0x20 (32) [11] : 0x00 (0) [12] : 0x50 (80) [13] : 0x00 (0) [14] : 0x72 (114) [15] : 0x00 (0) [16] : 0x69 (105) [17] : 0x00 (0) [18] : 0x6e (110) [19] : 0x00 (0) [20] : 0x74 (116) [21] : 0x00 (0) [22] : 0x65 (101) [23] : 0x00 (0) [24] : 0x72 (114) [25] : 0x00 (0) [26] : 0x20 (32) [27] : 0x00 (0) [28] : 0x50 (80) [29] : 0x00 (0) [30] : 0x6f (111) [31] : 0x00 (0) [32] : 0x72 (114) [33] : 0x00 (0) [34] : 0x74 (116) [35] : 0x00 (0) [36] : 0x00 (0) [37] : 0x00 (0) size : * size : 0x00000026 (38) length : * length : 0x00000026 (38) result : WERR_OK [2013/11/07 14:24:54.185777, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000013d-0000-0000-7b52-a6947f2c0000 enum_index : 0x00000005 (5) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:54.186627, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 3D 01 00 00 00 00 00 00 7B 52 A6 94 ....=... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:54.186775, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:54.186862, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x000a (10) size : 0x0024 (36) name : * name : 'Name' type : * type : REG_SZ (1) value : * value: ARRAY(20) [0] : 0x73 (115) [1] : 0x00 (0) [2] : 0x70 (112) [3] : 0x00 (0) [4] : 0x72 (114) [5] : 0x00 (0) [6] : 0x69 (105) [7] : 0x00 (0) [8] : 0x6e (110) [9] : 0x00 (0) [10] : 0x74 (116) [11] : 0x00 (0) [12] : 0x65 (101) [13] : 0x00 (0) [14] : 0x72 (114) [15] : 0x00 (0) [16] : 0x31 (49) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) size : * size : 0x00000014 (20) length : * length : 0x00000014 (20) result : WERR_OK [2013/11/07 14:24:54.188364, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000013d-0000-0000-7b52-a6947f2c0000 enum_index : 0x00000006 (6) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:54.189235, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 3D 01 00 00 00 00 00 00 7B 52 A6 94 ....=... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:54.189414, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:54.189505, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0020 (32) size : 0x0024 (36) name : * name : 'Print Processor' type : * type : REG_SZ (1) value : * value: ARRAY(18) [0] : 0x77 (119) [1] : 0x00 (0) [2] : 0x69 (105) [3] : 0x00 (0) [4] : 0x6e (110) [5] : 0x00 (0) [6] : 0x70 (112) [7] : 0x00 (0) [8] : 0x72 (114) [9] : 0x00 (0) [10] : 0x69 (105) [11] : 0x00 (0) [12] : 0x6e (110) [13] : 0x00 (0) [14] : 0x74 (116) [15] : 0x00 (0) [16] : 0x00 (0) [17] : 0x00 (0) size : * size : 0x00000012 (18) length : * length : 0x00000012 (18) result : WERR_OK [2013/11/07 14:24:54.190920, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000013d-0000-0000-7b52-a6947f2c0000 enum_index : 0x00000007 (7) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:54.191763, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 3D 01 00 00 00 00 00 00 7B 52 A6 94 ....=... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:54.191911, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:54.191997, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Priority' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:54.192908, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000013d-0000-0000-7b52-a6947f2c0000 enum_index : 0x00000008 (8) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:54.193772, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 3D 01 00 00 00 00 00 00 7B 52 A6 94 ....=... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:54.193924, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:54.194011, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Security' type : * type : REG_BINARY (3) value : * value: ARRAY(248) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0xc4 (196) [55] : 0x00 (0) [56] : 0x07 (7) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x24 (36) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x05 (5) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x15 (21) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0xcd (205) [101] : 0x0e (14) [102] : 0x37 (55) [103] : 0x41 (65) [104] : 0xea (234) [105] : 0x03 (3) [106] : 0x00 (0) [107] : 0x1d (29) [108] : 0x0e (14) [109] : 0x89 (137) [110] : 0x3c (60) [111] : 0xd2 (210) [112] : 0x00 (0) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x02 (2) [118] : 0x24 (36) [119] : 0x00 (0) [120] : 0x0c (12) [121] : 0x00 (0) [122] : 0x0f (15) [123] : 0x10 (16) [124] : 0x01 (1) [125] : 0x05 (5) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x05 (5) [132] : 0x15 (21) [133] : 0x00 (0) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0xcd (205) [137] : 0x0e (14) [138] : 0x37 (55) [139] : 0x41 (65) [140] : 0xea (234) [141] : 0x03 (3) [142] : 0x00 (0) [143] : 0x1d (29) [144] : 0x0e (14) [145] : 0x89 (137) [146] : 0x3c (60) [147] : 0xd2 (210) [148] : 0x00 (0) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x09 (9) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x20 (32) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x02 (2) [178] : 0x18 (24) [179] : 0x00 (0) [180] : 0x0c (12) [181] : 0x00 (0) [182] : 0x0f (15) [183] : 0x10 (16) [184] : 0x01 (1) [185] : 0x02 (2) [186] : 0x00 (0) [187] : 0x00 (0) [188] : 0x00 (0) [189] : 0x00 (0) [190] : 0x00 (0) [191] : 0x05 (5) [192] : 0x20 (32) [193] : 0x00 (0) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x20 (32) [197] : 0x02 (2) [198] : 0x00 (0) [199] : 0x00 (0) [200] : 0x00 (0) [201] : 0x09 (9) [202] : 0x18 (24) [203] : 0x00 (0) [204] : 0x0c (12) [205] : 0x00 (0) [206] : 0x0f (15) [207] : 0x10 (16) [208] : 0x01 (1) [209] : 0x02 (2) [210] : 0x00 (0) [211] : 0x00 (0) [212] : 0x00 (0) [213] : 0x00 (0) [214] : 0x00 (0) [215] : 0x05 (5) [216] : 0x20 (32) [217] : 0x00 (0) [218] : 0x00 (0) [219] : 0x00 (0) [220] : 0x26 (38) [221] : 0x02 (2) [222] : 0x00 (0) [223] : 0x00 (0) [224] : 0x00 (0) [225] : 0x02 (2) [226] : 0x18 (24) [227] : 0x00 (0) [228] : 0x0c (12) [229] : 0x00 (0) [230] : 0x0f (15) [231] : 0x10 (16) [232] : 0x01 (1) [233] : 0x02 (2) [234] : 0x00 (0) [235] : 0x00 (0) [236] : 0x00 (0) [237] : 0x00 (0) [238] : 0x00 (0) [239] : 0x05 (5) [240] : 0x20 (32) [241] : 0x00 (0) [242] : 0x00 (0) [243] : 0x00 (0) [244] : 0x26 (38) [245] : 0x02 (2) [246] : 0x00 (0) [247] : 0x00 (0) size : * size : 0x000000f8 (248) length : * length : 0x000000f8 (248) result : WERR_OK [2013/11/07 14:24:54.204542, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000013d-0000-0000-7b52-a6947f2c0000 enum_index : 0x00000009 (9) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:54.205415, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 3D 01 00 00 00 00 00 00 7B 52 A6 94 ....=... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:54.205564, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:54.205651, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0016 (22) size : 0x0024 (36) name : * name : 'Share Name' type : * type : REG_SZ (1) value : * value: ARRAY(20) [0] : 0x73 (115) [1] : 0x00 (0) [2] : 0x70 (112) [3] : 0x00 (0) [4] : 0x72 (114) [5] : 0x00 (0) [6] : 0x69 (105) [7] : 0x00 (0) [8] : 0x6e (110) [9] : 0x00 (0) [10] : 0x74 (116) [11] : 0x00 (0) [12] : 0x65 (101) [13] : 0x00 (0) [14] : 0x72 (114) [15] : 0x00 (0) [16] : 0x31 (49) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) size : * size : 0x00000014 (20) length : * length : 0x00000014 (20) result : WERR_OK [2013/11/07 14:24:54.207223, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000013d-0000-0000-7b52-a6947f2c0000 enum_index : 0x0000000a (10) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:54.208072, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 3D 01 00 00 00 00 00 00 7B 52 A6 94 ....=... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:54.208221, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:54.208308, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0014 (20) size : 0x0024 (36) name : * name : 'StartTime' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:54.209215, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000013d-0000-0000-7b52-a6947f2c0000 enum_index : 0x0000000b (11) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:54.210093, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 3D 01 00 00 00 00 00 00 7B 52 A6 94 ....=... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:54.210241, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:54.210327, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0014 (20) size : 0x0024 (36) name : * name : 'UntilTime' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:54.211255, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000013d-0000-0000-7b52-a6947f2c0000 enum_index : 0x0000000c (12) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:54.212131, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 3D 01 00 00 00 00 00 00 7B 52 A6 94 ....=... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:54.212280, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:54.212366, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'ChangeID' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x33 (51) [1] : 0xac (172) [2] : 0x0e (14) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:54.213348, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000013d-0000-0000-7b52-a6947f2c0000 value_name : * value_name: struct winreg_String name_len : 0x0020 (32) name_size : 0x0020 (32) name : * name : 'Default DevMode' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2013/11/07 14:24:54.214123, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 3D 01 00 00 00 00 00 00 7B 52 A6 94 ....=... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:54.214272, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:54.214369, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2013/11/07 14:24:54.214458, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:316(_winreg_QueryValue) _winreg_QueryValue: reg_queryvalue failed with: WERR_BADFILE [2013/11/07 14:24:54.214539, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) result : WERR_BADFILE [2013/11/07 14:24:54.214995, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:24:54.215500, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2013/11/07 14:24:54.215583, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (2->3) [2013/11/07 14:24:54.215668, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2013/11/07 14:24:54.215748, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2013/11/07 14:24:54.215831, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:54.215910, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM] [2013/11/07 14:24:54.216030, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2013/11/07 14:24:54.216133, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:24:54.216221, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[3] [0000] 00 00 00 00 3E 01 00 00 00 00 00 00 7B 52 A6 94 ....>... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:54.216370, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000013e-0000-0000-7b52-a6947f2c0000 result : WERR_OK [2013/11/07 14:24:54.216792, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000013e-0000-0000-7b52-a6947f2c0000 keyname: struct winreg_String name_len : 0x008c (140) name_size : 0x008c (140) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:24:54.217818, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 3E 01 00 00 00 00 00 00 7B 52 A6 94 ....>... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:54.217973, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2013/11/07 14:24:54.218055, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (3->4) [2013/11/07 14:24:54.218139, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2013/11/07 14:24:54.218219, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2013/11/07 14:24:54.218302, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:54.218381, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE] [2013/11/07 14:24:54.218492, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2013/11/07 14:24:54.218592, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2013/11/07 14:24:54.218674, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (4->5) [2013/11/07 14:24:54.218758, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:54.218851, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:54.218935, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:54.219013, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:54.219120, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:54.219218, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2013/11/07 14:24:54.219301, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (5->6) [2013/11/07 14:24:54.219385, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:54.219603, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:54.219695, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:54.219774, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:54.219880, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:54.219981, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2013/11/07 14:24:54.220063, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (6->7) [2013/11/07 14:24:54.220149, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:54.220228, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:54.220313, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:54.220418, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:54.220546, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2013/11/07 14:24:54.220630, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (7->8) [2013/11/07 14:24:54.220716, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:54.220812, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:54.220900, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:54.220979, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:54.221087, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2013/11/07 14:24:54.221169, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (8->9) [2013/11/07 14:24:54.221254, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:54.221350, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:54.221440, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:54.221519, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:54.221625, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:54.221727, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [sprinter1] [2013/11/07 14:24:54.221810, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (9->10) [2013/11/07 14:24:54.221896, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:54.221976, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:54.222064, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:54.222142, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:54.222255, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:54.222358, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:24:54.222457, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (10->9) [2013/11/07 14:24:54.222542, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (9->8) [2013/11/07 14:24:54.222625, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (8->7) [2013/11/07 14:24:54.222708, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (7->6) [2013/11/07 14:24:54.222792, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (6->5) [2013/11/07 14:24:54.222876, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (5->4) [2013/11/07 14:24:54.222961, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[4] [0000] 00 00 00 00 3F 01 00 00 00 00 00 00 7B 52 A6 94 ....?... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:54.223112, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000013f-0000-0000-7b52-a6947f2c0000 result : WERR_OK [2013/11/07 14:24:54.223469, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000013f-0000-0000-7b52-a6947f2c0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2013/11/07 14:24:54.224243, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 3F 01 00 00 00 00 00 00 7B 52 A6 94 ....?... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:54.224419, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:54.224505, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2013/11/07 14:24:54.224587, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' (ops 0xb6d86bc0) [2013/11/07 14:24:54.224685, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:54.224794, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[0]: name[Attributes] len[4] [2013/11/07 14:24:54.224878, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[1]: name[Description] len[2] [2013/11/07 14:24:54.224962, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[2]: name[Datatype] len[8] [2013/11/07 14:24:54.225046, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[3]: name[Default Priority] len[4] [2013/11/07 14:24:54.225130, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[4]: name[Port] len[38] [2013/11/07 14:24:54.225214, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[5]: name[Name] len[20] [2013/11/07 14:24:54.225327, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[6]: name[Print Processor] len[18] [2013/11/07 14:24:54.225413, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[7]: name[Priority] len[4] [2013/11/07 14:24:54.225498, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[8]: name[Security] len[248] [2013/11/07 14:24:54.225583, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[9]: name[Share Name] len[20] [2013/11/07 14:24:54.225668, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[10]: name[StartTime] len[4] [2013/11/07 14:24:54.225753, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[11]: name[UntilTime] len[4] [2013/11/07 14:24:54.225837, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[12]: name[ChangeID] len[4] [2013/11/07 14:24:54.225924, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : NULL data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x00000000 (0) result : WERR_OK [2013/11/07 14:24:54.226381, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000013f-0000-0000-7b52-a6947f2c0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_BINARY (3) data : * data: ARRAY(0) data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x00000000 (0) [2013/11/07 14:24:54.227206, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 3F 01 00 00 00 00 00 00 7B 52 A6 94 ....?... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:54.227354, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:54.227436, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2013/11/07 14:24:54.227524, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : * data: ARRAY(248) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0xc4 (196) [55] : 0x00 (0) [56] : 0x07 (7) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x24 (36) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x05 (5) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x15 (21) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0xcd (205) [101] : 0x0e (14) [102] : 0x37 (55) [103] : 0x41 (65) [104] : 0xea (234) [105] : 0x03 (3) [106] : 0x00 (0) [107] : 0x1d (29) [108] : 0x0e (14) [109] : 0x89 (137) [110] : 0x3c (60) [111] : 0xd2 (210) [112] : 0x00 (0) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x02 (2) [118] : 0x24 (36) [119] : 0x00 (0) [120] : 0x0c (12) [121] : 0x00 (0) [122] : 0x0f (15) [123] : 0x10 (16) [124] : 0x01 (1) [125] : 0x05 (5) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x05 (5) [132] : 0x15 (21) [133] : 0x00 (0) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0xcd (205) [137] : 0x0e (14) [138] : 0x37 (55) [139] : 0x41 (65) [140] : 0xea (234) [141] : 0x03 (3) [142] : 0x00 (0) [143] : 0x1d (29) [144] : 0x0e (14) [145] : 0x89 (137) [146] : 0x3c (60) [147] : 0xd2 (210) [148] : 0x00 (0) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x09 (9) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x20 (32) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x02 (2) [178] : 0x18 (24) [179] : 0x00 (0) [180] : 0x0c (12) [181] : 0x00 (0) [182] : 0x0f (15) [183] : 0x10 (16) [184] : 0x01 (1) [185] : 0x02 (2) [186] : 0x00 (0) [187] : 0x00 (0) [188] : 0x00 (0) [189] : 0x00 (0) [190] : 0x00 (0) [191] : 0x05 (5) [192] : 0x20 (32) [193] : 0x00 (0) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x20 (32) [197] : 0x02 (2) [198] : 0x00 (0) [199] : 0x00 (0) [200] : 0x00 (0) [201] : 0x09 (9) [202] : 0x18 (24) [203] : 0x00 (0) [204] : 0x0c (12) [205] : 0x00 (0) [206] : 0x0f (15) [207] : 0x10 (16) [208] : 0x01 (1) [209] : 0x02 (2) [210] : 0x00 (0) [211] : 0x00 (0) [212] : 0x00 (0) [213] : 0x00 (0) [214] : 0x00 (0) [215] : 0x05 (5) [216] : 0x20 (32) [217] : 0x00 (0) [218] : 0x00 (0) [219] : 0x00 (0) [220] : 0x26 (38) [221] : 0x02 (2) [222] : 0x00 (0) [223] : 0x00 (0) [224] : 0x00 (0) [225] : 0x02 (2) [226] : 0x18 (24) [227] : 0x00 (0) [228] : 0x0c (12) [229] : 0x00 (0) [230] : 0x0f (15) [231] : 0x10 (16) [232] : 0x01 (1) [233] : 0x02 (2) [234] : 0x00 (0) [235] : 0x00 (0) [236] : 0x00 (0) [237] : 0x00 (0) [238] : 0x00 (0) [239] : 0x05 (5) [240] : 0x20 (32) [241] : 0x00 (0) [242] : 0x00 (0) [243] : 0x00 (0) [244] : 0x26 (38) [245] : 0x02 (2) [246] : 0x00 (0) [247] : 0x00 (0) data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x000000f8 (248) result : WERR_OK [2013/11/07 14:24:54.237899, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000013f-0000-0000-7b52-a6947f2c0000 [2013/11/07 14:24:54.238182, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 3F 01 00 00 00 00 00 00 7B 52 A6 94 ....?... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:54.238331, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 3F 01 00 00 00 00 00 00 7B 52 A6 94 ....?... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:54.238478, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:24:54.238564, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (4->3) [2013/11/07 14:24:54.238647, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:24:54.238984, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000013e-0000-0000-7b52-a6947f2c0000 [2013/11/07 14:24:54.239261, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 3E 01 00 00 00 00 00 00 7B 52 A6 94 ....>... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:54.239414, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 3E 01 00 00 00 00 00 00 7B 52 A6 94 ....>... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:54.239565, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:24:54.239648, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (3->2) [2013/11/07 14:24:54.239743, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:24:54.240080, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000013d-0000-0000-7b52-a6947f2c0000 [2013/11/07 14:24:54.240360, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 3D 01 00 00 00 00 00 00 7B 52 A6 94 ....=... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:54.240539, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 3D 01 00 00 00 00 00 00 7B 52 A6 94 ....=... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:54.240689, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:24:54.240778, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (2->1) [2013/11/07 14:24:54.240861, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:24:54.241196, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000013c-0000-0000-7b52-a6947f2c0000 [2013/11/07 14:24:54.241487, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 3C 01 00 00 00 00 00 00 7B 52 A6 94 ....<... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:54.241635, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 3C 01 00 00 00 00 00 00 7B 52 A6 94 ....<... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:54.241782, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:24:54.241864, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (1->0) [2013/11/07 14:24:54.241969, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:24:54.242322, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:416(close_policy_by_pipe) Deleted handle list for RPC connection \winreg [2013/11/07 14:24:54.242538, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) spoolss_GetPrinter: struct spoolss_GetPrinter out: struct spoolss_GetPrinter info : * info : union spoolss_PrinterInfo(case 2) info2: struct spoolss_PrinterInfo2 servername : * servername : '\\SLAVER' printername : * printername : '\\SLAVER\sprinter1' sharename : * sharename : 'sprinter1' portname : * portname : 'Samba Printer Port' drivername : * drivername : '' comment : * comment : '' location : * location : '' devmode : * devmode: struct spoolss_DeviceMode devicename : '\\SLAVER\sprinter1' specversion : DMSPEC_NT4_AND_ABOVE (1025) driverversion : 0x0400 (1024) size : 0x00dc (220) __driverextra_length : 0x0000 (0) fields : 0x00014713 (83731) 1: DEVMODE_ORIENTATION 1: DEVMODE_PAPERSIZE 0: DEVMODE_PAPERLENGTH 0: DEVMODE_PAPERWIDTH 1: DEVMODE_SCALE 0: DEVMODE_POSITION 0: DEVMODE_NUP 1: DEVMODE_COPIES 1: DEVMODE_DEFAULTSOURCE 1: DEVMODE_PRINTQUALITY 0: DEVMODE_COLOR 0: DEVMODE_DUPLEX 0: DEVMODE_YRESOLUTION 1: DEVMODE_TTOPTION 0: DEVMODE_COLLATE 1: DEVMODE_FORMNAME 0: DEVMODE_LOGPIXELS 0: DEVMODE_BITSPERPEL 0: DEVMODE_PELSWIDTH 0: DEVMODE_PELSHEIGHT 0: DEVMODE_DISPLAYFLAGS 0: DEVMODE_DISPLAYFREQUENCY 0: DEVMODE_ICMMETHOD 0: DEVMODE_ICMINTENT 0: DEVMODE_MEDIATYPE 0: DEVMODE_DITHERTYPE 0: DEVMODE_PANNINGWIDTH 0: DEVMODE_PANNINGHEIGHT orientation : DMORIENT_PORTRAIT (1) papersize : DMPAPER_LETTER (1) paperlength : 0x0000 (0) paperwidth : 0x0000 (0) scale : 0x0064 (100) copies : 0x0001 (1) defaultsource : DMBIN_FORMSOURCE (15) printquality : DMRES_HIGH (65532) color : DMRES_MONOCHROME (1) duplex : DMDUP_SIMPLEX (1) yresolution : 0x0000 (0) ttoption : DMTT_SUBDEV (3) collate : DMCOLLATE_FALSE (0) formname : 'Letter' logpixels : 0x0000 (0) bitsperpel : 0x00000000 (0) pelswidth : 0x00000000 (0) pelsheight : 0x00000000 (0) displayflags : UNKNOWN_ENUM_VALUE (0) displayfrequency : 0x00000000 (0) icmmethod : UNKNOWN_ENUM_VALUE (0) icmintent : UNKNOWN_ENUM_VALUE (0) mediatype : UNKNOWN_ENUM_VALUE (0) dithertype : UNKNOWN_ENUM_VALUE (0) reserved1 : 0x00000000 (0) reserved2 : 0x00000000 (0) panningwidth : 0x00000000 (0) panningheight : 0x00000000 (0) driverextra_data : DATA_BLOB length=0 sepfile : * sepfile : '' printprocessor : * printprocessor : 'winprint' datatype : * datatype : 'RAW' parameters : * parameters : '' secdesc : * secdesc: struct security_descriptor revision : SECURITY_DESCRIPTOR_REVISION_1 (1) type : 0x8004 (32772) 0: SEC_DESC_OWNER_DEFAULTED 0: SEC_DESC_GROUP_DEFAULTED 1: SEC_DESC_DACL_PRESENT 0: SEC_DESC_DACL_DEFAULTED 0: SEC_DESC_SACL_PRESENT 0: SEC_DESC_SACL_DEFAULTED 0: SEC_DESC_DACL_TRUSTED 0: SEC_DESC_SERVER_SECURITY 0: SEC_DESC_DACL_AUTO_INHERIT_REQ 0: SEC_DESC_SACL_AUTO_INHERIT_REQ 0: SEC_DESC_DACL_AUTO_INHERITED 0: SEC_DESC_SACL_AUTO_INHERITED 0: SEC_DESC_DACL_PROTECTED 0: SEC_DESC_SACL_PROTECTED 0: SEC_DESC_RM_CONTROL_VALID 1: SEC_DESC_SELF_RELATIVE owner_sid : * owner_sid : S-1-5-32-544 group_sid : * group_sid : S-1-5-32-544 sacl : NULL dacl : * dacl: struct security_acl revision : SECURITY_ACL_REVISION_NT4 (2) size : 0x00c4 (196) num_aces : 0x00000007 (7) aces: ARRAY(7) aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0014 (20) access_mask : 0x20020008 (537001992) object : union security_ace_object_ctr(case 0) trustee : S-1-1-0 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x09 (9) 1: SEC_ACE_FLAG_OBJECT_INHERIT 0: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 1: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0024 (36) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-21-1094127309-486540266-3527182606-512 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0024 (36) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-21-1094127309-486540266-3527182606-512 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x09 (9) 1: SEC_ACE_FLAG_OBJECT_INHERIT 0: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 1: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-544 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-544 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x09 (9) 1: SEC_ACE_FLAG_OBJECT_INHERIT 0: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 1: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-550 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-550 attributes : 0x00001048 (4168) 0: PRINTER_ATTRIBUTE_QUEUED 0: PRINTER_ATTRIBUTE_DIRECT 0: PRINTER_ATTRIBUTE_DEFAULT 1: PRINTER_ATTRIBUTE_SHARED 0: PRINTER_ATTRIBUTE_NETWORK 0: PRINTER_ATTRIBUTE_HIDDEN 1: PRINTER_ATTRIBUTE_LOCAL 0: PRINTER_ATTRIBUTE_ENABLE_DEVQ 0: PRINTER_ATTRIBUTE_KEEPPRINTEDJOBS 0: PRINTER_ATTRIBUTE_DO_COMPLETE_FIRST 0: PRINTER_ATTRIBUTE_WORK_OFFLINE 0: PRINTER_ATTRIBUTE_ENABLE_BIDI 1: PRINTER_ATTRIBUTE_RAW_ONLY 0: PRINTER_ATTRIBUTE_PUBLISHED 0: PRINTER_ATTRIBUTE_FAX 0: PRINTER_ATTRIBUTE_TS priority : 0x00000001 (1) defaultpriority : 0x00000001 (1) starttime : 0x00000000 (0) untiltime : 0x00000000 (0) status : 0x00000000 (0) 0: PRINTER_STATUS_PAUSED 0: PRINTER_STATUS_ERROR 0: PRINTER_STATUS_PENDING_DELETION 0: PRINTER_STATUS_PAPER_JAM 0: PRINTER_STATUS_PAPER_OUT 0: PRINTER_STATUS_MANUAL_FEED 0: PRINTER_STATUS_PAPER_PROBLEM 0: PRINTER_STATUS_OFFLINE 0: PRINTER_STATUS_IO_ACTIVE 0: PRINTER_STATUS_BUSY 0: PRINTER_STATUS_PRINTING 0: PRINTER_STATUS_OUTPUT_BIN_FULL 0: PRINTER_STATUS_NOT_AVAILABLE 0: PRINTER_STATUS_WAITING 0: PRINTER_STATUS_PROCESSING 0: PRINTER_STATUS_INITIALIZING 0: PRINTER_STATUS_WARMING_UP 0: PRINTER_STATUS_TONER_LOW 0: PRINTER_STATUS_NO_TONER 0: PRINTER_STATUS_PAGE_PUNT 0: PRINTER_STATUS_USER_INTERVENTION 0: PRINTER_STATUS_OUT_OF_MEMORY 0: PRINTER_STATUS_DOOR_OPEN 0: PRINTER_STATUS_SERVER_UNKNOWN 0: PRINTER_STATUS_POWER_SAVE cjobs : 0x00000000 (0) averageppm : 0x00000000 (0) needed : * needed : 0x000002f0 (752) result : WERR_OK [2013/11/07 14:24:54.253975, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1417(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2013/11/07 14:24:54.254099, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (2016, 5001) - sec_ctx_stack_ndx = 0 [2013/11/07 14:24:54.254187, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 4140 smbd_smb2_request_pending_queue: req->current_idx = 1 req->in.vector[0].iov_len = 0 req->in.vector[1].iov_len = 0 req->in.vector[2].iov_len = 64 req->in.vector[3].iov_len = 56 req->in.vector[4].iov_len = 4156 req->out.vector[0].iov_len = 4 req->out.vector[1].iov_len = 0 req->out.vector[2].iov_len = 64 req->out.vector[3].iov_len = 8 req->out.vector[4].iov_len = 0 [2013/11/07 14:24:54.254693, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:128(smbd_smb2_ioctl_pipe_write_done) smbd_smb2_ioctl_pipe_write_done: received 4156 [2013/11/07 14:24:54.254777, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:149(smbd_smb2_ioctl_pipe_write_done) smbd_smb2_ioctl_pipe_write_done: issuing np_read_send of size 4136 [2013/11/07 14:24:54.254862, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) name: \spoolss len: 4136 [2013/11/07 14:24:54.254946, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:347(read_from_internal_pipe) read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 4112. [2013/11/07 14:24:54.255043, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x1028 (4136) auth_length : 0x0000 (0) call_id : 0x0000000d (13) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00001010 (4112) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=4112 [0000] 04 00 02 00 00 10 00 00 EE 0F 00 00 C8 0F 00 00 ........ ........ [0010] B4 0F 00 00 8E 0F 00 00 8C 0F 00 00 8A 0F 00 00 ........ ........ [0020] 88 0F 00 00 8C 0E 00 00 86 0F 00 00 74 0F 00 00 ........ ....t... [0030] 6C 0F 00 00 6A 0F 00 00 94 0D 00 00 48 10 00 00 l...j... ....H... [0040] 01 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 01 00 04 80 ........ ........ [0DA0] D8 00 00 00 E8 00 00 00 00 00 00 00 14 00 00 00 ........ ........ [0DB0] 02 00 C4 00 07 00 00 00 00 02 14 00 08 00 02 20 ........ ....... [0DC0] 01 01 00 00 00 00 00 01 00 00 00 00 00 09 24 00 ........ ......$. [0DD0] 0C 00 0F 10 01 05 00 00 00 00 00 05 15 00 00 00 ........ ........ [0DE0] CD 0E 37 41 EA 03 00 1D 0E 89 3C D2 00 02 00 00 ..7A.... ..<..... [0DF0] 00 02 24 00 0C 00 0F 10 01 05 00 00 00 00 00 05 ..$..... ........ [0E00] 15 00 00 00 CD 0E 37 41 EA 03 00 1D 0E 89 3C D2 ......7A ......<. [0E10] 00 02 00 00 00 09 18 00 0C 00 0F 10 01 02 00 00 ........ ........ [0E20] 00 00 00 05 20 00 00 00 20 02 00 00 00 02 18 00 .... ... ....... [0E30] 0C 00 0F 10 01 02 00 00 00 00 00 05 20 00 00 00 ........ .... ... [0E40] 20 02 00 00 00 09 18 00 0C 00 0F 10 01 02 00 00 ....... ........ [0E50] 00 00 00 05 20 00 00 00 26 02 00 00 00 02 18 00 .... ... &....... [0E60] 0C 00 0F 10 01 02 00 00 00 00 00 05 20 00 00 00 ........ .... ... [0E70] 26 02 00 00 01 02 00 00 00 00 00 05 20 00 00 00 &....... .... ... [0E80] 20 02 00 00 01 02 00 00 00 00 00 05 20 00 00 00 ....... .... ... [0E90] 20 02 00 00 5C 00 5C 00 53 00 4C 00 41 00 56 00 ...\.\. S.L.A.V. [0EA0] 45 00 52 00 5C 00 73 00 70 00 72 00 69 00 6E 00 E.R.\.s. p.r.i.n. [0EB0] 74 00 65 00 72 00 31 00 00 00 00 00 00 00 00 00 t.e.r.1. ........ [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0ED0] 00 00 00 00 01 04 00 04 DC 00 00 00 13 47 01 00 ........ .....G.. [0EE0] 01 00 01 00 00 00 00 00 64 00 01 00 0F 00 FC FF ........ d....... [0EF0] 01 00 01 00 00 00 03 00 00 00 4C 00 65 00 74 00 ........ ..L.e.t. [0F00] 74 00 65 00 72 00 00 00 00 00 00 00 00 00 00 00 t.e.r... ........ [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F70] 00 00 00 00 52 00 41 00 57 00 00 00 77 00 69 00 ....R.A. W...w.i. [0F80] 6E 00 70 00 72 00 69 00 6E 00 74 00 00 00 00 00 n.p.r.i. n.t..... [0F90] 00 00 00 00 00 00 53 00 61 00 6D 00 62 00 61 00 ......S. a.m.b.a. [0FA0] 20 00 50 00 72 00 69 00 6E 00 74 00 65 00 72 00 .P.r.i. n.t.e.r. [0FB0] 20 00 50 00 6F 00 72 00 74 00 00 00 73 00 70 00 .P.o.r. t...s.p. [0FC0] 72 00 69 00 6E 00 74 00 65 00 72 00 31 00 00 00 r.i.n.t. e.r.1... [0FD0] 5C 00 5C 00 53 00 4C 00 41 00 56 00 45 00 52 00 \.\.S.L. A.V.E.R. [0FE0] 5C 00 73 00 70 00 72 00 69 00 6E 00 74 00 65 00 \.s.p.r. i.n.t.e. [0FF0] 72 00 31 00 00 00 5C 00 5C 00 53 00 4C 00 41 00 r.1...\. \.S.L.A. [1000] 56 00 45 00 52 00 00 00 F0 02 00 00 00 00 00 00 V.E.R... ........ [2013/11/07 14:24:54.273489, 3, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) free_pipe_context: destroying talloc pool of size 1258 [2013/11/07 14:24:54.273611, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 4136 bytes. There is no more data outstanding [2013/11/07 14:24:54.273693, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:178(smbd_smb2_ioctl_pipe_read_done) smbd_smb2_ioctl_pipe_read_done: np_read_recv nread = 4136 is_data_outstanding = 0, status = NT_STATUS_OK [2013/11/07 14:24:54.273798, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl.c:291(smbd_smb2_request_ioctl_done) smbd_smb2_request_ioctl_done: smbd_smb2_ioctl_recv returned 4136 status NT_STATUS_OK [2013/11/07 14:24:54.273882, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[48] dyn[yes:4136] at ../source3/smbd/smb2_ioctl.c:358 [2013/11/07 14:24:54.273970, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/180/127 [2013/11/07 14:24:54.277605, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) smbd_smb2_request_incoming: idx[1] of 5 vectors [2013/11/07 14:24:54.277745, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) smb2_validate_sequence_number: clearing id 180 (position 180) from bitmap [2013/11/07 14:24:54.277832, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) smbd_smb2_request_dispatch: opcode[SMB2_OP_IOCTL] mid = 180 [2013/11/07 14:24:54.277955, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2013/11/07 14:24:54.278049, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) mid 180, CreditCharge: 1, NeededCharge: 1 [2013/11/07 14:24:54.278227, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl.c:394(smbd_smb2_ioctl_send) smbd_smb2_ioctl: ctl_code[0x0011c017] spoolss, fnum 3571729150 [2013/11/07 14:24:54.278329, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:59(smb2_ioctl_named_pipe) smbd_smb2_ioctl_send: np_write_send of size 4156 [2013/11/07 14:24:54.278411, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 4156 [2013/11/07 14:24:54.278493, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 4156 [2013/11/07 14:24:54.278581, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 4156 [2013/11/07 14:24:54.278663, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) fill_rpc_header: data_to_copy = 4156, len_needed_to_complete_hdr = 16, receive_len = 0 [2013/11/07 14:24:54.278746, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 16 [2013/11/07 14:24:54.278825, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 4140 [2013/11/07 14:24:54.278905, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 4140 [2013/11/07 14:24:54.278991, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 0 [2013/11/07 14:24:54.279077, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 4140 [2013/11/07 14:24:54.279179, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 4140, incoming data = 4140 [2013/11/07 14:24:54.279264, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) PDU is in Little Endian format! [2013/11/07 14:24:54.279359, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x103c (4156) auth_length : 0x0000 (0) call_id : 0x0000000e (14) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x00001024 (4132) context_id : 0x0000 (0) opnum : 0x0008 (8) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=4132 [0000] 00 00 00 00 0F 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 02 00 00 00 00 00 02 00 00 10 00 00 .,...... ........ [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1020] 00 10 00 00 .... [2013/11/07 14:24:54.297880, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) Processing packet type 0 [2013/11/07 14:24:54.297966, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1472(dcesrv_auth_request) Checking request auth. [2013/11/07 14:24:54.298058, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(2016, 5001) : sec_ctx_stack_ndx = 1 [2013/11/07 14:24:54.298149, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (2016, 5001) - sec_ctx_stack_ndx = 1 [2013/11/07 14:24:54.298233, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (7): SID[ 0]: S-1-5-21-1094127309-486540266-3527182606-1118 SID[ 1]: S-1-5-21-1094127309-486540266-3527182606-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-32-545 SID[ 6]: S-1-5-32-554 Privileges (0x 800000): Privilege[ 0]: SeChangeNotifyPrivilege Rights (0x 400): Right[ 0]: SeRemoteInteractiveLogonRight [2013/11/07 14:24:54.298715, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 2016 Primary group is 5001 and contains 6 supplementary groups Group[ 0]: 5001 Group[ 1]: 5012 Group[ 2]: 5032 Group[ 3]: 5010 Group[ 4]: 5067 Group[ 5]: 5052 [2013/11/07 14:24:54.299062, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1324(api_pipe_request) Requested \spoolss rpc service [2013/11/07 14:24:54.299150, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1356(api_rpcTNP) api_rpcTNP: \spoolss op 0x8 - api_rpcTNP: rpc command: SPOOLSS_GETPRINTER [2013/11/07 14:24:54.299235, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1390(api_rpcTNP) api_rpc_cmds[8].fn == 0xb766e000 [2013/11/07 14:24:54.299324, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) spoolss_GetPrinter: struct spoolss_GetPrinter in: struct spoolss_GetPrinter handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000010f-0000-0000-7b52-a4947f2c0000 level : 0x00000002 (2) buffer : * buffer : DATA_BLOB length=4096 [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ offered : 0x00001000 (4096) [2013/11/07 14:24:54.316744, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0F 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:54.316899, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0F 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:54.317048, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:489(get_printer_snum) short name:sprinter1 [2013/11/07 14:24:54.317229, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) Create pipe requested \winreg [2013/11/07 14:24:54.317336, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:221(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \winreg [2013/11/07 14:24:54.317419, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg [2013/11/07 14:24:54.317560, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) Created internal pipe \winreg [2013/11/07 14:24:54.317677, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:24:54.318186, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2013/11/07 14:24:54.318271, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(2016, 5001) : sec_ctx_stack_ndx = 2 [2013/11/07 14:24:54.318359, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:485(push_conn_ctx) push_conn_ctx(2620291195) : conn_ctx_stack_ndx = 0 [2013/11/07 14:24:54.318441, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/11/07 14:24:54.318522, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/11/07 14:24:54.318601, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/11/07 14:24:54.318850, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (2016, 5001) - sec_ctx_stack_ndx = 1 [2013/11/07 14:24:54.318935, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:866(regdb_open) regdb_open: registry db opened. refcount reset (1) [2013/11/07 14:24:54.319038, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2013/11/07 14:24:54.319118, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2013/11/07 14:24:54.319202, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:54.319280, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM] [2013/11/07 14:24:54.319408, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2013/11/07 14:24:54.319511, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:24:54.319600, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 40 01 00 00 00 00 00 00 7B 52 A6 94 ....@... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:54.319904, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000140-0000-0000-7b52-a6947f2c0000 result : WERR_OK [2013/11/07 14:24:54.320272, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000140-0000-0000-7b52-a6947f2c0000 keyname: struct winreg_String name_len : 0x008c (140) name_size : 0x008c (140) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:24:54.321361, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 40 01 00 00 00 00 00 00 7B 52 A6 94 ....@... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:54.321520, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2013/11/07 14:24:54.321621, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (1->2) [2013/11/07 14:24:54.321705, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2013/11/07 14:24:54.321784, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2013/11/07 14:24:54.321869, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:54.321948, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE] [2013/11/07 14:24:54.322063, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2013/11/07 14:24:54.322164, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2013/11/07 14:24:54.322246, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (2->3) [2013/11/07 14:24:54.322331, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:54.322411, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:54.322494, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:54.322573, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:54.322678, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:54.322777, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2013/11/07 14:24:54.322859, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (3->4) [2013/11/07 14:24:54.322943, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:54.323022, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:54.323106, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:54.323185, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:54.323286, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:54.323403, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2013/11/07 14:24:54.323486, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (4->5) [2013/11/07 14:24:54.323570, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:54.323649, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:54.323735, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:54.323814, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:54.323938, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2013/11/07 14:24:54.324021, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (5->6) [2013/11/07 14:24:54.324105, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:54.324186, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:54.324274, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:54.324353, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:54.324499, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2013/11/07 14:24:54.324581, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (6->7) [2013/11/07 14:24:54.324668, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:54.324749, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:54.324837, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:54.324916, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:54.325020, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:54.325135, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [sprinter1] [2013/11/07 14:24:54.325218, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (7->8) [2013/11/07 14:24:54.325318, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:54.325401, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:54.325490, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:54.325570, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:54.325696, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:54.325800, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:24:54.325886, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (8->7) [2013/11/07 14:24:54.325970, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (7->6) [2013/11/07 14:24:54.326054, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (6->5) [2013/11/07 14:24:54.326137, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (5->4) [2013/11/07 14:24:54.326219, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (4->3) [2013/11/07 14:24:54.326303, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (3->2) [2013/11/07 14:24:54.326387, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 41 01 00 00 00 00 00 00 7B 52 A6 94 ....A... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:54.326537, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000141-0000-0000-7b52-a6947f2c0000 result : WERR_OK [2013/11/07 14:24:54.326890, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey in: struct winreg_QueryInfoKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000141-0000-0000-7b52-a6947f2c0000 classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL [2013/11/07 14:24:54.327376, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 41 01 00 00 00 00 00 00 7B 52 A6 94 ....A... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:54.327533, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' (ops 0xb6d86bc0) [2013/11/07 14:24:54.327617, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:54.327735, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[0]: name[Attributes] len[4] [2013/11/07 14:24:54.327820, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[1]: name[Description] len[2] [2013/11/07 14:24:54.327904, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[2]: name[Datatype] len[8] [2013/11/07 14:24:54.327988, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[3]: name[Default Priority] len[4] [2013/11/07 14:24:54.328073, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[4]: name[Port] len[38] [2013/11/07 14:24:54.328158, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[5]: name[Name] len[20] [2013/11/07 14:24:54.328242, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[6]: name[Print Processor] len[18] [2013/11/07 14:24:54.328327, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[7]: name[Priority] len[4] [2013/11/07 14:24:54.328447, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[8]: name[Security] len[248] [2013/11/07 14:24:54.328533, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[9]: name[Share Name] len[20] [2013/11/07 14:24:54.328618, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[10]: name[StartTime] len[4] [2013/11/07 14:24:54.328703, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[11]: name[UntilTime] len[4] [2013/11/07 14:24:54.328788, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[12]: name[ChangeID] len[4] [2013/11/07 14:24:54.328889, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:54.328995, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey out: struct winreg_QueryInfoKey classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL num_subkeys : * num_subkeys : 0x00000003 (3) max_subkeylen : * max_subkeylen : 0x00000022 (34) max_classlen : * max_classlen : 0x00000000 (0) num_values : * num_values : 0x0000000d (13) max_valnamelen : * max_valnamelen : 0x00000022 (34) max_valbufsize : * max_valbufsize : 0x000000f8 (248) secdescsize : * secdescsize : 0x00000078 (120) last_changed_time : * last_changed_time : NTTIME(0) result : WERR_OK [2013/11/07 14:24:54.330005, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000141-0000-0000-7b52-a6947f2c0000 enum_index : 0x00000000 (0) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:54.330858, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 41 01 00 00 00 00 00 00 7B 52 A6 94 ....A... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:54.331008, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:54.331097, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0016 (22) size : 0x0024 (36) name : * name : 'Attributes' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x48 (72) [1] : 0x10 (16) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:54.331985, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000141-0000-0000-7b52-a6947f2c0000 enum_index : 0x00000001 (1) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:54.332892, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 41 01 00 00 00 00 00 00 7B 52 A6 94 ....A... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:54.333042, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:54.333128, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0018 (24) size : 0x0024 (36) name : * name : 'Description' type : * type : REG_SZ (1) value : * value: ARRAY(2) [0] : 0x00 (0) [1] : 0x00 (0) size : * size : 0x00000002 (2) length : * length : 0x00000002 (2) result : WERR_OK [2013/11/07 14:24:54.333949, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000141-0000-0000-7b52-a6947f2c0000 enum_index : 0x00000002 (2) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:54.334811, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 41 01 00 00 00 00 00 00 7B 52 A6 94 ....A... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:54.334959, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:54.335046, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Datatype' type : * type : REG_SZ (1) value : * value: ARRAY(8) [0] : 0x52 (82) [1] : 0x00 (0) [2] : 0x41 (65) [3] : 0x00 (0) [4] : 0x57 (87) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) size : * size : 0x00000008 (8) length : * length : 0x00000008 (8) result : WERR_OK [2013/11/07 14:24:54.336062, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000141-0000-0000-7b52-a6947f2c0000 enum_index : 0x00000003 (3) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:54.336953, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 41 01 00 00 00 00 00 00 7B 52 A6 94 ....A... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:54.337105, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:54.337192, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0022 (34) size : 0x0024 (36) name : * name : 'Default Priority' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:54.338074, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000141-0000-0000-7b52-a6947f2c0000 enum_index : 0x00000004 (4) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:54.338933, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 41 01 00 00 00 00 00 00 7B 52 A6 94 ....A... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:54.339081, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:54.339167, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x000a (10) size : 0x0024 (36) name : * name : 'Port' type : * type : REG_SZ (1) value : * value: ARRAY(38) [0] : 0x53 (83) [1] : 0x00 (0) [2] : 0x61 (97) [3] : 0x00 (0) [4] : 0x6d (109) [5] : 0x00 (0) [6] : 0x62 (98) [7] : 0x00 (0) [8] : 0x61 (97) [9] : 0x00 (0) [10] : 0x20 (32) [11] : 0x00 (0) [12] : 0x50 (80) [13] : 0x00 (0) [14] : 0x72 (114) [15] : 0x00 (0) [16] : 0x69 (105) [17] : 0x00 (0) [18] : 0x6e (110) [19] : 0x00 (0) [20] : 0x74 (116) [21] : 0x00 (0) [22] : 0x65 (101) [23] : 0x00 (0) [24] : 0x72 (114) [25] : 0x00 (0) [26] : 0x20 (32) [27] : 0x00 (0) [28] : 0x50 (80) [29] : 0x00 (0) [30] : 0x6f (111) [31] : 0x00 (0) [32] : 0x72 (114) [33] : 0x00 (0) [34] : 0x74 (116) [35] : 0x00 (0) [36] : 0x00 (0) [37] : 0x00 (0) size : * size : 0x00000026 (38) length : * length : 0x00000026 (38) result : WERR_OK [2013/11/07 14:24:54.341408, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000141-0000-0000-7b52-a6947f2c0000 enum_index : 0x00000005 (5) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:54.342279, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 41 01 00 00 00 00 00 00 7B 52 A6 94 ....A... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:54.342429, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:54.342515, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x000a (10) size : 0x0024 (36) name : * name : 'Name' type : * type : REG_SZ (1) value : * value: ARRAY(20) [0] : 0x73 (115) [1] : 0x00 (0) [2] : 0x70 (112) [3] : 0x00 (0) [4] : 0x72 (114) [5] : 0x00 (0) [6] : 0x69 (105) [7] : 0x00 (0) [8] : 0x6e (110) [9] : 0x00 (0) [10] : 0x74 (116) [11] : 0x00 (0) [12] : 0x65 (101) [13] : 0x00 (0) [14] : 0x72 (114) [15] : 0x00 (0) [16] : 0x31 (49) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) size : * size : 0x00000014 (20) length : * length : 0x00000014 (20) result : WERR_OK [2013/11/07 14:24:54.344006, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000141-0000-0000-7b52-a6947f2c0000 enum_index : 0x00000006 (6) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:54.344878, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 41 01 00 00 00 00 00 00 7B 52 A6 94 ....A... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:54.345041, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:54.345128, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0020 (32) size : 0x0024 (36) name : * name : 'Print Processor' type : * type : REG_SZ (1) value : * value: ARRAY(18) [0] : 0x77 (119) [1] : 0x00 (0) [2] : 0x69 (105) [3] : 0x00 (0) [4] : 0x6e (110) [5] : 0x00 (0) [6] : 0x70 (112) [7] : 0x00 (0) [8] : 0x72 (114) [9] : 0x00 (0) [10] : 0x69 (105) [11] : 0x00 (0) [12] : 0x6e (110) [13] : 0x00 (0) [14] : 0x74 (116) [15] : 0x00 (0) [16] : 0x00 (0) [17] : 0x00 (0) size : * size : 0x00000012 (18) length : * length : 0x00000012 (18) result : WERR_OK [2013/11/07 14:24:54.346560, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000141-0000-0000-7b52-a6947f2c0000 enum_index : 0x00000007 (7) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:54.347406, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 41 01 00 00 00 00 00 00 7B 52 A6 94 ....A... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:54.347568, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:54.347655, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Priority' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:54.348553, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000141-0000-0000-7b52-a6947f2c0000 enum_index : 0x00000008 (8) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:54.349410, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 41 01 00 00 00 00 00 00 7B 52 A6 94 ....A... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:54.349561, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:54.349648, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Security' type : * type : REG_BINARY (3) value : * value: ARRAY(248) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0xc4 (196) [55] : 0x00 (0) [56] : 0x07 (7) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x24 (36) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x05 (5) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x15 (21) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0xcd (205) [101] : 0x0e (14) [102] : 0x37 (55) [103] : 0x41 (65) [104] : 0xea (234) [105] : 0x03 (3) [106] : 0x00 (0) [107] : 0x1d (29) [108] : 0x0e (14) [109] : 0x89 (137) [110] : 0x3c (60) [111] : 0xd2 (210) [112] : 0x00 (0) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x02 (2) [118] : 0x24 (36) [119] : 0x00 (0) [120] : 0x0c (12) [121] : 0x00 (0) [122] : 0x0f (15) [123] : 0x10 (16) [124] : 0x01 (1) [125] : 0x05 (5) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x05 (5) [132] : 0x15 (21) [133] : 0x00 (0) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0xcd (205) [137] : 0x0e (14) [138] : 0x37 (55) [139] : 0x41 (65) [140] : 0xea (234) [141] : 0x03 (3) [142] : 0x00 (0) [143] : 0x1d (29) [144] : 0x0e (14) [145] : 0x89 (137) [146] : 0x3c (60) [147] : 0xd2 (210) [148] : 0x00 (0) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x09 (9) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x20 (32) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x02 (2) [178] : 0x18 (24) [179] : 0x00 (0) [180] : 0x0c (12) [181] : 0x00 (0) [182] : 0x0f (15) [183] : 0x10 (16) [184] : 0x01 (1) [185] : 0x02 (2) [186] : 0x00 (0) [187] : 0x00 (0) [188] : 0x00 (0) [189] : 0x00 (0) [190] : 0x00 (0) [191] : 0x05 (5) [192] : 0x20 (32) [193] : 0x00 (0) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x20 (32) [197] : 0x02 (2) [198] : 0x00 (0) [199] : 0x00 (0) [200] : 0x00 (0) [201] : 0x09 (9) [202] : 0x18 (24) [203] : 0x00 (0) [204] : 0x0c (12) [205] : 0x00 (0) [206] : 0x0f (15) [207] : 0x10 (16) [208] : 0x01 (1) [209] : 0x02 (2) [210] : 0x00 (0) [211] : 0x00 (0) [212] : 0x00 (0) [213] : 0x00 (0) [214] : 0x00 (0) [215] : 0x05 (5) [216] : 0x20 (32) [217] : 0x00 (0) [218] : 0x00 (0) [219] : 0x00 (0) [220] : 0x26 (38) [221] : 0x02 (2) [222] : 0x00 (0) [223] : 0x00 (0) [224] : 0x00 (0) [225] : 0x02 (2) [226] : 0x18 (24) [227] : 0x00 (0) [228] : 0x0c (12) [229] : 0x00 (0) [230] : 0x0f (15) [231] : 0x10 (16) [232] : 0x01 (1) [233] : 0x02 (2) [234] : 0x00 (0) [235] : 0x00 (0) [236] : 0x00 (0) [237] : 0x00 (0) [238] : 0x00 (0) [239] : 0x05 (5) [240] : 0x20 (32) [241] : 0x00 (0) [242] : 0x00 (0) [243] : 0x00 (0) [244] : 0x26 (38) [245] : 0x02 (2) [246] : 0x00 (0) [247] : 0x00 (0) size : * size : 0x000000f8 (248) length : * length : 0x000000f8 (248) result : WERR_OK [2013/11/07 14:24:54.360264, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000141-0000-0000-7b52-a6947f2c0000 enum_index : 0x00000009 (9) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:54.361155, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 41 01 00 00 00 00 00 00 7B 52 A6 94 ....A... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:54.361319, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:54.361422, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0016 (22) size : 0x0024 (36) name : * name : 'Share Name' type : * type : REG_SZ (1) value : * value: ARRAY(20) [0] : 0x73 (115) [1] : 0x00 (0) [2] : 0x70 (112) [3] : 0x00 (0) [4] : 0x72 (114) [5] : 0x00 (0) [6] : 0x69 (105) [7] : 0x00 (0) [8] : 0x6e (110) [9] : 0x00 (0) [10] : 0x74 (116) [11] : 0x00 (0) [12] : 0x65 (101) [13] : 0x00 (0) [14] : 0x72 (114) [15] : 0x00 (0) [16] : 0x31 (49) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) size : * size : 0x00000014 (20) length : * length : 0x00000014 (20) result : WERR_OK [2013/11/07 14:24:54.363000, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000141-0000-0000-7b52-a6947f2c0000 enum_index : 0x0000000a (10) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:54.363848, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 41 01 00 00 00 00 00 00 7B 52 A6 94 ....A... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:54.363996, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:54.364096, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0014 (20) size : 0x0024 (36) name : * name : 'StartTime' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:54.364989, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000141-0000-0000-7b52-a6947f2c0000 enum_index : 0x0000000b (11) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:54.365864, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 41 01 00 00 00 00 00 00 7B 52 A6 94 ....A... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:54.366013, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:54.366099, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0014 (20) size : 0x0024 (36) name : * name : 'UntilTime' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:54.366983, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000141-0000-0000-7b52-a6947f2c0000 enum_index : 0x0000000c (12) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:54.367842, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 41 01 00 00 00 00 00 00 7B 52 A6 94 ....A... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:54.367990, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:54.368076, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'ChangeID' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x33 (51) [1] : 0xac (172) [2] : 0x0e (14) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:54.369019, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000141-0000-0000-7b52-a6947f2c0000 value_name : * value_name: struct winreg_String name_len : 0x0020 (32) name_size : 0x0020 (32) name : * name : 'Default DevMode' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2013/11/07 14:24:54.369838, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 41 01 00 00 00 00 00 00 7B 52 A6 94 ....A... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:54.369987, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:54.370069, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2013/11/07 14:24:54.370158, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:316(_winreg_QueryValue) _winreg_QueryValue: reg_queryvalue failed with: WERR_BADFILE [2013/11/07 14:24:54.370239, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) result : WERR_BADFILE [2013/11/07 14:24:54.370701, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:24:54.371209, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2013/11/07 14:24:54.371292, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (2->3) [2013/11/07 14:24:54.371377, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2013/11/07 14:24:54.371458, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2013/11/07 14:24:54.371543, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:54.371623, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM] [2013/11/07 14:24:54.371746, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2013/11/07 14:24:54.371863, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:24:54.371951, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[3] [0000] 00 00 00 00 42 01 00 00 00 00 00 00 7B 52 A6 94 ....B... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:54.372100, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000142-0000-0000-7b52-a6947f2c0000 result : WERR_OK [2013/11/07 14:24:54.372481, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000142-0000-0000-7b52-a6947f2c0000 keyname: struct winreg_String name_len : 0x008c (140) name_size : 0x008c (140) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:24:54.373500, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 42 01 00 00 00 00 00 00 7B 52 A6 94 ....B... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:54.373656, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2013/11/07 14:24:54.373738, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (3->4) [2013/11/07 14:24:54.373822, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2013/11/07 14:24:54.373902, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2013/11/07 14:24:54.373986, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:54.374065, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE] [2013/11/07 14:24:54.374177, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2013/11/07 14:24:54.374292, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2013/11/07 14:24:54.374374, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (4->5) [2013/11/07 14:24:54.374458, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:54.374537, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:54.374620, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:54.374699, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:54.374806, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:54.374906, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2013/11/07 14:24:54.374989, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (5->6) [2013/11/07 14:24:54.375073, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:54.375152, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:54.375236, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:54.375315, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:54.375417, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:54.375518, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2013/11/07 14:24:54.375599, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (6->7) [2013/11/07 14:24:54.375685, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:54.375765, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:54.375850, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:54.375929, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:54.376067, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2013/11/07 14:24:54.376150, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (7->8) [2013/11/07 14:24:54.376237, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:54.376317, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:54.376430, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:54.376512, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:54.376622, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2013/11/07 14:24:54.376704, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (8->9) [2013/11/07 14:24:54.376789, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:54.376871, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:54.376961, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:54.377040, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:54.377146, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:54.377248, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [sprinter1] [2013/11/07 14:24:54.377348, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (9->10) [2013/11/07 14:24:54.377434, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:54.377514, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:54.377602, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:54.377694, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:54.377807, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:54.377910, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:24:54.377995, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (10->9) [2013/11/07 14:24:54.378079, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (9->8) [2013/11/07 14:24:54.378162, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (8->7) [2013/11/07 14:24:54.378245, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (7->6) [2013/11/07 14:24:54.378328, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (6->5) [2013/11/07 14:24:54.378412, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (5->4) [2013/11/07 14:24:54.378496, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[4] [0000] 00 00 00 00 43 01 00 00 00 00 00 00 7B 52 A6 94 ....C... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:54.378646, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000143-0000-0000-7b52-a6947f2c0000 result : WERR_OK [2013/11/07 14:24:54.378999, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000143-0000-0000-7b52-a6947f2c0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2013/11/07 14:24:54.379774, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 43 01 00 00 00 00 00 00 7B 52 A6 94 ....C... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:54.379937, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:54.380019, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2013/11/07 14:24:54.380101, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' (ops 0xb6d86bc0) [2013/11/07 14:24:54.380185, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:54.380292, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[0]: name[Attributes] len[4] [2013/11/07 14:24:54.380377, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[1]: name[Description] len[2] [2013/11/07 14:24:54.382068, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[2]: name[Datatype] len[8] [2013/11/07 14:24:54.382394, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[3]: name[Default Priority] len[4] [2013/11/07 14:24:54.382614, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[4]: name[Port] len[38] [2013/11/07 14:24:54.382946, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[5]: name[Name] len[20] [2013/11/07 14:24:54.383158, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[6]: name[Print Processor] len[18] [2013/11/07 14:24:54.383370, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[7]: name[Priority] len[4] [2013/11/07 14:24:54.383582, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[8]: name[Security] len[248] [2013/11/07 14:24:54.383794, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[9]: name[Share Name] len[20] [2013/11/07 14:24:54.385649, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[10]: name[StartTime] len[4] [2013/11/07 14:24:54.385754, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[11]: name[UntilTime] len[4] [2013/11/07 14:24:54.385840, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[12]: name[ChangeID] len[4] [2013/11/07 14:24:54.385957, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : NULL data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x00000000 (0) result : WERR_OK [2013/11/07 14:24:54.386448, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000143-0000-0000-7b52-a6947f2c0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_BINARY (3) data : * data: ARRAY(0) data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x00000000 (0) [2013/11/07 14:24:54.387650, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 43 01 00 00 00 00 00 00 7B 52 A6 94 ....C... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:54.387803, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:54.387894, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2013/11/07 14:24:54.387985, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : * data: ARRAY(248) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0xc4 (196) [55] : 0x00 (0) [56] : 0x07 (7) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x24 (36) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x05 (5) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x15 (21) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0xcd (205) [101] : 0x0e (14) [102] : 0x37 (55) [103] : 0x41 (65) [104] : 0xea (234) [105] : 0x03 (3) [106] : 0x00 (0) [107] : 0x1d (29) [108] : 0x0e (14) [109] : 0x89 (137) [110] : 0x3c (60) [111] : 0xd2 (210) [112] : 0x00 (0) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x02 (2) [118] : 0x24 (36) [119] : 0x00 (0) [120] : 0x0c (12) [121] : 0x00 (0) [122] : 0x0f (15) [123] : 0x10 (16) [124] : 0x01 (1) [125] : 0x05 (5) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x05 (5) [132] : 0x15 (21) [133] : 0x00 (0) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0xcd (205) [137] : 0x0e (14) [138] : 0x37 (55) [139] : 0x41 (65) [140] : 0xea (234) [141] : 0x03 (3) [142] : 0x00 (0) [143] : 0x1d (29) [144] : 0x0e (14) [145] : 0x89 (137) [146] : 0x3c (60) [147] : 0xd2 (210) [148] : 0x00 (0) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x09 (9) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x20 (32) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x02 (2) [178] : 0x18 (24) [179] : 0x00 (0) [180] : 0x0c (12) [181] : 0x00 (0) [182] : 0x0f (15) [183] : 0x10 (16) [184] : 0x01 (1) [185] : 0x02 (2) [186] : 0x00 (0) [187] : 0x00 (0) [188] : 0x00 (0) [189] : 0x00 (0) [190] : 0x00 (0) [191] : 0x05 (5) [192] : 0x20 (32) [193] : 0x00 (0) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x20 (32) [197] : 0x02 (2) [198] : 0x00 (0) [199] : 0x00 (0) [200] : 0x00 (0) [201] : 0x09 (9) [202] : 0x18 (24) [203] : 0x00 (0) [204] : 0x0c (12) [205] : 0x00 (0) [206] : 0x0f (15) [207] : 0x10 (16) [208] : 0x01 (1) [209] : 0x02 (2) [210] : 0x00 (0) [211] : 0x00 (0) [212] : 0x00 (0) [213] : 0x00 (0) [214] : 0x00 (0) [215] : 0x05 (5) [216] : 0x20 (32) [217] : 0x00 (0) [218] : 0x00 (0) [219] : 0x00 (0) [220] : 0x26 (38) [221] : 0x02 (2) [222] : 0x00 (0) [223] : 0x00 (0) [224] : 0x00 (0) [225] : 0x02 (2) [226] : 0x18 (24) [227] : 0x00 (0) [228] : 0x0c (12) [229] : 0x00 (0) [230] : 0x0f (15) [231] : 0x10 (16) [232] : 0x01 (1) [233] : 0x02 (2) [234] : 0x00 (0) [235] : 0x00 (0) [236] : 0x00 (0) [237] : 0x00 (0) [238] : 0x00 (0) [239] : 0x05 (5) [240] : 0x20 (32) [241] : 0x00 (0) [242] : 0x00 (0) [243] : 0x00 (0) [244] : 0x26 (38) [245] : 0x02 (2) [246] : 0x00 (0) [247] : 0x00 (0) data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x000000f8 (248) result : WERR_OK [2013/11/07 14:24:54.398374, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000143-0000-0000-7b52-a6947f2c0000 [2013/11/07 14:24:54.398659, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 43 01 00 00 00 00 00 00 7B 52 A6 94 ....C... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:54.398809, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 43 01 00 00 00 00 00 00 7B 52 A6 94 ....C... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:54.398956, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:24:54.399045, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (4->3) [2013/11/07 14:24:54.399129, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:24:54.399465, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000142-0000-0000-7b52-a6947f2c0000 [2013/11/07 14:24:54.399743, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 42 01 00 00 00 00 00 00 7B 52 A6 94 ....B... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:54.399909, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 42 01 00 00 00 00 00 00 7B 52 A6 94 ....B... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:54.400060, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:24:54.400143, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (3->2) [2013/11/07 14:24:54.400224, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:24:54.400591, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000141-0000-0000-7b52-a6947f2c0000 [2013/11/07 14:24:54.400871, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 41 01 00 00 00 00 00 00 7B 52 A6 94 ....A... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:54.401021, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 41 01 00 00 00 00 00 00 7B 52 A6 94 ....A... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:54.401170, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:24:54.401259, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (2->1) [2013/11/07 14:24:54.401356, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:24:54.401689, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000140-0000-0000-7b52-a6947f2c0000 [2013/11/07 14:24:54.401967, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 40 01 00 00 00 00 00 00 7B 52 A6 94 ....@... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:54.402115, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 40 01 00 00 00 00 00 00 7B 52 A6 94 ....@... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:54.402275, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:24:54.402358, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (1->0) [2013/11/07 14:24:54.402464, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:24:54.402804, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:416(close_policy_by_pipe) Deleted handle list for RPC connection \winreg [2013/11/07 14:24:54.403032, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) spoolss_GetPrinter: struct spoolss_GetPrinter out: struct spoolss_GetPrinter info : * info : union spoolss_PrinterInfo(case 2) info2: struct spoolss_PrinterInfo2 servername : * servername : '\\SLAVER' printername : * printername : '\\SLAVER\sprinter1' sharename : * sharename : 'sprinter1' portname : * portname : 'Samba Printer Port' drivername : * drivername : '' comment : * comment : '' location : * location : '' devmode : * devmode: struct spoolss_DeviceMode devicename : '\\SLAVER\sprinter1' specversion : DMSPEC_NT4_AND_ABOVE (1025) driverversion : 0x0400 (1024) size : 0x00dc (220) __driverextra_length : 0x0000 (0) fields : 0x00014713 (83731) 1: DEVMODE_ORIENTATION 1: DEVMODE_PAPERSIZE 0: DEVMODE_PAPERLENGTH 0: DEVMODE_PAPERWIDTH 1: DEVMODE_SCALE 0: DEVMODE_POSITION 0: DEVMODE_NUP 1: DEVMODE_COPIES 1: DEVMODE_DEFAULTSOURCE 1: DEVMODE_PRINTQUALITY 0: DEVMODE_COLOR 0: DEVMODE_DUPLEX 0: DEVMODE_YRESOLUTION 1: DEVMODE_TTOPTION 0: DEVMODE_COLLATE 1: DEVMODE_FORMNAME 0: DEVMODE_LOGPIXELS 0: DEVMODE_BITSPERPEL 0: DEVMODE_PELSWIDTH 0: DEVMODE_PELSHEIGHT 0: DEVMODE_DISPLAYFLAGS 0: DEVMODE_DISPLAYFREQUENCY 0: DEVMODE_ICMMETHOD 0: DEVMODE_ICMINTENT 0: DEVMODE_MEDIATYPE 0: DEVMODE_DITHERTYPE 0: DEVMODE_PANNINGWIDTH 0: DEVMODE_PANNINGHEIGHT orientation : DMORIENT_PORTRAIT (1) papersize : DMPAPER_LETTER (1) paperlength : 0x0000 (0) paperwidth : 0x0000 (0) scale : 0x0064 (100) copies : 0x0001 (1) defaultsource : DMBIN_FORMSOURCE (15) printquality : DMRES_HIGH (65532) color : DMRES_MONOCHROME (1) duplex : DMDUP_SIMPLEX (1) yresolution : 0x0000 (0) ttoption : DMTT_SUBDEV (3) collate : DMCOLLATE_FALSE (0) formname : 'Letter' logpixels : 0x0000 (0) bitsperpel : 0x00000000 (0) pelswidth : 0x00000000 (0) pelsheight : 0x00000000 (0) displayflags : UNKNOWN_ENUM_VALUE (0) displayfrequency : 0x00000000 (0) icmmethod : UNKNOWN_ENUM_VALUE (0) icmintent : UNKNOWN_ENUM_VALUE (0) mediatype : UNKNOWN_ENUM_VALUE (0) dithertype : UNKNOWN_ENUM_VALUE (0) reserved1 : 0x00000000 (0) reserved2 : 0x00000000 (0) panningwidth : 0x00000000 (0) panningheight : 0x00000000 (0) driverextra_data : DATA_BLOB length=0 sepfile : * sepfile : '' printprocessor : * printprocessor : 'winprint' datatype : * datatype : 'RAW' parameters : * parameters : '' secdesc : * secdesc: struct security_descriptor revision : SECURITY_DESCRIPTOR_REVISION_1 (1) type : 0x8004 (32772) 0: SEC_DESC_OWNER_DEFAULTED 0: SEC_DESC_GROUP_DEFAULTED 1: SEC_DESC_DACL_PRESENT 0: SEC_DESC_DACL_DEFAULTED 0: SEC_DESC_SACL_PRESENT 0: SEC_DESC_SACL_DEFAULTED 0: SEC_DESC_DACL_TRUSTED 0: SEC_DESC_SERVER_SECURITY 0: SEC_DESC_DACL_AUTO_INHERIT_REQ 0: SEC_DESC_SACL_AUTO_INHERIT_REQ 0: SEC_DESC_DACL_AUTO_INHERITED 0: SEC_DESC_SACL_AUTO_INHERITED 0: SEC_DESC_DACL_PROTECTED 0: SEC_DESC_SACL_PROTECTED 0: SEC_DESC_RM_CONTROL_VALID 1: SEC_DESC_SELF_RELATIVE owner_sid : * owner_sid : S-1-5-32-544 group_sid : * group_sid : S-1-5-32-544 sacl : NULL dacl : * dacl: struct security_acl revision : SECURITY_ACL_REVISION_NT4 (2) size : 0x00c4 (196) num_aces : 0x00000007 (7) aces: ARRAY(7) aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0014 (20) access_mask : 0x20020008 (537001992) object : union security_ace_object_ctr(case 0) trustee : S-1-1-0 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x09 (9) 1: SEC_ACE_FLAG_OBJECT_INHERIT 0: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 1: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0024 (36) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-21-1094127309-486540266-3527182606-512 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0024 (36) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-21-1094127309-486540266-3527182606-512 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x09 (9) 1: SEC_ACE_FLAG_OBJECT_INHERIT 0: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 1: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-544 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-544 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x09 (9) 1: SEC_ACE_FLAG_OBJECT_INHERIT 0: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 1: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-550 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-550 attributes : 0x00001048 (4168) 0: PRINTER_ATTRIBUTE_QUEUED 0: PRINTER_ATTRIBUTE_DIRECT 0: PRINTER_ATTRIBUTE_DEFAULT 1: PRINTER_ATTRIBUTE_SHARED 0: PRINTER_ATTRIBUTE_NETWORK 0: PRINTER_ATTRIBUTE_HIDDEN 1: PRINTER_ATTRIBUTE_LOCAL 0: PRINTER_ATTRIBUTE_ENABLE_DEVQ 0: PRINTER_ATTRIBUTE_KEEPPRINTEDJOBS 0: PRINTER_ATTRIBUTE_DO_COMPLETE_FIRST 0: PRINTER_ATTRIBUTE_WORK_OFFLINE 0: PRINTER_ATTRIBUTE_ENABLE_BIDI 1: PRINTER_ATTRIBUTE_RAW_ONLY 0: PRINTER_ATTRIBUTE_PUBLISHED 0: PRINTER_ATTRIBUTE_FAX 0: PRINTER_ATTRIBUTE_TS priority : 0x00000001 (1) defaultpriority : 0x00000001 (1) starttime : 0x00000000 (0) untiltime : 0x00000000 (0) status : 0x00000000 (0) 0: PRINTER_STATUS_PAUSED 0: PRINTER_STATUS_ERROR 0: PRINTER_STATUS_PENDING_DELETION 0: PRINTER_STATUS_PAPER_JAM 0: PRINTER_STATUS_PAPER_OUT 0: PRINTER_STATUS_MANUAL_FEED 0: PRINTER_STATUS_PAPER_PROBLEM 0: PRINTER_STATUS_OFFLINE 0: PRINTER_STATUS_IO_ACTIVE 0: PRINTER_STATUS_BUSY 0: PRINTER_STATUS_PRINTING 0: PRINTER_STATUS_OUTPUT_BIN_FULL 0: PRINTER_STATUS_NOT_AVAILABLE 0: PRINTER_STATUS_WAITING 0: PRINTER_STATUS_PROCESSING 0: PRINTER_STATUS_INITIALIZING 0: PRINTER_STATUS_WARMING_UP 0: PRINTER_STATUS_TONER_LOW 0: PRINTER_STATUS_NO_TONER 0: PRINTER_STATUS_PAGE_PUNT 0: PRINTER_STATUS_USER_INTERVENTION 0: PRINTER_STATUS_OUT_OF_MEMORY 0: PRINTER_STATUS_DOOR_OPEN 0: PRINTER_STATUS_SERVER_UNKNOWN 0: PRINTER_STATUS_POWER_SAVE cjobs : 0x00000000 (0) averageppm : 0x00000000 (0) needed : * needed : 0x000002f0 (752) result : WERR_OK [2013/11/07 14:24:54.414607, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1417(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2013/11/07 14:24:54.414736, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (2016, 5001) - sec_ctx_stack_ndx = 0 [2013/11/07 14:24:54.414824, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 4140 smbd_smb2_request_pending_queue: req->current_idx = 1 req->in.vector[0].iov_len = 0 req->in.vector[1].iov_len = 0 req->in.vector[2].iov_len = 64 req->in.vector[3].iov_len = 56 req->in.vector[4].iov_len = 4156 req->out.vector[0].iov_len = 4 req->out.vector[1].iov_len = 0 req->out.vector[2].iov_len = 64 req->out.vector[3].iov_len = 8 req->out.vector[4].iov_len = 0 [2013/11/07 14:24:54.415331, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:128(smbd_smb2_ioctl_pipe_write_done) smbd_smb2_ioctl_pipe_write_done: received 4156 [2013/11/07 14:24:54.415416, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:149(smbd_smb2_ioctl_pipe_write_done) smbd_smb2_ioctl_pipe_write_done: issuing np_read_send of size 4136 [2013/11/07 14:24:54.415501, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) name: \spoolss len: 4136 [2013/11/07 14:24:54.415585, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:347(read_from_internal_pipe) read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 4112. [2013/11/07 14:24:54.415683, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x1028 (4136) auth_length : 0x0000 (0) call_id : 0x0000000e (14) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00001010 (4112) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=4112 [0000] 04 00 02 00 00 10 00 00 EE 0F 00 00 C8 0F 00 00 ........ ........ [0010] B4 0F 00 00 8E 0F 00 00 8C 0F 00 00 8A 0F 00 00 ........ ........ [0020] 88 0F 00 00 8C 0E 00 00 86 0F 00 00 74 0F 00 00 ........ ....t... [0030] 6C 0F 00 00 6A 0F 00 00 94 0D 00 00 48 10 00 00 l...j... ....H... [0040] 01 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 01 00 04 80 ........ ........ [0DA0] D8 00 00 00 E8 00 00 00 00 00 00 00 14 00 00 00 ........ ........ [0DB0] 02 00 C4 00 07 00 00 00 00 02 14 00 08 00 02 20 ........ ....... [0DC0] 01 01 00 00 00 00 00 01 00 00 00 00 00 09 24 00 ........ ......$. [0DD0] 0C 00 0F 10 01 05 00 00 00 00 00 05 15 00 00 00 ........ ........ [0DE0] CD 0E 37 41 EA 03 00 1D 0E 89 3C D2 00 02 00 00 ..7A.... ..<..... [0DF0] 00 02 24 00 0C 00 0F 10 01 05 00 00 00 00 00 05 ..$..... ........ [0E00] 15 00 00 00 CD 0E 37 41 EA 03 00 1D 0E 89 3C D2 ......7A ......<. [0E10] 00 02 00 00 00 09 18 00 0C 00 0F 10 01 02 00 00 ........ ........ [0E20] 00 00 00 05 20 00 00 00 20 02 00 00 00 02 18 00 .... ... ....... [0E30] 0C 00 0F 10 01 02 00 00 00 00 00 05 20 00 00 00 ........ .... ... [0E40] 20 02 00 00 00 09 18 00 0C 00 0F 10 01 02 00 00 ....... ........ [0E50] 00 00 00 05 20 00 00 00 26 02 00 00 00 02 18 00 .... ... &....... [0E60] 0C 00 0F 10 01 02 00 00 00 00 00 05 20 00 00 00 ........ .... ... [0E70] 26 02 00 00 01 02 00 00 00 00 00 05 20 00 00 00 &....... .... ... [0E80] 20 02 00 00 01 02 00 00 00 00 00 05 20 00 00 00 ....... .... ... [0E90] 20 02 00 00 5C 00 5C 00 53 00 4C 00 41 00 56 00 ...\.\. S.L.A.V. [0EA0] 45 00 52 00 5C 00 73 00 70 00 72 00 69 00 6E 00 E.R.\.s. p.r.i.n. [0EB0] 74 00 65 00 72 00 31 00 00 00 00 00 00 00 00 00 t.e.r.1. ........ [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0ED0] 00 00 00 00 01 04 00 04 DC 00 00 00 13 47 01 00 ........ .....G.. [0EE0] 01 00 01 00 00 00 00 00 64 00 01 00 0F 00 FC FF ........ d....... [0EF0] 01 00 01 00 00 00 03 00 00 00 4C 00 65 00 74 00 ........ ..L.e.t. [0F00] 74 00 65 00 72 00 00 00 00 00 00 00 00 00 00 00 t.e.r... ........ [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F70] 00 00 00 00 52 00 41 00 57 00 00 00 77 00 69 00 ....R.A. W...w.i. [0F80] 6E 00 70 00 72 00 69 00 6E 00 74 00 00 00 00 00 n.p.r.i. n.t..... [0F90] 00 00 00 00 00 00 53 00 61 00 6D 00 62 00 61 00 ......S. a.m.b.a. [0FA0] 20 00 50 00 72 00 69 00 6E 00 74 00 65 00 72 00 .P.r.i. n.t.e.r. [0FB0] 20 00 50 00 6F 00 72 00 74 00 00 00 73 00 70 00 .P.o.r. t...s.p. [0FC0] 72 00 69 00 6E 00 74 00 65 00 72 00 31 00 00 00 r.i.n.t. e.r.1... [0FD0] 5C 00 5C 00 53 00 4C 00 41 00 56 00 45 00 52 00 \.\.S.L. A.V.E.R. [0FE0] 5C 00 73 00 70 00 72 00 69 00 6E 00 74 00 65 00 \.s.p.r. i.n.t.e. [0FF0] 72 00 31 00 00 00 5C 00 5C 00 53 00 4C 00 41 00 r.1...\. \.S.L.A. [1000] 56 00 45 00 52 00 00 00 F0 02 00 00 00 00 00 00 V.E.R... ........ [2013/11/07 14:24:54.434159, 3, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) free_pipe_context: destroying talloc pool of size 1258 [2013/11/07 14:24:54.434294, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 4136 bytes. There is no more data outstanding [2013/11/07 14:24:54.434377, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:178(smbd_smb2_ioctl_pipe_read_done) smbd_smb2_ioctl_pipe_read_done: np_read_recv nread = 4136 is_data_outstanding = 0, status = NT_STATUS_OK [2013/11/07 14:24:54.434468, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl.c:291(smbd_smb2_request_ioctl_done) smbd_smb2_request_ioctl_done: smbd_smb2_ioctl_recv returned 4136 status NT_STATUS_OK [2013/11/07 14:24:54.434552, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[48] dyn[yes:4136] at ../source3/smbd/smb2_ioctl.c:358 [2013/11/07 14:24:54.434639, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/181/127 [2013/11/07 14:24:54.443247, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) smbd_smb2_request_incoming: idx[1] of 5 vectors [2013/11/07 14:24:54.443358, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) smb2_validate_sequence_number: clearing id 181 (position 181) from bitmap [2013/11/07 14:24:54.443446, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) smbd_smb2_request_dispatch: opcode[SMB2_OP_IOCTL] mid = 181 [2013/11/07 14:24:54.443568, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2013/11/07 14:24:54.443662, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) mid 181, CreditCharge: 1, NeededCharge: 1 [2013/11/07 14:24:54.443746, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl.c:394(smbd_smb2_ioctl_send) smbd_smb2_ioctl: ctl_code[0x0011c017] spoolss, fnum 3571729150 [2013/11/07 14:24:54.443837, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:59(smb2_ioctl_named_pipe) smbd_smb2_ioctl_send: np_write_send of size 4156 [2013/11/07 14:24:54.443919, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 4156 [2013/11/07 14:24:54.444002, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 4156 [2013/11/07 14:24:54.444083, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 4156 [2013/11/07 14:24:54.444165, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) fill_rpc_header: data_to_copy = 4156, len_needed_to_complete_hdr = 16, receive_len = 0 [2013/11/07 14:24:54.444248, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 16 [2013/11/07 14:24:54.444348, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 4140 [2013/11/07 14:24:54.444464, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 4140 [2013/11/07 14:24:54.444551, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 0 [2013/11/07 14:24:54.444631, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 4140 [2013/11/07 14:24:54.444710, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 4140, incoming data = 4140 [2013/11/07 14:24:54.444796, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) PDU is in Little Endian format! [2013/11/07 14:24:54.444892, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x103c (4156) auth_length : 0x0000 (0) call_id : 0x0000000f (15) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x00001024 (4132) context_id : 0x0000 (0) opnum : 0x0008 (8) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=4132 [0000] 00 00 00 00 0F 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 02 00 00 00 00 00 02 00 00 10 00 00 .,...... ........ [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1020] 00 10 00 00 .... [2013/11/07 14:24:54.482220, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) Processing packet type 0 [2013/11/07 14:24:54.482307, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1472(dcesrv_auth_request) Checking request auth. [2013/11/07 14:24:54.482405, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(2016, 5001) : sec_ctx_stack_ndx = 1 [2013/11/07 14:24:54.482497, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (2016, 5001) - sec_ctx_stack_ndx = 1 [2013/11/07 14:24:54.482581, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (7): SID[ 0]: S-1-5-21-1094127309-486540266-3527182606-1118 SID[ 1]: S-1-5-21-1094127309-486540266-3527182606-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-32-545 SID[ 6]: S-1-5-32-554 Privileges (0x 800000): Privilege[ 0]: SeChangeNotifyPrivilege Rights (0x 400): Right[ 0]: SeRemoteInteractiveLogonRight [2013/11/07 14:24:54.483067, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 2016 Primary group is 5001 and contains 6 supplementary groups Group[ 0]: 5001 Group[ 1]: 5012 Group[ 2]: 5032 Group[ 3]: 5010 Group[ 4]: 5067 Group[ 5]: 5052 [2013/11/07 14:24:54.483432, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1324(api_pipe_request) Requested \spoolss rpc service [2013/11/07 14:24:54.483521, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1356(api_rpcTNP) api_rpcTNP: \spoolss op 0x8 - api_rpcTNP: rpc command: SPOOLSS_GETPRINTER [2013/11/07 14:24:54.483607, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1390(api_rpcTNP) api_rpc_cmds[8].fn == 0xb766e000 [2013/11/07 14:24:54.483697, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) spoolss_GetPrinter: struct spoolss_GetPrinter in: struct spoolss_GetPrinter handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000010f-0000-0000-7b52-a4947f2c0000 level : 0x00000002 (2) buffer : * buffer : DATA_BLOB length=4096 [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ offered : 0x00001000 (4096) [2013/11/07 14:24:54.519102, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0F 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:54.519262, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0F 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:54.519412, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:489(get_printer_snum) short name:sprinter1 [2013/11/07 14:24:54.519598, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) Create pipe requested \winreg [2013/11/07 14:24:54.519692, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:221(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \winreg [2013/11/07 14:24:54.519776, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg [2013/11/07 14:24:54.519921, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) Created internal pipe \winreg [2013/11/07 14:24:54.520040, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:24:54.520761, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2013/11/07 14:24:54.520850, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(2016, 5001) : sec_ctx_stack_ndx = 2 [2013/11/07 14:24:54.520940, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:485(push_conn_ctx) push_conn_ctx(2620291195) : conn_ctx_stack_ndx = 0 [2013/11/07 14:24:54.521022, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/11/07 14:24:54.521120, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/11/07 14:24:54.521201, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/11/07 14:24:54.521471, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (2016, 5001) - sec_ctx_stack_ndx = 1 [2013/11/07 14:24:54.521557, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:866(regdb_open) regdb_open: registry db opened. refcount reset (1) [2013/11/07 14:24:54.521643, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2013/11/07 14:24:54.521723, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2013/11/07 14:24:54.521808, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:54.521887, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM] [2013/11/07 14:24:54.522016, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2013/11/07 14:24:54.522120, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:24:54.522209, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 44 01 00 00 00 00 00 00 7B 52 A6 94 ....D... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:54.522362, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000144-0000-0000-7b52-a6947f2c0000 result : WERR_OK [2013/11/07 14:24:54.522730, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000144-0000-0000-7b52-a6947f2c0000 keyname: struct winreg_String name_len : 0x008c (140) name_size : 0x008c (140) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:24:54.523752, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 44 01 00 00 00 00 00 00 7B 52 A6 94 ....D... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:54.523907, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2013/11/07 14:24:54.523989, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (1->2) [2013/11/07 14:24:54.524073, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2013/11/07 14:24:54.524152, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2013/11/07 14:24:54.524235, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:54.524314, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE] [2013/11/07 14:24:54.524467, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2013/11/07 14:24:54.524572, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2013/11/07 14:24:54.524654, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (2->3) [2013/11/07 14:24:54.524739, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:54.524818, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:54.524902, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:54.524981, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:54.525085, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:54.525185, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2013/11/07 14:24:54.525267, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (3->4) [2013/11/07 14:24:54.525382, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:54.525462, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:54.525561, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:54.525640, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:54.525747, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:54.525852, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2013/11/07 14:24:54.525934, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (4->5) [2013/11/07 14:24:54.526019, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:54.526099, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:54.526184, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:54.526264, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:54.526390, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2013/11/07 14:24:54.526474, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (5->6) [2013/11/07 14:24:54.526559, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:54.526640, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:54.526729, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:54.526808, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:54.526917, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2013/11/07 14:24:54.526999, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (6->7) [2013/11/07 14:24:54.527085, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:54.527166, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:54.527268, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:54.527347, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:54.527451, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:54.527553, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [sprinter1] [2013/11/07 14:24:54.527635, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (7->8) [2013/11/07 14:24:54.527721, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:54.527802, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:54.527891, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:54.527971, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:54.528097, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:54.528201, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:24:54.528286, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (8->7) [2013/11/07 14:24:54.528370, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (7->6) [2013/11/07 14:24:54.528494, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (6->5) [2013/11/07 14:24:54.528577, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (5->4) [2013/11/07 14:24:54.528660, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (4->3) [2013/11/07 14:24:54.528743, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (3->2) [2013/11/07 14:24:54.528827, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 45 01 00 00 00 00 00 00 7B 52 A6 94 ....E... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:54.528990, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000145-0000-0000-7b52-a6947f2c0000 result : WERR_OK [2013/11/07 14:24:54.529365, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey in: struct winreg_QueryInfoKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000145-0000-0000-7b52-a6947f2c0000 classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL [2013/11/07 14:24:54.529839, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 45 01 00 00 00 00 00 00 7B 52 A6 94 ....E... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:54.529994, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' (ops 0xb6d86bc0) [2013/11/07 14:24:54.530079, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:54.530199, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[0]: name[Attributes] len[4] [2013/11/07 14:24:54.530284, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[1]: name[Description] len[2] [2013/11/07 14:24:54.530368, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[2]: name[Datatype] len[8] [2013/11/07 14:24:54.530452, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[3]: name[Default Priority] len[4] [2013/11/07 14:24:54.530537, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[4]: name[Port] len[38] [2013/11/07 14:24:54.530621, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[5]: name[Name] len[20] [2013/11/07 14:24:54.530705, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[6]: name[Print Processor] len[18] [2013/11/07 14:24:54.530790, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[7]: name[Priority] len[4] [2013/11/07 14:24:54.530875, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[8]: name[Security] len[248] [2013/11/07 14:24:54.530974, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[9]: name[Share Name] len[20] [2013/11/07 14:24:54.531059, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[10]: name[StartTime] len[4] [2013/11/07 14:24:54.531144, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[11]: name[UntilTime] len[4] [2013/11/07 14:24:54.531229, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[12]: name[ChangeID] len[4] [2013/11/07 14:24:54.531315, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:54.531420, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey out: struct winreg_QueryInfoKey classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL num_subkeys : * num_subkeys : 0x00000003 (3) max_subkeylen : * max_subkeylen : 0x00000022 (34) max_classlen : * max_classlen : 0x00000000 (0) num_values : * num_values : 0x0000000d (13) max_valnamelen : * max_valnamelen : 0x00000022 (34) max_valbufsize : * max_valbufsize : 0x000000f8 (248) secdescsize : * secdescsize : 0x00000078 (120) last_changed_time : * last_changed_time : NTTIME(0) result : WERR_OK [2013/11/07 14:24:54.532437, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000145-0000-0000-7b52-a6947f2c0000 enum_index : 0x00000000 (0) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:54.533304, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 45 01 00 00 00 00 00 00 7B 52 A6 94 ....E... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:54.533474, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:54.533563, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0016 (22) size : 0x0024 (36) name : * name : 'Attributes' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x48 (72) [1] : 0x10 (16) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:54.534434, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000145-0000-0000-7b52-a6947f2c0000 enum_index : 0x00000001 (1) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:54.535280, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 45 01 00 00 00 00 00 00 7B 52 A6 94 ....E... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:54.535429, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:54.535515, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0018 (24) size : 0x0024 (36) name : * name : 'Description' type : * type : REG_SZ (1) value : * value: ARRAY(2) [0] : 0x00 (0) [1] : 0x00 (0) size : * size : 0x00000002 (2) length : * length : 0x00000002 (2) result : WERR_OK [2013/11/07 14:24:54.536316, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000145-0000-0000-7b52-a6947f2c0000 enum_index : 0x00000002 (2) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:54.537192, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 45 01 00 00 00 00 00 00 7B 52 A6 94 ....E... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:54.537367, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:54.537458, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Datatype' type : * type : REG_SZ (1) value : * value: ARRAY(8) [0] : 0x52 (82) [1] : 0x00 (0) [2] : 0x41 (65) [3] : 0x00 (0) [4] : 0x57 (87) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) size : * size : 0x00000008 (8) length : * length : 0x00000008 (8) result : WERR_OK [2013/11/07 14:24:54.538475, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000145-0000-0000-7b52-a6947f2c0000 enum_index : 0x00000003 (3) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:54.539333, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 45 01 00 00 00 00 00 00 7B 52 A6 94 ....E... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:54.539485, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:54.539571, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0022 (34) size : 0x0024 (36) name : * name : 'Default Priority' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:54.540464, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000145-0000-0000-7b52-a6947f2c0000 enum_index : 0x00000004 (4) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:54.541335, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 45 01 00 00 00 00 00 00 7B 52 A6 94 ....E... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:54.541498, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:54.541585, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x000a (10) size : 0x0024 (36) name : * name : 'Port' type : * type : REG_SZ (1) value : * value: ARRAY(38) [0] : 0x53 (83) [1] : 0x00 (0) [2] : 0x61 (97) [3] : 0x00 (0) [4] : 0x6d (109) [5] : 0x00 (0) [6] : 0x62 (98) [7] : 0x00 (0) [8] : 0x61 (97) [9] : 0x00 (0) [10] : 0x20 (32) [11] : 0x00 (0) [12] : 0x50 (80) [13] : 0x00 (0) [14] : 0x72 (114) [15] : 0x00 (0) [16] : 0x69 (105) [17] : 0x00 (0) [18] : 0x6e (110) [19] : 0x00 (0) [20] : 0x74 (116) [21] : 0x00 (0) [22] : 0x65 (101) [23] : 0x00 (0) [24] : 0x72 (114) [25] : 0x00 (0) [26] : 0x20 (32) [27] : 0x00 (0) [28] : 0x50 (80) [29] : 0x00 (0) [30] : 0x6f (111) [31] : 0x00 (0) [32] : 0x72 (114) [33] : 0x00 (0) [34] : 0x74 (116) [35] : 0x00 (0) [36] : 0x00 (0) [37] : 0x00 (0) size : * size : 0x00000026 (38) length : * length : 0x00000026 (38) result : WERR_OK [2013/11/07 14:24:54.543779, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000145-0000-0000-7b52-a6947f2c0000 enum_index : 0x00000005 (5) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:54.544670, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 45 01 00 00 00 00 00 00 7B 52 A6 94 ....E... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:54.544818, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:54.544905, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x000a (10) size : 0x0024 (36) name : * name : 'Name' type : * type : REG_SZ (1) value : * value: ARRAY(20) [0] : 0x73 (115) [1] : 0x00 (0) [2] : 0x70 (112) [3] : 0x00 (0) [4] : 0x72 (114) [5] : 0x00 (0) [6] : 0x69 (105) [7] : 0x00 (0) [8] : 0x6e (110) [9] : 0x00 (0) [10] : 0x74 (116) [11] : 0x00 (0) [12] : 0x65 (101) [13] : 0x00 (0) [14] : 0x72 (114) [15] : 0x00 (0) [16] : 0x31 (49) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) size : * size : 0x00000014 (20) length : * length : 0x00000014 (20) result : WERR_OK [2013/11/07 14:24:54.546417, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000145-0000-0000-7b52-a6947f2c0000 enum_index : 0x00000006 (6) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:54.547277, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 45 01 00 00 00 00 00 00 7B 52 A6 94 ....E... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:54.547425, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:54.547513, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0020 (32) size : 0x0024 (36) name : * name : 'Print Processor' type : * type : REG_SZ (1) value : * value: ARRAY(18) [0] : 0x77 (119) [1] : 0x00 (0) [2] : 0x69 (105) [3] : 0x00 (0) [4] : 0x6e (110) [5] : 0x00 (0) [6] : 0x70 (112) [7] : 0x00 (0) [8] : 0x72 (114) [9] : 0x00 (0) [10] : 0x69 (105) [11] : 0x00 (0) [12] : 0x6e (110) [13] : 0x00 (0) [14] : 0x74 (116) [15] : 0x00 (0) [16] : 0x00 (0) [17] : 0x00 (0) size : * size : 0x00000012 (18) length : * length : 0x00000012 (18) result : WERR_OK [2013/11/07 14:24:54.548944, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000145-0000-0000-7b52-a6947f2c0000 enum_index : 0x00000007 (7) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:54.549827, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 45 01 00 00 00 00 00 00 7B 52 A6 94 ....E... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:54.549976, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:54.550066, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Priority' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:54.550936, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000145-0000-0000-7b52-a6947f2c0000 enum_index : 0x00000008 (8) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:54.551780, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 45 01 00 00 00 00 00 00 7B 52 A6 94 ....E... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:54.551931, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:54.552032, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Security' type : * type : REG_BINARY (3) value : * value: ARRAY(248) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0xc4 (196) [55] : 0x00 (0) [56] : 0x07 (7) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x24 (36) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x05 (5) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x15 (21) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0xcd (205) [101] : 0x0e (14) [102] : 0x37 (55) [103] : 0x41 (65) [104] : 0xea (234) [105] : 0x03 (3) [106] : 0x00 (0) [107] : 0x1d (29) [108] : 0x0e (14) [109] : 0x89 (137) [110] : 0x3c (60) [111] : 0xd2 (210) [112] : 0x00 (0) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x02 (2) [118] : 0x24 (36) [119] : 0x00 (0) [120] : 0x0c (12) [121] : 0x00 (0) [122] : 0x0f (15) [123] : 0x10 (16) [124] : 0x01 (1) [125] : 0x05 (5) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x05 (5) [132] : 0x15 (21) [133] : 0x00 (0) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0xcd (205) [137] : 0x0e (14) [138] : 0x37 (55) [139] : 0x41 (65) [140] : 0xea (234) [141] : 0x03 (3) [142] : 0x00 (0) [143] : 0x1d (29) [144] : 0x0e (14) [145] : 0x89 (137) [146] : 0x3c (60) [147] : 0xd2 (210) [148] : 0x00 (0) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x09 (9) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x20 (32) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x02 (2) [178] : 0x18 (24) [179] : 0x00 (0) [180] : 0x0c (12) [181] : 0x00 (0) [182] : 0x0f (15) [183] : 0x10 (16) [184] : 0x01 (1) [185] : 0x02 (2) [186] : 0x00 (0) [187] : 0x00 (0) [188] : 0x00 (0) [189] : 0x00 (0) [190] : 0x00 (0) [191] : 0x05 (5) [192] : 0x20 (32) [193] : 0x00 (0) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x20 (32) [197] : 0x02 (2) [198] : 0x00 (0) [199] : 0x00 (0) [200] : 0x00 (0) [201] : 0x09 (9) [202] : 0x18 (24) [203] : 0x00 (0) [204] : 0x0c (12) [205] : 0x00 (0) [206] : 0x0f (15) [207] : 0x10 (16) [208] : 0x01 (1) [209] : 0x02 (2) [210] : 0x00 (0) [211] : 0x00 (0) [212] : 0x00 (0) [213] : 0x00 (0) [214] : 0x00 (0) [215] : 0x05 (5) [216] : 0x20 (32) [217] : 0x00 (0) [218] : 0x00 (0) [219] : 0x00 (0) [220] : 0x26 (38) [221] : 0x02 (2) [222] : 0x00 (0) [223] : 0x00 (0) [224] : 0x00 (0) [225] : 0x02 (2) [226] : 0x18 (24) [227] : 0x00 (0) [228] : 0x0c (12) [229] : 0x00 (0) [230] : 0x0f (15) [231] : 0x10 (16) [232] : 0x01 (1) [233] : 0x02 (2) [234] : 0x00 (0) [235] : 0x00 (0) [236] : 0x00 (0) [237] : 0x00 (0) [238] : 0x00 (0) [239] : 0x05 (5) [240] : 0x20 (32) [241] : 0x00 (0) [242] : 0x00 (0) [243] : 0x00 (0) [244] : 0x26 (38) [245] : 0x02 (2) [246] : 0x00 (0) [247] : 0x00 (0) size : * size : 0x000000f8 (248) length : * length : 0x000000f8 (248) result : WERR_OK [2013/11/07 14:24:54.562614, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000145-0000-0000-7b52-a6947f2c0000 enum_index : 0x00000009 (9) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:54.563485, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 45 01 00 00 00 00 00 00 7B 52 A6 94 ....E... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:54.563634, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:54.563722, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0016 (22) size : 0x0024 (36) name : * name : 'Share Name' type : * type : REG_SZ (1) value : * value: ARRAY(20) [0] : 0x73 (115) [1] : 0x00 (0) [2] : 0x70 (112) [3] : 0x00 (0) [4] : 0x72 (114) [5] : 0x00 (0) [6] : 0x69 (105) [7] : 0x00 (0) [8] : 0x6e (110) [9] : 0x00 (0) [10] : 0x74 (116) [11] : 0x00 (0) [12] : 0x65 (101) [13] : 0x00 (0) [14] : 0x72 (114) [15] : 0x00 (0) [16] : 0x31 (49) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) size : * size : 0x00000014 (20) length : * length : 0x00000014 (20) result : WERR_OK [2013/11/07 14:24:54.565238, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000145-0000-0000-7b52-a6947f2c0000 enum_index : 0x0000000a (10) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:54.566115, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 45 01 00 00 00 00 00 00 7B 52 A6 94 ....E... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:54.566263, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:54.566350, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0014 (20) size : 0x0024 (36) name : * name : 'StartTime' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:54.567212, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000145-0000-0000-7b52-a6947f2c0000 enum_index : 0x0000000b (11) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:54.568067, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 45 01 00 00 00 00 00 00 7B 52 A6 94 ....E... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:54.568215, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:54.568301, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0014 (20) size : 0x0024 (36) name : * name : 'UntilTime' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:54.569210, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000145-0000-0000-7b52-a6947f2c0000 enum_index : 0x0000000c (12) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:54.570080, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 45 01 00 00 00 00 00 00 7B 52 A6 94 ....E... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:54.570228, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:54.570314, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'ChangeID' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x33 (51) [1] : 0xac (172) [2] : 0x0e (14) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:54.571226, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000145-0000-0000-7b52-a6947f2c0000 value_name : * value_name: struct winreg_String name_len : 0x0020 (32) name_size : 0x0020 (32) name : * name : 'Default DevMode' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2013/11/07 14:24:54.572011, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 45 01 00 00 00 00 00 00 7B 52 A6 94 ....E... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:54.572159, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:54.572242, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2013/11/07 14:24:54.572329, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:316(_winreg_QueryValue) _winreg_QueryValue: reg_queryvalue failed with: WERR_BADFILE [2013/11/07 14:24:54.572436, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) result : WERR_BADFILE [2013/11/07 14:24:54.572892, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:24:54.573436, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2013/11/07 14:24:54.573519, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (2->3) [2013/11/07 14:24:54.573604, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2013/11/07 14:24:54.573699, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2013/11/07 14:24:54.573782, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:54.573861, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM] [2013/11/07 14:24:54.573982, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2013/11/07 14:24:54.574085, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:24:54.574173, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[3] [0000] 00 00 00 00 46 01 00 00 00 00 00 00 7B 52 A6 94 ....F... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:54.574321, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000146-0000-0000-7b52-a6947f2c0000 result : WERR_OK [2013/11/07 14:24:54.574665, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000146-0000-0000-7b52-a6947f2c0000 keyname: struct winreg_String name_len : 0x008c (140) name_size : 0x008c (140) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:24:54.575662, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 46 01 00 00 00 00 00 00 7B 52 A6 94 ....F... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:54.575816, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2013/11/07 14:24:54.575898, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (3->4) [2013/11/07 14:24:54.575982, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2013/11/07 14:24:54.576075, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2013/11/07 14:24:54.576158, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:54.576237, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE] [2013/11/07 14:24:54.576346, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2013/11/07 14:24:54.576478, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2013/11/07 14:24:54.576560, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (4->5) [2013/11/07 14:24:54.576644, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:54.576723, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:54.576807, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:54.576885, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:54.576992, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:54.577091, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2013/11/07 14:24:54.577174, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (5->6) [2013/11/07 14:24:54.577258, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:54.577358, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:54.577442, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:54.577521, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:54.577623, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:54.577722, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2013/11/07 14:24:54.577804, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (6->7) [2013/11/07 14:24:54.577905, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:54.577984, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:54.578069, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:54.578148, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:54.578271, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2013/11/07 14:24:54.578354, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (7->8) [2013/11/07 14:24:54.578441, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:54.578521, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:54.578608, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:54.578687, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:54.578794, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2013/11/07 14:24:54.578876, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (8->9) [2013/11/07 14:24:54.578961, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:54.579042, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:54.579132, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:54.579211, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:54.579316, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:54.579418, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [sprinter1] [2013/11/07 14:24:54.579501, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (9->10) [2013/11/07 14:24:54.579600, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:54.579681, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:54.579768, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:54.579847, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:54.579959, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:54.580061, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:24:54.580146, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (10->9) [2013/11/07 14:24:54.580230, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (9->8) [2013/11/07 14:24:54.580313, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (8->7) [2013/11/07 14:24:54.580454, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (7->6) [2013/11/07 14:24:54.580542, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (6->5) [2013/11/07 14:24:54.580625, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (5->4) [2013/11/07 14:24:54.580710, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[4] [0000] 00 00 00 00 47 01 00 00 00 00 00 00 7B 52 A6 94 ....G... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:54.580860, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000147-0000-0000-7b52-a6947f2c0000 result : WERR_OK [2013/11/07 14:24:54.581212, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000147-0000-0000-7b52-a6947f2c0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2013/11/07 14:24:54.582020, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 47 01 00 00 00 00 00 00 7B 52 A6 94 ....G... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:54.582169, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:54.582251, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2013/11/07 14:24:54.582333, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' (ops 0xb6d86bc0) [2013/11/07 14:24:54.582417, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:54.582523, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[0]: name[Attributes] len[4] [2013/11/07 14:24:54.582607, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[1]: name[Description] len[2] [2013/11/07 14:24:54.582691, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[2]: name[Datatype] len[8] [2013/11/07 14:24:54.582775, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[3]: name[Default Priority] len[4] [2013/11/07 14:24:54.582859, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[4]: name[Port] len[38] [2013/11/07 14:24:54.582943, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[5]: name[Name] len[20] [2013/11/07 14:24:54.583027, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[6]: name[Print Processor] len[18] [2013/11/07 14:24:54.583112, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[7]: name[Priority] len[4] [2013/11/07 14:24:54.583197, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[8]: name[Security] len[248] [2013/11/07 14:24:54.583281, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[9]: name[Share Name] len[20] [2013/11/07 14:24:54.583380, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[10]: name[StartTime] len[4] [2013/11/07 14:24:54.583465, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[11]: name[UntilTime] len[4] [2013/11/07 14:24:54.583550, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[12]: name[ChangeID] len[4] [2013/11/07 14:24:54.583636, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : NULL data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x00000000 (0) result : WERR_OK [2013/11/07 14:24:54.584088, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000147-0000-0000-7b52-a6947f2c0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_BINARY (3) data : * data: ARRAY(0) data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x00000000 (0) [2013/11/07 14:24:54.584924, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 47 01 00 00 00 00 00 00 7B 52 A6 94 ....G... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:54.585073, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:54.585155, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2013/11/07 14:24:54.585243, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : * data: ARRAY(248) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0xc4 (196) [55] : 0x00 (0) [56] : 0x07 (7) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x24 (36) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x05 (5) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x15 (21) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0xcd (205) [101] : 0x0e (14) [102] : 0x37 (55) [103] : 0x41 (65) [104] : 0xea (234) [105] : 0x03 (3) [106] : 0x00 (0) [107] : 0x1d (29) [108] : 0x0e (14) [109] : 0x89 (137) [110] : 0x3c (60) [111] : 0xd2 (210) [112] : 0x00 (0) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x02 (2) [118] : 0x24 (36) [119] : 0x00 (0) [120] : 0x0c (12) [121] : 0x00 (0) [122] : 0x0f (15) [123] : 0x10 (16) [124] : 0x01 (1) [125] : 0x05 (5) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x05 (5) [132] : 0x15 (21) [133] : 0x00 (0) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0xcd (205) [137] : 0x0e (14) [138] : 0x37 (55) [139] : 0x41 (65) [140] : 0xea (234) [141] : 0x03 (3) [142] : 0x00 (0) [143] : 0x1d (29) [144] : 0x0e (14) [145] : 0x89 (137) [146] : 0x3c (60) [147] : 0xd2 (210) [148] : 0x00 (0) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x09 (9) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x20 (32) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x02 (2) [178] : 0x18 (24) [179] : 0x00 (0) [180] : 0x0c (12) [181] : 0x00 (0) [182] : 0x0f (15) [183] : 0x10 (16) [184] : 0x01 (1) [185] : 0x02 (2) [186] : 0x00 (0) [187] : 0x00 (0) [188] : 0x00 (0) [189] : 0x00 (0) [190] : 0x00 (0) [191] : 0x05 (5) [192] : 0x20 (32) [193] : 0x00 (0) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x20 (32) [197] : 0x02 (2) [198] : 0x00 (0) [199] : 0x00 (0) [200] : 0x00 (0) [201] : 0x09 (9) [202] : 0x18 (24) [203] : 0x00 (0) [204] : 0x0c (12) [205] : 0x00 (0) [206] : 0x0f (15) [207] : 0x10 (16) [208] : 0x01 (1) [209] : 0x02 (2) [210] : 0x00 (0) [211] : 0x00 (0) [212] : 0x00 (0) [213] : 0x00 (0) [214] : 0x00 (0) [215] : 0x05 (5) [216] : 0x20 (32) [217] : 0x00 (0) [218] : 0x00 (0) [219] : 0x00 (0) [220] : 0x26 (38) [221] : 0x02 (2) [222] : 0x00 (0) [223] : 0x00 (0) [224] : 0x00 (0) [225] : 0x02 (2) [226] : 0x18 (24) [227] : 0x00 (0) [228] : 0x0c (12) [229] : 0x00 (0) [230] : 0x0f (15) [231] : 0x10 (16) [232] : 0x01 (1) [233] : 0x02 (2) [234] : 0x00 (0) [235] : 0x00 (0) [236] : 0x00 (0) [237] : 0x00 (0) [238] : 0x00 (0) [239] : 0x05 (5) [240] : 0x20 (32) [241] : 0x00 (0) [242] : 0x00 (0) [243] : 0x00 (0) [244] : 0x26 (38) [245] : 0x02 (2) [246] : 0x00 (0) [247] : 0x00 (0) data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x000000f8 (248) result : WERR_OK [2013/11/07 14:24:54.595570, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000147-0000-0000-7b52-a6947f2c0000 [2013/11/07 14:24:54.595855, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 47 01 00 00 00 00 00 00 7B 52 A6 94 ....G... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:54.596004, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 47 01 00 00 00 00 00 00 7B 52 A6 94 ....G... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:54.596151, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:24:54.596237, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (4->3) [2013/11/07 14:24:54.596321, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:24:54.596700, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000146-0000-0000-7b52-a6947f2c0000 [2013/11/07 14:24:54.596978, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 46 01 00 00 00 00 00 00 7B 52 A6 94 ....F... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:54.597130, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 46 01 00 00 00 00 00 00 7B 52 A6 94 ....F... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:54.597312, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:24:54.597397, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (3->2) [2013/11/07 14:24:54.597479, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:24:54.597817, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000145-0000-0000-7b52-a6947f2c0000 [2013/11/07 14:24:54.598096, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 45 01 00 00 00 00 00 00 7B 52 A6 94 ....E... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:54.598246, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 45 01 00 00 00 00 00 00 7B 52 A6 94 ....E... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:54.598396, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:24:54.598483, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (2->1) [2013/11/07 14:24:54.598566, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:24:54.598900, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000144-0000-0000-7b52-a6947f2c0000 [2013/11/07 14:24:54.599192, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 44 01 00 00 00 00 00 00 7B 52 A6 94 ....D... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:54.599340, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 44 01 00 00 00 00 00 00 7B 52 A6 94 ....D... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:54.599486, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:24:54.599569, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (1->0) [2013/11/07 14:24:54.599673, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:24:54.600010, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:416(close_policy_by_pipe) Deleted handle list for RPC connection \winreg [2013/11/07 14:24:54.600227, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) spoolss_GetPrinter: struct spoolss_GetPrinter out: struct spoolss_GetPrinter info : * info : union spoolss_PrinterInfo(case 2) info2: struct spoolss_PrinterInfo2 servername : * servername : '\\SLAVER' printername : * printername : '\\SLAVER\sprinter1' sharename : * sharename : 'sprinter1' portname : * portname : 'Samba Printer Port' drivername : * drivername : '' comment : * comment : '' location : * location : '' devmode : * devmode: struct spoolss_DeviceMode devicename : '\\SLAVER\sprinter1' specversion : DMSPEC_NT4_AND_ABOVE (1025) driverversion : 0x0400 (1024) size : 0x00dc (220) __driverextra_length : 0x0000 (0) fields : 0x00014713 (83731) 1: DEVMODE_ORIENTATION 1: DEVMODE_PAPERSIZE 0: DEVMODE_PAPERLENGTH 0: DEVMODE_PAPERWIDTH 1: DEVMODE_SCALE 0: DEVMODE_POSITION 0: DEVMODE_NUP 1: DEVMODE_COPIES 1: DEVMODE_DEFAULTSOURCE 1: DEVMODE_PRINTQUALITY 0: DEVMODE_COLOR 0: DEVMODE_DUPLEX 0: DEVMODE_YRESOLUTION 1: DEVMODE_TTOPTION 0: DEVMODE_COLLATE 1: DEVMODE_FORMNAME 0: DEVMODE_LOGPIXELS 0: DEVMODE_BITSPERPEL 0: DEVMODE_PELSWIDTH 0: DEVMODE_PELSHEIGHT 0: DEVMODE_DISPLAYFLAGS 0: DEVMODE_DISPLAYFREQUENCY 0: DEVMODE_ICMMETHOD 0: DEVMODE_ICMINTENT 0: DEVMODE_MEDIATYPE 0: DEVMODE_DITHERTYPE 0: DEVMODE_PANNINGWIDTH 0: DEVMODE_PANNINGHEIGHT orientation : DMORIENT_PORTRAIT (1) papersize : DMPAPER_LETTER (1) paperlength : 0x0000 (0) paperwidth : 0x0000 (0) scale : 0x0064 (100) copies : 0x0001 (1) defaultsource : DMBIN_FORMSOURCE (15) printquality : DMRES_HIGH (65532) color : DMRES_MONOCHROME (1) duplex : DMDUP_SIMPLEX (1) yresolution : 0x0000 (0) ttoption : DMTT_SUBDEV (3) collate : DMCOLLATE_FALSE (0) formname : 'Letter' logpixels : 0x0000 (0) bitsperpel : 0x00000000 (0) pelswidth : 0x00000000 (0) pelsheight : 0x00000000 (0) displayflags : UNKNOWN_ENUM_VALUE (0) displayfrequency : 0x00000000 (0) icmmethod : UNKNOWN_ENUM_VALUE (0) icmintent : UNKNOWN_ENUM_VALUE (0) mediatype : UNKNOWN_ENUM_VALUE (0) dithertype : UNKNOWN_ENUM_VALUE (0) reserved1 : 0x00000000 (0) reserved2 : 0x00000000 (0) panningwidth : 0x00000000 (0) panningheight : 0x00000000 (0) driverextra_data : DATA_BLOB length=0 sepfile : * sepfile : '' printprocessor : * printprocessor : 'winprint' datatype : * datatype : 'RAW' parameters : * parameters : '' secdesc : * secdesc: struct security_descriptor revision : SECURITY_DESCRIPTOR_REVISION_1 (1) type : 0x8004 (32772) 0: SEC_DESC_OWNER_DEFAULTED 0: SEC_DESC_GROUP_DEFAULTED 1: SEC_DESC_DACL_PRESENT 0: SEC_DESC_DACL_DEFAULTED 0: SEC_DESC_SACL_PRESENT 0: SEC_DESC_SACL_DEFAULTED 0: SEC_DESC_DACL_TRUSTED 0: SEC_DESC_SERVER_SECURITY 0: SEC_DESC_DACL_AUTO_INHERIT_REQ 0: SEC_DESC_SACL_AUTO_INHERIT_REQ 0: SEC_DESC_DACL_AUTO_INHERITED 0: SEC_DESC_SACL_AUTO_INHERITED 0: SEC_DESC_DACL_PROTECTED 0: SEC_DESC_SACL_PROTECTED 0: SEC_DESC_RM_CONTROL_VALID 1: SEC_DESC_SELF_RELATIVE owner_sid : * owner_sid : S-1-5-32-544 group_sid : * group_sid : S-1-5-32-544 sacl : NULL dacl : * dacl: struct security_acl revision : SECURITY_ACL_REVISION_NT4 (2) size : 0x00c4 (196) num_aces : 0x00000007 (7) aces: ARRAY(7) aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0014 (20) access_mask : 0x20020008 (537001992) object : union security_ace_object_ctr(case 0) trustee : S-1-1-0 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x09 (9) 1: SEC_ACE_FLAG_OBJECT_INHERIT 0: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 1: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0024 (36) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-21-1094127309-486540266-3527182606-512 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0024 (36) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-21-1094127309-486540266-3527182606-512 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x09 (9) 1: SEC_ACE_FLAG_OBJECT_INHERIT 0: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 1: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-544 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-544 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x09 (9) 1: SEC_ACE_FLAG_OBJECT_INHERIT 0: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 1: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-550 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-550 attributes : 0x00001048 (4168) 0: PRINTER_ATTRIBUTE_QUEUED 0: PRINTER_ATTRIBUTE_DIRECT 0: PRINTER_ATTRIBUTE_DEFAULT 1: PRINTER_ATTRIBUTE_SHARED 0: PRINTER_ATTRIBUTE_NETWORK 0: PRINTER_ATTRIBUTE_HIDDEN 1: PRINTER_ATTRIBUTE_LOCAL 0: PRINTER_ATTRIBUTE_ENABLE_DEVQ 0: PRINTER_ATTRIBUTE_KEEPPRINTEDJOBS 0: PRINTER_ATTRIBUTE_DO_COMPLETE_FIRST 0: PRINTER_ATTRIBUTE_WORK_OFFLINE 0: PRINTER_ATTRIBUTE_ENABLE_BIDI 1: PRINTER_ATTRIBUTE_RAW_ONLY 0: PRINTER_ATTRIBUTE_PUBLISHED 0: PRINTER_ATTRIBUTE_FAX 0: PRINTER_ATTRIBUTE_TS priority : 0x00000001 (1) defaultpriority : 0x00000001 (1) starttime : 0x00000000 (0) untiltime : 0x00000000 (0) status : 0x00000000 (0) 0: PRINTER_STATUS_PAUSED 0: PRINTER_STATUS_ERROR 0: PRINTER_STATUS_PENDING_DELETION 0: PRINTER_STATUS_PAPER_JAM 0: PRINTER_STATUS_PAPER_OUT 0: PRINTER_STATUS_MANUAL_FEED 0: PRINTER_STATUS_PAPER_PROBLEM 0: PRINTER_STATUS_OFFLINE 0: PRINTER_STATUS_IO_ACTIVE 0: PRINTER_STATUS_BUSY 0: PRINTER_STATUS_PRINTING 0: PRINTER_STATUS_OUTPUT_BIN_FULL 0: PRINTER_STATUS_NOT_AVAILABLE 0: PRINTER_STATUS_WAITING 0: PRINTER_STATUS_PROCESSING 0: PRINTER_STATUS_INITIALIZING 0: PRINTER_STATUS_WARMING_UP 0: PRINTER_STATUS_TONER_LOW 0: PRINTER_STATUS_NO_TONER 0: PRINTER_STATUS_PAGE_PUNT 0: PRINTER_STATUS_USER_INTERVENTION 0: PRINTER_STATUS_OUT_OF_MEMORY 0: PRINTER_STATUS_DOOR_OPEN 0: PRINTER_STATUS_SERVER_UNKNOWN 0: PRINTER_STATUS_POWER_SAVE cjobs : 0x00000000 (0) averageppm : 0x00000000 (0) needed : * needed : 0x000002f0 (752) result : WERR_OK [2013/11/07 14:24:54.611806, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1417(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2013/11/07 14:24:54.611931, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (2016, 5001) - sec_ctx_stack_ndx = 0 [2013/11/07 14:24:54.612020, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 4140 smbd_smb2_request_pending_queue: req->current_idx = 1 req->in.vector[0].iov_len = 0 req->in.vector[1].iov_len = 0 req->in.vector[2].iov_len = 64 req->in.vector[3].iov_len = 56 req->in.vector[4].iov_len = 4156 req->out.vector[0].iov_len = 4 req->out.vector[1].iov_len = 0 req->out.vector[2].iov_len = 64 req->out.vector[3].iov_len = 8 req->out.vector[4].iov_len = 0 [2013/11/07 14:24:54.612634, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:128(smbd_smb2_ioctl_pipe_write_done) smbd_smb2_ioctl_pipe_write_done: received 4156 [2013/11/07 14:24:54.612719, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:149(smbd_smb2_ioctl_pipe_write_done) smbd_smb2_ioctl_pipe_write_done: issuing np_read_send of size 4136 [2013/11/07 14:24:54.612805, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) name: \spoolss len: 4136 [2013/11/07 14:24:54.612889, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:347(read_from_internal_pipe) read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 4112. [2013/11/07 14:24:54.613002, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x1028 (4136) auth_length : 0x0000 (0) call_id : 0x0000000f (15) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00001010 (4112) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=4112 [0000] 04 00 02 00 00 10 00 00 EE 0F 00 00 C8 0F 00 00 ........ ........ [0010] B4 0F 00 00 8E 0F 00 00 8C 0F 00 00 8A 0F 00 00 ........ ........ [0020] 88 0F 00 00 8C 0E 00 00 86 0F 00 00 74 0F 00 00 ........ ....t... [0030] 6C 0F 00 00 6A 0F 00 00 94 0D 00 00 48 10 00 00 l...j... ....H... [0040] 01 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 01 00 04 80 ........ ........ [0DA0] D8 00 00 00 E8 00 00 00 00 00 00 00 14 00 00 00 ........ ........ [0DB0] 02 00 C4 00 07 00 00 00 00 02 14 00 08 00 02 20 ........ ....... [0DC0] 01 01 00 00 00 00 00 01 00 00 00 00 00 09 24 00 ........ ......$. [0DD0] 0C 00 0F 10 01 05 00 00 00 00 00 05 15 00 00 00 ........ ........ [0DE0] CD 0E 37 41 EA 03 00 1D 0E 89 3C D2 00 02 00 00 ..7A.... ..<..... [0DF0] 00 02 24 00 0C 00 0F 10 01 05 00 00 00 00 00 05 ..$..... ........ [0E00] 15 00 00 00 CD 0E 37 41 EA 03 00 1D 0E 89 3C D2 ......7A ......<. [0E10] 00 02 00 00 00 09 18 00 0C 00 0F 10 01 02 00 00 ........ ........ [0E20] 00 00 00 05 20 00 00 00 20 02 00 00 00 02 18 00 .... ... ....... [0E30] 0C 00 0F 10 01 02 00 00 00 00 00 05 20 00 00 00 ........ .... ... [0E40] 20 02 00 00 00 09 18 00 0C 00 0F 10 01 02 00 00 ....... ........ [0E50] 00 00 00 05 20 00 00 00 26 02 00 00 00 02 18 00 .... ... &....... [0E60] 0C 00 0F 10 01 02 00 00 00 00 00 05 20 00 00 00 ........ .... ... [0E70] 26 02 00 00 01 02 00 00 00 00 00 05 20 00 00 00 &....... .... ... [0E80] 20 02 00 00 01 02 00 00 00 00 00 05 20 00 00 00 ....... .... ... [0E90] 20 02 00 00 5C 00 5C 00 53 00 4C 00 41 00 56 00 ...\.\. S.L.A.V. [0EA0] 45 00 52 00 5C 00 73 00 70 00 72 00 69 00 6E 00 E.R.\.s. p.r.i.n. [0EB0] 74 00 65 00 72 00 31 00 00 00 00 00 00 00 00 00 t.e.r.1. ........ [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0ED0] 00 00 00 00 01 04 00 04 DC 00 00 00 13 47 01 00 ........ .....G.. [0EE0] 01 00 01 00 00 00 00 00 64 00 01 00 0F 00 FC FF ........ d....... [0EF0] 01 00 01 00 00 00 03 00 00 00 4C 00 65 00 74 00 ........ ..L.e.t. [0F00] 74 00 65 00 72 00 00 00 00 00 00 00 00 00 00 00 t.e.r... ........ [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F70] 00 00 00 00 52 00 41 00 57 00 00 00 77 00 69 00 ....R.A. W...w.i. [0F80] 6E 00 70 00 72 00 69 00 6E 00 74 00 00 00 00 00 n.p.r.i. n.t..... [0F90] 00 00 00 00 00 00 53 00 61 00 6D 00 62 00 61 00 ......S. a.m.b.a. [0FA0] 20 00 50 00 72 00 69 00 6E 00 74 00 65 00 72 00 .P.r.i. n.t.e.r. [0FB0] 20 00 50 00 6F 00 72 00 74 00 00 00 73 00 70 00 .P.o.r. t...s.p. [0FC0] 72 00 69 00 6E 00 74 00 65 00 72 00 31 00 00 00 r.i.n.t. e.r.1... [0FD0] 5C 00 5C 00 53 00 4C 00 41 00 56 00 45 00 52 00 \.\.S.L. A.V.E.R. [0FE0] 5C 00 73 00 70 00 72 00 69 00 6E 00 74 00 65 00 \.s.p.r. i.n.t.e. [0FF0] 72 00 31 00 00 00 5C 00 5C 00 53 00 4C 00 41 00 r.1...\. \.S.L.A. [1000] 56 00 45 00 52 00 00 00 F0 02 00 00 00 00 00 00 V.E.R... ........ [2013/11/07 14:24:54.631430, 3, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) free_pipe_context: destroying talloc pool of size 1258 [2013/11/07 14:24:54.631553, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 4136 bytes. There is no more data outstanding [2013/11/07 14:24:54.631636, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:178(smbd_smb2_ioctl_pipe_read_done) smbd_smb2_ioctl_pipe_read_done: np_read_recv nread = 4136 is_data_outstanding = 0, status = NT_STATUS_OK [2013/11/07 14:24:54.631726, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl.c:291(smbd_smb2_request_ioctl_done) smbd_smb2_request_ioctl_done: smbd_smb2_ioctl_recv returned 4136 status NT_STATUS_OK [2013/11/07 14:24:54.631810, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[48] dyn[yes:4136] at ../source3/smbd/smb2_ioctl.c:358 [2013/11/07 14:24:54.631897, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/182/127 [2013/11/07 14:24:54.638059, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) smbd_smb2_request_incoming: idx[1] of 5 vectors [2013/11/07 14:24:54.638419, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) smb2_validate_sequence_number: clearing id 182 (position 182) from bitmap [2013/11/07 14:24:54.638653, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) smbd_smb2_request_dispatch: opcode[SMB2_OP_IOCTL] mid = 182 [2013/11/07 14:24:54.638914, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2013/11/07 14:24:54.639134, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) mid 182, CreditCharge: 1, NeededCharge: 1 [2013/11/07 14:24:54.639341, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl.c:394(smbd_smb2_ioctl_send) smbd_smb2_ioctl: ctl_code[0x0011c017] spoolss, fnum 3571729150 [2013/11/07 14:24:54.639561, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:59(smb2_ioctl_named_pipe) smbd_smb2_ioctl_send: np_write_send of size 4156 [2013/11/07 14:24:54.639766, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 4156 [2013/11/07 14:24:54.639970, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 4156 [2013/11/07 14:24:54.640222, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 4156 [2013/11/07 14:24:54.640500, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) fill_rpc_header: data_to_copy = 4156, len_needed_to_complete_hdr = 16, receive_len = 0 [2013/11/07 14:24:54.640716, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 16 [2013/11/07 14:24:54.640916, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 4140 [2013/11/07 14:24:54.641115, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 4140 [2013/11/07 14:24:54.641359, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 0 [2013/11/07 14:24:54.641559, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 4140 [2013/11/07 14:24:54.641757, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 4140, incoming data = 4140 [2013/11/07 14:24:54.641968, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) PDU is in Little Endian format! [2013/11/07 14:24:54.642197, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x103c (4156) auth_length : 0x0000 (0) call_id : 0x00000010 (16) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x00001024 (4132) context_id : 0x0000 (0) opnum : 0x0008 (8) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=4132 [0000] 00 00 00 00 0F 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 02 00 00 00 00 00 02 00 00 10 00 00 .,...... ........ [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1020] 00 10 00 00 .... [2013/11/07 14:24:54.670288, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) Processing packet type 0 [2013/11/07 14:24:54.670381, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1472(dcesrv_auth_request) Checking request auth. [2013/11/07 14:24:54.670476, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(2016, 5001) : sec_ctx_stack_ndx = 1 [2013/11/07 14:24:54.670569, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (2016, 5001) - sec_ctx_stack_ndx = 1 [2013/11/07 14:24:54.670653, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (7): SID[ 0]: S-1-5-21-1094127309-486540266-3527182606-1118 SID[ 1]: S-1-5-21-1094127309-486540266-3527182606-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-32-545 SID[ 6]: S-1-5-32-554 Privileges (0x 800000): Privilege[ 0]: SeChangeNotifyPrivilege Rights (0x 400): Right[ 0]: SeRemoteInteractiveLogonRight [2013/11/07 14:24:54.671155, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 2016 Primary group is 5001 and contains 6 supplementary groups Group[ 0]: 5001 Group[ 1]: 5012 Group[ 2]: 5032 Group[ 3]: 5010 Group[ 4]: 5067 Group[ 5]: 5052 [2013/11/07 14:24:54.671506, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1324(api_pipe_request) Requested \spoolss rpc service [2013/11/07 14:24:54.671595, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1356(api_rpcTNP) api_rpcTNP: \spoolss op 0x8 - api_rpcTNP: rpc command: SPOOLSS_GETPRINTER [2013/11/07 14:24:54.671681, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1390(api_rpcTNP) api_rpc_cmds[8].fn == 0xb766e000 [2013/11/07 14:24:54.671772, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) spoolss_GetPrinter: struct spoolss_GetPrinter in: struct spoolss_GetPrinter handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000010f-0000-0000-7b52-a4947f2c0000 level : 0x00000002 (2) buffer : * buffer : DATA_BLOB length=4096 [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ offered : 0x00001000 (4096) [2013/11/07 14:24:54.689311, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0F 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:54.689470, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0F 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:54.689620, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:489(get_printer_snum) short name:sprinter1 [2013/11/07 14:24:54.689806, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) Create pipe requested \winreg [2013/11/07 14:24:54.689901, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:221(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \winreg [2013/11/07 14:24:54.689985, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg [2013/11/07 14:24:54.690127, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) Created internal pipe \winreg [2013/11/07 14:24:54.690244, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:24:54.690771, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2013/11/07 14:24:54.690857, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(2016, 5001) : sec_ctx_stack_ndx = 2 [2013/11/07 14:24:54.690945, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:485(push_conn_ctx) push_conn_ctx(2620291195) : conn_ctx_stack_ndx = 0 [2013/11/07 14:24:54.691026, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/11/07 14:24:54.691106, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/11/07 14:24:54.691186, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/11/07 14:24:54.691437, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (2016, 5001) - sec_ctx_stack_ndx = 1 [2013/11/07 14:24:54.691523, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:866(regdb_open) regdb_open: registry db opened. refcount reset (1) [2013/11/07 14:24:54.691609, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2013/11/07 14:24:54.691690, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2013/11/07 14:24:54.691774, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:54.691853, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM] [2013/11/07 14:24:54.691983, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2013/11/07 14:24:54.692087, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:24:54.692176, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 48 01 00 00 00 00 00 00 7B 52 A6 94 ....H... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:54.692330, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000148-0000-0000-7b52-a6947f2c0000 result : WERR_OK [2013/11/07 14:24:54.692761, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000148-0000-0000-7b52-a6947f2c0000 keyname: struct winreg_String name_len : 0x008c (140) name_size : 0x008c (140) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:24:54.693815, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 48 01 00 00 00 00 00 00 7B 52 A6 94 ....H... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:54.693976, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2013/11/07 14:24:54.694059, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (1->2) [2013/11/07 14:24:54.694143, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2013/11/07 14:24:54.694222, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2013/11/07 14:24:54.694306, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:54.694385, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE] [2013/11/07 14:24:54.694498, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2013/11/07 14:24:54.694599, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2013/11/07 14:24:54.694681, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (2->3) [2013/11/07 14:24:54.694766, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:54.694845, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:54.694929, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:54.695008, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:54.695113, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:54.695227, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2013/11/07 14:24:54.695309, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (3->4) [2013/11/07 14:24:54.695393, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:54.695473, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:54.695557, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:54.695636, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:54.695737, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:54.695841, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2013/11/07 14:24:54.695923, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (4->5) [2013/11/07 14:24:54.696008, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:54.696087, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:54.696172, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:54.696251, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:54.696376, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2013/11/07 14:24:54.696495, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (5->6) [2013/11/07 14:24:54.696581, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:54.696661, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:54.696750, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:54.696829, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:54.696952, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2013/11/07 14:24:54.697035, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (6->7) [2013/11/07 14:24:54.697122, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:54.697202, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:54.697302, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:54.697382, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:54.697486, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:54.697588, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [sprinter1] [2013/11/07 14:24:54.697671, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (7->8) [2013/11/07 14:24:54.697756, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:54.697838, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:54.697928, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:54.698008, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:54.698135, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:54.698240, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:24:54.698325, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (8->7) [2013/11/07 14:24:54.698409, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (7->6) [2013/11/07 14:24:54.698493, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (6->5) [2013/11/07 14:24:54.698576, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (5->4) [2013/11/07 14:24:54.698673, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (4->3) [2013/11/07 14:24:54.698756, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (3->2) [2013/11/07 14:24:54.698839, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 49 01 00 00 00 00 00 00 7B 52 A6 94 ....I... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:54.698990, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000149-0000-0000-7b52-a6947f2c0000 result : WERR_OK [2013/11/07 14:24:54.699339, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey in: struct winreg_QueryInfoKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000149-0000-0000-7b52-a6947f2c0000 classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL [2013/11/07 14:24:54.699812, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 49 01 00 00 00 00 00 00 7B 52 A6 94 ....I... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:54.699968, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' (ops 0xb6d86bc0) [2013/11/07 14:24:54.700051, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:54.700170, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[0]: name[Attributes] len[4] [2013/11/07 14:24:54.700255, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[1]: name[Description] len[2] [2013/11/07 14:24:54.700338, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[2]: name[Datatype] len[8] [2013/11/07 14:24:54.700455, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[3]: name[Default Priority] len[4] [2013/11/07 14:24:54.700539, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[4]: name[Port] len[38] [2013/11/07 14:24:54.700623, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[5]: name[Name] len[20] [2013/11/07 14:24:54.700731, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[6]: name[Print Processor] len[18] [2013/11/07 14:24:54.700816, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[7]: name[Priority] len[4] [2013/11/07 14:24:54.700900, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[8]: name[Security] len[248] [2013/11/07 14:24:54.700985, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[9]: name[Share Name] len[20] [2013/11/07 14:24:54.701070, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[10]: name[StartTime] len[4] [2013/11/07 14:24:54.701155, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[11]: name[UntilTime] len[4] [2013/11/07 14:24:54.701240, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[12]: name[ChangeID] len[4] [2013/11/07 14:24:54.701338, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:54.701443, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey out: struct winreg_QueryInfoKey classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL num_subkeys : * num_subkeys : 0x00000003 (3) max_subkeylen : * max_subkeylen : 0x00000022 (34) max_classlen : * max_classlen : 0x00000000 (0) num_values : * num_values : 0x0000000d (13) max_valnamelen : * max_valnamelen : 0x00000022 (34) max_valbufsize : * max_valbufsize : 0x000000f8 (248) secdescsize : * secdescsize : 0x00000078 (120) last_changed_time : * last_changed_time : NTTIME(0) result : WERR_OK [2013/11/07 14:24:54.702430, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000149-0000-0000-7b52-a6947f2c0000 enum_index : 0x00000000 (0) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:54.703295, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 49 01 00 00 00 00 00 00 7B 52 A6 94 ....I... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:54.703445, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:54.703533, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0016 (22) size : 0x0024 (36) name : * name : 'Attributes' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x48 (72) [1] : 0x10 (16) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:54.704451, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000149-0000-0000-7b52-a6947f2c0000 enum_index : 0x00000001 (1) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:54.705331, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 49 01 00 00 00 00 00 00 7B 52 A6 94 ....I... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:54.705481, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:54.705586, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0018 (24) size : 0x0024 (36) name : * name : 'Description' type : * type : REG_SZ (1) value : * value: ARRAY(2) [0] : 0x00 (0) [1] : 0x00 (0) size : * size : 0x00000002 (2) length : * length : 0x00000002 (2) result : WERR_OK [2013/11/07 14:24:54.706376, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000149-0000-0000-7b52-a6947f2c0000 enum_index : 0x00000002 (2) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:54.707222, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 49 01 00 00 00 00 00 00 7B 52 A6 94 ....I... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:54.707370, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:54.707457, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Datatype' type : * type : REG_SZ (1) value : * value: ARRAY(8) [0] : 0x52 (82) [1] : 0x00 (0) [2] : 0x41 (65) [3] : 0x00 (0) [4] : 0x57 (87) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) size : * size : 0x00000008 (8) length : * length : 0x00000008 (8) result : WERR_OK [2013/11/07 14:24:54.708585, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000149-0000-0000-7b52-a6947f2c0000 enum_index : 0x00000003 (3) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:54.709445, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 49 01 00 00 00 00 00 00 7B 52 A6 94 ....I... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:54.709597, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:54.709685, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0022 (34) size : 0x0024 (36) name : * name : 'Default Priority' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:54.710550, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000149-0000-0000-7b52-a6947f2c0000 enum_index : 0x00000004 (4) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:54.711425, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 49 01 00 00 00 00 00 00 7B 52 A6 94 ....I... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:54.711574, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:54.711660, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x000a (10) size : 0x0024 (36) name : * name : 'Port' type : * type : REG_SZ (1) value : * value: ARRAY(38) [0] : 0x53 (83) [1] : 0x00 (0) [2] : 0x61 (97) [3] : 0x00 (0) [4] : 0x6d (109) [5] : 0x00 (0) [6] : 0x62 (98) [7] : 0x00 (0) [8] : 0x61 (97) [9] : 0x00 (0) [10] : 0x20 (32) [11] : 0x00 (0) [12] : 0x50 (80) [13] : 0x00 (0) [14] : 0x72 (114) [15] : 0x00 (0) [16] : 0x69 (105) [17] : 0x00 (0) [18] : 0x6e (110) [19] : 0x00 (0) [20] : 0x74 (116) [21] : 0x00 (0) [22] : 0x65 (101) [23] : 0x00 (0) [24] : 0x72 (114) [25] : 0x00 (0) [26] : 0x20 (32) [27] : 0x00 (0) [28] : 0x50 (80) [29] : 0x00 (0) [30] : 0x6f (111) [31] : 0x00 (0) [32] : 0x72 (114) [33] : 0x00 (0) [34] : 0x74 (116) [35] : 0x00 (0) [36] : 0x00 (0) [37] : 0x00 (0) size : * size : 0x00000026 (38) length : * length : 0x00000026 (38) result : WERR_OK [2013/11/07 14:24:54.713976, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000149-0000-0000-7b52-a6947f2c0000 enum_index : 0x00000005 (5) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:54.714830, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 49 01 00 00 00 00 00 00 7B 52 A6 94 ....I... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:54.714979, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:54.715066, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x000a (10) size : 0x0024 (36) name : * name : 'Name' type : * type : REG_SZ (1) value : * value: ARRAY(20) [0] : 0x73 (115) [1] : 0x00 (0) [2] : 0x70 (112) [3] : 0x00 (0) [4] : 0x72 (114) [5] : 0x00 (0) [6] : 0x69 (105) [7] : 0x00 (0) [8] : 0x6e (110) [9] : 0x00 (0) [10] : 0x74 (116) [11] : 0x00 (0) [12] : 0x65 (101) [13] : 0x00 (0) [14] : 0x72 (114) [15] : 0x00 (0) [16] : 0x31 (49) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) size : * size : 0x00000014 (20) length : * length : 0x00000014 (20) result : WERR_OK [2013/11/07 14:24:54.716598, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000149-0000-0000-7b52-a6947f2c0000 enum_index : 0x00000006 (6) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:54.717477, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 49 01 00 00 00 00 00 00 7B 52 A6 94 ....I... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:54.717626, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:54.717717, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0020 (32) size : 0x0024 (36) name : * name : 'Print Processor' type : * type : REG_SZ (1) value : * value: ARRAY(18) [0] : 0x77 (119) [1] : 0x00 (0) [2] : 0x69 (105) [3] : 0x00 (0) [4] : 0x6e (110) [5] : 0x00 (0) [6] : 0x70 (112) [7] : 0x00 (0) [8] : 0x72 (114) [9] : 0x00 (0) [10] : 0x69 (105) [11] : 0x00 (0) [12] : 0x6e (110) [13] : 0x00 (0) [14] : 0x74 (116) [15] : 0x00 (0) [16] : 0x00 (0) [17] : 0x00 (0) size : * size : 0x00000012 (18) length : * length : 0x00000012 (18) result : WERR_OK [2013/11/07 14:24:54.719120, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000149-0000-0000-7b52-a6947f2c0000 enum_index : 0x00000007 (7) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:54.719983, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 49 01 00 00 00 00 00 00 7B 52 A6 94 ....I... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:54.720131, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:54.720218, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Priority' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:54.721264, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000149-0000-0000-7b52-a6947f2c0000 enum_index : 0x00000008 (8) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:54.722148, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 49 01 00 00 00 00 00 00 7B 52 A6 94 ....I... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:54.722301, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:54.722389, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Security' type : * type : REG_BINARY (3) value : * value: ARRAY(248) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0xc4 (196) [55] : 0x00 (0) [56] : 0x07 (7) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x24 (36) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x05 (5) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x15 (21) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0xcd (205) [101] : 0x0e (14) [102] : 0x37 (55) [103] : 0x41 (65) [104] : 0xea (234) [105] : 0x03 (3) [106] : 0x00 (0) [107] : 0x1d (29) [108] : 0x0e (14) [109] : 0x89 (137) [110] : 0x3c (60) [111] : 0xd2 (210) [112] : 0x00 (0) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x02 (2) [118] : 0x24 (36) [119] : 0x00 (0) [120] : 0x0c (12) [121] : 0x00 (0) [122] : 0x0f (15) [123] : 0x10 (16) [124] : 0x01 (1) [125] : 0x05 (5) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x05 (5) [132] : 0x15 (21) [133] : 0x00 (0) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0xcd (205) [137] : 0x0e (14) [138] : 0x37 (55) [139] : 0x41 (65) [140] : 0xea (234) [141] : 0x03 (3) [142] : 0x00 (0) [143] : 0x1d (29) [144] : 0x0e (14) [145] : 0x89 (137) [146] : 0x3c (60) [147] : 0xd2 (210) [148] : 0x00 (0) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x09 (9) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x20 (32) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x02 (2) [178] : 0x18 (24) [179] : 0x00 (0) [180] : 0x0c (12) [181] : 0x00 (0) [182] : 0x0f (15) [183] : 0x10 (16) [184] : 0x01 (1) [185] : 0x02 (2) [186] : 0x00 (0) [187] : 0x00 (0) [188] : 0x00 (0) [189] : 0x00 (0) [190] : 0x00 (0) [191] : 0x05 (5) [192] : 0x20 (32) [193] : 0x00 (0) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x20 (32) [197] : 0x02 (2) [198] : 0x00 (0) [199] : 0x00 (0) [200] : 0x00 (0) [201] : 0x09 (9) [202] : 0x18 (24) [203] : 0x00 (0) [204] : 0x0c (12) [205] : 0x00 (0) [206] : 0x0f (15) [207] : 0x10 (16) [208] : 0x01 (1) [209] : 0x02 (2) [210] : 0x00 (0) [211] : 0x00 (0) [212] : 0x00 (0) [213] : 0x00 (0) [214] : 0x00 (0) [215] : 0x05 (5) [216] : 0x20 (32) [217] : 0x00 (0) [218] : 0x00 (0) [219] : 0x00 (0) [220] : 0x26 (38) [221] : 0x02 (2) [222] : 0x00 (0) [223] : 0x00 (0) [224] : 0x00 (0) [225] : 0x02 (2) [226] : 0x18 (24) [227] : 0x00 (0) [228] : 0x0c (12) [229] : 0x00 (0) [230] : 0x0f (15) [231] : 0x10 (16) [232] : 0x01 (1) [233] : 0x02 (2) [234] : 0x00 (0) [235] : 0x00 (0) [236] : 0x00 (0) [237] : 0x00 (0) [238] : 0x00 (0) [239] : 0x05 (5) [240] : 0x20 (32) [241] : 0x00 (0) [242] : 0x00 (0) [243] : 0x00 (0) [244] : 0x26 (38) [245] : 0x02 (2) [246] : 0x00 (0) [247] : 0x00 (0) size : * size : 0x000000f8 (248) length : * length : 0x000000f8 (248) result : WERR_OK [2013/11/07 14:24:54.732936, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000149-0000-0000-7b52-a6947f2c0000 enum_index : 0x00000009 (9) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:54.733827, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 49 01 00 00 00 00 00 00 7B 52 A6 94 ....I... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:54.733977, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:54.734065, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0016 (22) size : 0x0024 (36) name : * name : 'Share Name' type : * type : REG_SZ (1) value : * value: ARRAY(20) [0] : 0x73 (115) [1] : 0x00 (0) [2] : 0x70 (112) [3] : 0x00 (0) [4] : 0x72 (114) [5] : 0x00 (0) [6] : 0x69 (105) [7] : 0x00 (0) [8] : 0x6e (110) [9] : 0x00 (0) [10] : 0x74 (116) [11] : 0x00 (0) [12] : 0x65 (101) [13] : 0x00 (0) [14] : 0x72 (114) [15] : 0x00 (0) [16] : 0x31 (49) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) size : * size : 0x00000014 (20) length : * length : 0x00000014 (20) result : WERR_OK [2013/11/07 14:24:54.735560, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000149-0000-0000-7b52-a6947f2c0000 enum_index : 0x0000000a (10) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:54.736450, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 49 01 00 00 00 00 00 00 7B 52 A6 94 ....I... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:54.736599, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:54.736687, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0014 (20) size : 0x0024 (36) name : * name : 'StartTime' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:54.737585, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000149-0000-0000-7b52-a6947f2c0000 enum_index : 0x0000000b (11) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:54.738449, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 49 01 00 00 00 00 00 00 7B 52 A6 94 ....I... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:54.738612, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:54.738699, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0014 (20) size : 0x0024 (36) name : * name : 'UntilTime' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:54.739571, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000149-0000-0000-7b52-a6947f2c0000 enum_index : 0x0000000c (12) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:54.740459, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 49 01 00 00 00 00 00 00 7B 52 A6 94 ....I... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:54.740608, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:54.740694, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'ChangeID' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x33 (51) [1] : 0xac (172) [2] : 0x0e (14) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:54.741657, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000149-0000-0000-7b52-a6947f2c0000 value_name : * value_name: struct winreg_String name_len : 0x0020 (32) name_size : 0x0020 (32) name : * name : 'Default DevMode' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2013/11/07 14:24:54.742433, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 49 01 00 00 00 00 00 00 7B 52 A6 94 ....I... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:54.742582, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:54.742664, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2013/11/07 14:24:54.742753, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:316(_winreg_QueryValue) _winreg_QueryValue: reg_queryvalue failed with: WERR_BADFILE [2013/11/07 14:24:54.742834, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) result : WERR_BADFILE [2013/11/07 14:24:54.743292, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:24:54.743813, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2013/11/07 14:24:54.743896, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (2->3) [2013/11/07 14:24:54.743981, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2013/11/07 14:24:54.744061, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2013/11/07 14:24:54.744145, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:54.744225, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM] [2013/11/07 14:24:54.744344, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2013/11/07 14:24:54.744478, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:24:54.744567, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[3] [0000] 00 00 00 00 4A 01 00 00 00 00 00 00 7B 52 A6 94 ....J... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:54.744717, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000014a-0000-0000-7b52-a6947f2c0000 result : WERR_OK [2013/11/07 14:24:54.745064, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000014a-0000-0000-7b52-a6947f2c0000 keyname: struct winreg_String name_len : 0x008c (140) name_size : 0x008c (140) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:24:54.746101, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 4A 01 00 00 00 00 00 00 7B 52 A6 94 ....J... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:54.746258, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2013/11/07 14:24:54.746340, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (3->4) [2013/11/07 14:24:54.746425, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2013/11/07 14:24:54.746505, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2013/11/07 14:24:54.746588, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:54.746668, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE] [2013/11/07 14:24:54.746778, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2013/11/07 14:24:54.746878, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2013/11/07 14:24:54.746960, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (4->5) [2013/11/07 14:24:54.747044, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:54.747124, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:54.747207, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:54.747286, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:54.747393, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:54.747493, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2013/11/07 14:24:54.747576, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (5->6) [2013/11/07 14:24:54.747660, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:54.747740, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:54.747824, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:54.747903, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:54.748019, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:54.748120, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2013/11/07 14:24:54.748201, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (6->7) [2013/11/07 14:24:54.748287, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:54.748367, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:54.748485, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:54.748564, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:54.748688, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2013/11/07 14:24:54.748771, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (7->8) [2013/11/07 14:24:54.748859, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:54.748940, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:54.749028, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:54.749107, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:54.749215, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2013/11/07 14:24:54.749311, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (8->9) [2013/11/07 14:24:54.749397, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:54.749478, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:54.749568, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:54.749648, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:54.749768, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:54.749870, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [sprinter1] [2013/11/07 14:24:54.749953, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (9->10) [2013/11/07 14:24:54.750038, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:54.750119, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:54.750206, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:54.750286, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:54.750398, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:54.750500, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:24:54.750585, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (10->9) [2013/11/07 14:24:54.750669, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (9->8) [2013/11/07 14:24:54.750753, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (8->7) [2013/11/07 14:24:54.750836, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (7->6) [2013/11/07 14:24:54.750920, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (6->5) [2013/11/07 14:24:54.751003, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (5->4) [2013/11/07 14:24:54.751088, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[4] [0000] 00 00 00 00 4B 01 00 00 00 00 00 00 7B 52 A6 94 ....K... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:54.751239, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000014b-0000-0000-7b52-a6947f2c0000 result : WERR_OK [2013/11/07 14:24:54.751603, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000014b-0000-0000-7b52-a6947f2c0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2013/11/07 14:24:54.752378, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 4B 01 00 00 00 00 00 00 7B 52 A6 94 ....K... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:54.752557, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:54.752640, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2013/11/07 14:24:54.752722, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' (ops 0xb6d86bc0) [2013/11/07 14:24:54.752806, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:54.752913, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[0]: name[Attributes] len[4] [2013/11/07 14:24:54.752997, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[1]: name[Description] len[2] [2013/11/07 14:24:54.753081, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[2]: name[Datatype] len[8] [2013/11/07 14:24:54.753165, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[3]: name[Default Priority] len[4] [2013/11/07 14:24:54.753250, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[4]: name[Port] len[38] [2013/11/07 14:24:54.753366, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[5]: name[Name] len[20] [2013/11/07 14:24:54.753464, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[6]: name[Print Processor] len[18] [2013/11/07 14:24:54.753549, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[7]: name[Priority] len[4] [2013/11/07 14:24:54.753634, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[8]: name[Security] len[248] [2013/11/07 14:24:54.753719, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[9]: name[Share Name] len[20] [2013/11/07 14:24:54.753804, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[10]: name[StartTime] len[4] [2013/11/07 14:24:54.753889, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[11]: name[UntilTime] len[4] [2013/11/07 14:24:54.753974, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[12]: name[ChangeID] len[4] [2013/11/07 14:24:54.754060, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : NULL data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x00000000 (0) result : WERR_OK [2013/11/07 14:24:54.754520, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000014b-0000-0000-7b52-a6947f2c0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_BINARY (3) data : * data: ARRAY(0) data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x00000000 (0) [2013/11/07 14:24:54.755337, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 4B 01 00 00 00 00 00 00 7B 52 A6 94 ....K... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:54.755486, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:54.755568, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2013/11/07 14:24:54.755670, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : * data: ARRAY(248) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0xc4 (196) [55] : 0x00 (0) [56] : 0x07 (7) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x24 (36) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x05 (5) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x15 (21) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0xcd (205) [101] : 0x0e (14) [102] : 0x37 (55) [103] : 0x41 (65) [104] : 0xea (234) [105] : 0x03 (3) [106] : 0x00 (0) [107] : 0x1d (29) [108] : 0x0e (14) [109] : 0x89 (137) [110] : 0x3c (60) [111] : 0xd2 (210) [112] : 0x00 (0) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x02 (2) [118] : 0x24 (36) [119] : 0x00 (0) [120] : 0x0c (12) [121] : 0x00 (0) [122] : 0x0f (15) [123] : 0x10 (16) [124] : 0x01 (1) [125] : 0x05 (5) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x05 (5) [132] : 0x15 (21) [133] : 0x00 (0) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0xcd (205) [137] : 0x0e (14) [138] : 0x37 (55) [139] : 0x41 (65) [140] : 0xea (234) [141] : 0x03 (3) [142] : 0x00 (0) [143] : 0x1d (29) [144] : 0x0e (14) [145] : 0x89 (137) [146] : 0x3c (60) [147] : 0xd2 (210) [148] : 0x00 (0) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x09 (9) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x20 (32) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x02 (2) [178] : 0x18 (24) [179] : 0x00 (0) [180] : 0x0c (12) [181] : 0x00 (0) [182] : 0x0f (15) [183] : 0x10 (16) [184] : 0x01 (1) [185] : 0x02 (2) [186] : 0x00 (0) [187] : 0x00 (0) [188] : 0x00 (0) [189] : 0x00 (0) [190] : 0x00 (0) [191] : 0x05 (5) [192] : 0x20 (32) [193] : 0x00 (0) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x20 (32) [197] : 0x02 (2) [198] : 0x00 (0) [199] : 0x00 (0) [200] : 0x00 (0) [201] : 0x09 (9) [202] : 0x18 (24) [203] : 0x00 (0) [204] : 0x0c (12) [205] : 0x00 (0) [206] : 0x0f (15) [207] : 0x10 (16) [208] : 0x01 (1) [209] : 0x02 (2) [210] : 0x00 (0) [211] : 0x00 (0) [212] : 0x00 (0) [213] : 0x00 (0) [214] : 0x00 (0) [215] : 0x05 (5) [216] : 0x20 (32) [217] : 0x00 (0) [218] : 0x00 (0) [219] : 0x00 (0) [220] : 0x26 (38) [221] : 0x02 (2) [222] : 0x00 (0) [223] : 0x00 (0) [224] : 0x00 (0) [225] : 0x02 (2) [226] : 0x18 (24) [227] : 0x00 (0) [228] : 0x0c (12) [229] : 0x00 (0) [230] : 0x0f (15) [231] : 0x10 (16) [232] : 0x01 (1) [233] : 0x02 (2) [234] : 0x00 (0) [235] : 0x00 (0) [236] : 0x00 (0) [237] : 0x00 (0) [238] : 0x00 (0) [239] : 0x05 (5) [240] : 0x20 (32) [241] : 0x00 (0) [242] : 0x00 (0) [243] : 0x00 (0) [244] : 0x26 (38) [245] : 0x02 (2) [246] : 0x00 (0) [247] : 0x00 (0) data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x000000f8 (248) result : WERR_OK [2013/11/07 14:24:54.766203, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000014b-0000-0000-7b52-a6947f2c0000 [2013/11/07 14:24:54.766491, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 4B 01 00 00 00 00 00 00 7B 52 A6 94 ....K... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:54.766642, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 4B 01 00 00 00 00 00 00 7B 52 A6 94 ....K... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:54.766790, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:24:54.766891, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (4->3) [2013/11/07 14:24:54.766975, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:24:54.767316, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000014a-0000-0000-7b52-a6947f2c0000 [2013/11/07 14:24:54.767596, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 4A 01 00 00 00 00 00 00 7B 52 A6 94 ....J... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:54.767749, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 4A 01 00 00 00 00 00 00 7B 52 A6 94 ....J... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:54.767901, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:24:54.767985, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (3->2) [2013/11/07 14:24:54.768068, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:24:54.768431, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000149-0000-0000-7b52-a6947f2c0000 [2013/11/07 14:24:54.768715, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 49 01 00 00 00 00 00 00 7B 52 A6 94 ....I... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:54.768866, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 49 01 00 00 00 00 00 00 7B 52 A6 94 ....I... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:54.769017, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:24:54.769105, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (2->1) [2013/11/07 14:24:54.769203, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:24:54.769553, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000148-0000-0000-7b52-a6947f2c0000 [2013/11/07 14:24:54.769832, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 48 01 00 00 00 00 00 00 7B 52 A6 94 ....H... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:54.769980, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 48 01 00 00 00 00 00 00 7B 52 A6 94 ....H... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:54.770127, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:24:54.770210, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (1->0) [2013/11/07 14:24:54.770316, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:24:54.770653, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:416(close_policy_by_pipe) Deleted handle list for RPC connection \winreg [2013/11/07 14:24:54.770870, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) spoolss_GetPrinter: struct spoolss_GetPrinter out: struct spoolss_GetPrinter info : * info : union spoolss_PrinterInfo(case 2) info2: struct spoolss_PrinterInfo2 servername : * servername : '\\SLAVER' printername : * printername : '\\SLAVER\sprinter1' sharename : * sharename : 'sprinter1' portname : * portname : 'Samba Printer Port' drivername : * drivername : '' comment : * comment : '' location : * location : '' devmode : * devmode: struct spoolss_DeviceMode devicename : '\\SLAVER\sprinter1' specversion : DMSPEC_NT4_AND_ABOVE (1025) driverversion : 0x0400 (1024) size : 0x00dc (220) __driverextra_length : 0x0000 (0) fields : 0x00014713 (83731) 1: DEVMODE_ORIENTATION 1: DEVMODE_PAPERSIZE 0: DEVMODE_PAPERLENGTH 0: DEVMODE_PAPERWIDTH 1: DEVMODE_SCALE 0: DEVMODE_POSITION 0: DEVMODE_NUP 1: DEVMODE_COPIES 1: DEVMODE_DEFAULTSOURCE 1: DEVMODE_PRINTQUALITY 0: DEVMODE_COLOR 0: DEVMODE_DUPLEX 0: DEVMODE_YRESOLUTION 1: DEVMODE_TTOPTION 0: DEVMODE_COLLATE 1: DEVMODE_FORMNAME 0: DEVMODE_LOGPIXELS 0: DEVMODE_BITSPERPEL 0: DEVMODE_PELSWIDTH 0: DEVMODE_PELSHEIGHT 0: DEVMODE_DISPLAYFLAGS 0: DEVMODE_DISPLAYFREQUENCY 0: DEVMODE_ICMMETHOD 0: DEVMODE_ICMINTENT 0: DEVMODE_MEDIATYPE 0: DEVMODE_DITHERTYPE 0: DEVMODE_PANNINGWIDTH 0: DEVMODE_PANNINGHEIGHT orientation : DMORIENT_PORTRAIT (1) papersize : DMPAPER_LETTER (1) paperlength : 0x0000 (0) paperwidth : 0x0000 (0) scale : 0x0064 (100) copies : 0x0001 (1) defaultsource : DMBIN_FORMSOURCE (15) printquality : DMRES_HIGH (65532) color : DMRES_MONOCHROME (1) duplex : DMDUP_SIMPLEX (1) yresolution : 0x0000 (0) ttoption : DMTT_SUBDEV (3) collate : DMCOLLATE_FALSE (0) formname : 'Letter' logpixels : 0x0000 (0) bitsperpel : 0x00000000 (0) pelswidth : 0x00000000 (0) pelsheight : 0x00000000 (0) displayflags : UNKNOWN_ENUM_VALUE (0) displayfrequency : 0x00000000 (0) icmmethod : UNKNOWN_ENUM_VALUE (0) icmintent : UNKNOWN_ENUM_VALUE (0) mediatype : UNKNOWN_ENUM_VALUE (0) dithertype : UNKNOWN_ENUM_VALUE (0) reserved1 : 0x00000000 (0) reserved2 : 0x00000000 (0) panningwidth : 0x00000000 (0) panningheight : 0x00000000 (0) driverextra_data : DATA_BLOB length=0 sepfile : * sepfile : '' printprocessor : * printprocessor : 'winprint' datatype : * datatype : 'RAW' parameters : * parameters : '' secdesc : * secdesc: struct security_descriptor revision : SECURITY_DESCRIPTOR_REVISION_1 (1) type : 0x8004 (32772) 0: SEC_DESC_OWNER_DEFAULTED 0: SEC_DESC_GROUP_DEFAULTED 1: SEC_DESC_DACL_PRESENT 0: SEC_DESC_DACL_DEFAULTED 0: SEC_DESC_SACL_PRESENT 0: SEC_DESC_SACL_DEFAULTED 0: SEC_DESC_DACL_TRUSTED 0: SEC_DESC_SERVER_SECURITY 0: SEC_DESC_DACL_AUTO_INHERIT_REQ 0: SEC_DESC_SACL_AUTO_INHERIT_REQ 0: SEC_DESC_DACL_AUTO_INHERITED 0: SEC_DESC_SACL_AUTO_INHERITED 0: SEC_DESC_DACL_PROTECTED 0: SEC_DESC_SACL_PROTECTED 0: SEC_DESC_RM_CONTROL_VALID 1: SEC_DESC_SELF_RELATIVE owner_sid : * owner_sid : S-1-5-32-544 group_sid : * group_sid : S-1-5-32-544 sacl : NULL dacl : * dacl: struct security_acl revision : SECURITY_ACL_REVISION_NT4 (2) size : 0x00c4 (196) num_aces : 0x00000007 (7) aces: ARRAY(7) aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0014 (20) access_mask : 0x20020008 (537001992) object : union security_ace_object_ctr(case 0) trustee : S-1-1-0 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x09 (9) 1: SEC_ACE_FLAG_OBJECT_INHERIT 0: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 1: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0024 (36) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-21-1094127309-486540266-3527182606-512 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0024 (36) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-21-1094127309-486540266-3527182606-512 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x09 (9) 1: SEC_ACE_FLAG_OBJECT_INHERIT 0: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 1: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-544 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-544 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x09 (9) 1: SEC_ACE_FLAG_OBJECT_INHERIT 0: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 1: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-550 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-550 attributes : 0x00001048 (4168) 0: PRINTER_ATTRIBUTE_QUEUED 0: PRINTER_ATTRIBUTE_DIRECT 0: PRINTER_ATTRIBUTE_DEFAULT 1: PRINTER_ATTRIBUTE_SHARED 0: PRINTER_ATTRIBUTE_NETWORK 0: PRINTER_ATTRIBUTE_HIDDEN 1: PRINTER_ATTRIBUTE_LOCAL 0: PRINTER_ATTRIBUTE_ENABLE_DEVQ 0: PRINTER_ATTRIBUTE_KEEPPRINTEDJOBS 0: PRINTER_ATTRIBUTE_DO_COMPLETE_FIRST 0: PRINTER_ATTRIBUTE_WORK_OFFLINE 0: PRINTER_ATTRIBUTE_ENABLE_BIDI 1: PRINTER_ATTRIBUTE_RAW_ONLY 0: PRINTER_ATTRIBUTE_PUBLISHED 0: PRINTER_ATTRIBUTE_FAX 0: PRINTER_ATTRIBUTE_TS priority : 0x00000001 (1) defaultpriority : 0x00000001 (1) starttime : 0x00000000 (0) untiltime : 0x00000000 (0) status : 0x00000000 (0) 0: PRINTER_STATUS_PAUSED 0: PRINTER_STATUS_ERROR 0: PRINTER_STATUS_PENDING_DELETION 0: PRINTER_STATUS_PAPER_JAM 0: PRINTER_STATUS_PAPER_OUT 0: PRINTER_STATUS_MANUAL_FEED 0: PRINTER_STATUS_PAPER_PROBLEM 0: PRINTER_STATUS_OFFLINE 0: PRINTER_STATUS_IO_ACTIVE 0: PRINTER_STATUS_BUSY 0: PRINTER_STATUS_PRINTING 0: PRINTER_STATUS_OUTPUT_BIN_FULL 0: PRINTER_STATUS_NOT_AVAILABLE 0: PRINTER_STATUS_WAITING 0: PRINTER_STATUS_PROCESSING 0: PRINTER_STATUS_INITIALIZING 0: PRINTER_STATUS_WARMING_UP 0: PRINTER_STATUS_TONER_LOW 0: PRINTER_STATUS_NO_TONER 0: PRINTER_STATUS_PAGE_PUNT 0: PRINTER_STATUS_USER_INTERVENTION 0: PRINTER_STATUS_OUT_OF_MEMORY 0: PRINTER_STATUS_DOOR_OPEN 0: PRINTER_STATUS_SERVER_UNKNOWN 0: PRINTER_STATUS_POWER_SAVE cjobs : 0x00000000 (0) averageppm : 0x00000000 (0) needed : * needed : 0x000002f0 (752) result : WERR_OK [2013/11/07 14:24:54.782510, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1417(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2013/11/07 14:24:54.782636, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (2016, 5001) - sec_ctx_stack_ndx = 0 [2013/11/07 14:24:54.782724, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 4140 smbd_smb2_request_pending_queue: req->current_idx = 1 req->in.vector[0].iov_len = 0 req->in.vector[1].iov_len = 0 req->in.vector[2].iov_len = 64 req->in.vector[3].iov_len = 56 req->in.vector[4].iov_len = 4156 req->out.vector[0].iov_len = 4 req->out.vector[1].iov_len = 0 req->out.vector[2].iov_len = 64 req->out.vector[3].iov_len = 8 req->out.vector[4].iov_len = 0 [2013/11/07 14:24:54.783233, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:128(smbd_smb2_ioctl_pipe_write_done) smbd_smb2_ioctl_pipe_write_done: received 4156 [2013/11/07 14:24:54.783333, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:149(smbd_smb2_ioctl_pipe_write_done) smbd_smb2_ioctl_pipe_write_done: issuing np_read_send of size 4136 [2013/11/07 14:24:54.783418, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) name: \spoolss len: 4136 [2013/11/07 14:24:54.783502, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:347(read_from_internal_pipe) read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 4112. [2013/11/07 14:24:54.783600, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x1028 (4136) auth_length : 0x0000 (0) call_id : 0x00000010 (16) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00001010 (4112) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=4112 [0000] 04 00 02 00 00 10 00 00 EE 0F 00 00 C8 0F 00 00 ........ ........ [0010] B4 0F 00 00 8E 0F 00 00 8C 0F 00 00 8A 0F 00 00 ........ ........ [0020] 88 0F 00 00 8C 0E 00 00 86 0F 00 00 74 0F 00 00 ........ ....t... [0030] 6C 0F 00 00 6A 0F 00 00 94 0D 00 00 48 10 00 00 l...j... ....H... [0040] 01 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 01 00 04 80 ........ ........ [0DA0] D8 00 00 00 E8 00 00 00 00 00 00 00 14 00 00 00 ........ ........ [0DB0] 02 00 C4 00 07 00 00 00 00 02 14 00 08 00 02 20 ........ ....... [0DC0] 01 01 00 00 00 00 00 01 00 00 00 00 00 09 24 00 ........ ......$. [0DD0] 0C 00 0F 10 01 05 00 00 00 00 00 05 15 00 00 00 ........ ........ [0DE0] CD 0E 37 41 EA 03 00 1D 0E 89 3C D2 00 02 00 00 ..7A.... ..<..... [0DF0] 00 02 24 00 0C 00 0F 10 01 05 00 00 00 00 00 05 ..$..... ........ [0E00] 15 00 00 00 CD 0E 37 41 EA 03 00 1D 0E 89 3C D2 ......7A ......<. [0E10] 00 02 00 00 00 09 18 00 0C 00 0F 10 01 02 00 00 ........ ........ [0E20] 00 00 00 05 20 00 00 00 20 02 00 00 00 02 18 00 .... ... ....... [0E30] 0C 00 0F 10 01 02 00 00 00 00 00 05 20 00 00 00 ........ .... ... [0E40] 20 02 00 00 00 09 18 00 0C 00 0F 10 01 02 00 00 ....... ........ [0E50] 00 00 00 05 20 00 00 00 26 02 00 00 00 02 18 00 .... ... &....... [0E60] 0C 00 0F 10 01 02 00 00 00 00 00 05 20 00 00 00 ........ .... ... [0E70] 26 02 00 00 01 02 00 00 00 00 00 05 20 00 00 00 &....... .... ... [0E80] 20 02 00 00 01 02 00 00 00 00 00 05 20 00 00 00 ....... .... ... [0E90] 20 02 00 00 5C 00 5C 00 53 00 4C 00 41 00 56 00 ...\.\. S.L.A.V. [0EA0] 45 00 52 00 5C 00 73 00 70 00 72 00 69 00 6E 00 E.R.\.s. p.r.i.n. [0EB0] 74 00 65 00 72 00 31 00 00 00 00 00 00 00 00 00 t.e.r.1. ........ [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0ED0] 00 00 00 00 01 04 00 04 DC 00 00 00 13 47 01 00 ........ .....G.. [0EE0] 01 00 01 00 00 00 00 00 64 00 01 00 0F 00 FC FF ........ d....... [0EF0] 01 00 01 00 00 00 03 00 00 00 4C 00 65 00 74 00 ........ ..L.e.t. [0F00] 74 00 65 00 72 00 00 00 00 00 00 00 00 00 00 00 t.e.r... ........ [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F70] 00 00 00 00 52 00 41 00 57 00 00 00 77 00 69 00 ....R.A. W...w.i. [0F80] 6E 00 70 00 72 00 69 00 6E 00 74 00 00 00 00 00 n.p.r.i. n.t..... [0F90] 00 00 00 00 00 00 53 00 61 00 6D 00 62 00 61 00 ......S. a.m.b.a. [0FA0] 20 00 50 00 72 00 69 00 6E 00 74 00 65 00 72 00 .P.r.i. n.t.e.r. [0FB0] 20 00 50 00 6F 00 72 00 74 00 00 00 73 00 70 00 .P.o.r. t...s.p. [0FC0] 72 00 69 00 6E 00 74 00 65 00 72 00 31 00 00 00 r.i.n.t. e.r.1... [0FD0] 5C 00 5C 00 53 00 4C 00 41 00 56 00 45 00 52 00 \.\.S.L. A.V.E.R. [0FE0] 5C 00 73 00 70 00 72 00 69 00 6E 00 74 00 65 00 \.s.p.r. i.n.t.e. [0FF0] 72 00 31 00 00 00 5C 00 5C 00 53 00 4C 00 41 00 r.1...\. \.S.L.A. [1000] 56 00 45 00 52 00 00 00 F0 02 00 00 00 00 00 00 V.E.R... ........ [2013/11/07 14:24:54.801909, 3, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) free_pipe_context: destroying talloc pool of size 1258 [2013/11/07 14:24:54.802028, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 4136 bytes. There is no more data outstanding [2013/11/07 14:24:54.802111, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:178(smbd_smb2_ioctl_pipe_read_done) smbd_smb2_ioctl_pipe_read_done: np_read_recv nread = 4136 is_data_outstanding = 0, status = NT_STATUS_OK [2013/11/07 14:24:54.802201, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl.c:291(smbd_smb2_request_ioctl_done) smbd_smb2_request_ioctl_done: smbd_smb2_ioctl_recv returned 4136 status NT_STATUS_OK [2013/11/07 14:24:54.802285, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[48] dyn[yes:4136] at ../source3/smbd/smb2_ioctl.c:358 [2013/11/07 14:24:54.802372, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/183/127 [2013/11/07 14:24:55.956760, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) smbd_smb2_request_incoming: idx[1] of 5 vectors [2013/11/07 14:24:55.957120, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) smb2_validate_sequence_number: clearing id 183 (position 183) from bitmap [2013/11/07 14:24:55.957375, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) smbd_smb2_request_dispatch: opcode[SMB2_OP_IOCTL] mid = 183 [2013/11/07 14:24:55.957658, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2013/11/07 14:24:55.957881, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) mid 183, CreditCharge: 1, NeededCharge: 1 [2013/11/07 14:24:55.958163, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl.c:394(smbd_smb2_ioctl_send) smbd_smb2_ioctl: ctl_code[0x0011c017] spoolss, fnum 3571729150 [2013/11/07 14:24:55.958388, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:59(smb2_ioctl_named_pipe) smbd_smb2_ioctl_send: np_write_send of size 4156 [2013/11/07 14:24:55.958593, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 4156 [2013/11/07 14:24:55.958799, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 4156 [2013/11/07 14:24:55.959001, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 4156 [2013/11/07 14:24:55.959204, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) fill_rpc_header: data_to_copy = 4156, len_needed_to_complete_hdr = 16, receive_len = 0 [2013/11/07 14:24:55.959410, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 16 [2013/11/07 14:24:55.959609, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 4140 [2013/11/07 14:24:55.959807, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 4140 [2013/11/07 14:24:55.960024, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 0 [2013/11/07 14:24:55.960222, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 4140 [2013/11/07 14:24:55.960491, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 4140, incoming data = 4140 [2013/11/07 14:24:55.960713, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) PDU is in Little Endian format! [2013/11/07 14:24:55.960947, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x103c (4156) auth_length : 0x0000 (0) call_id : 0x00000011 (17) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x00001024 (4132) context_id : 0x0000 (0) opnum : 0x0008 (8) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=4132 [0000] 00 00 00 00 0F 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 02 00 00 00 00 00 02 00 00 10 00 00 .,...... ........ [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1020] 00 10 00 00 .... [2013/11/07 14:24:55.991407, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) Processing packet type 0 [2013/11/07 14:24:55.991529, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1472(dcesrv_auth_request) Checking request auth. [2013/11/07 14:24:55.991633, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(2016, 5001) : sec_ctx_stack_ndx = 1 [2013/11/07 14:24:55.991726, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (2016, 5001) - sec_ctx_stack_ndx = 1 [2013/11/07 14:24:55.991811, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (7): SID[ 0]: S-1-5-21-1094127309-486540266-3527182606-1118 SID[ 1]: S-1-5-21-1094127309-486540266-3527182606-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-32-545 SID[ 6]: S-1-5-32-554 Privileges (0x 800000): Privilege[ 0]: SeChangeNotifyPrivilege Rights (0x 400): Right[ 0]: SeRemoteInteractiveLogonRight [2013/11/07 14:24:55.992300, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 2016 Primary group is 5001 and contains 6 supplementary groups Group[ 0]: 5001 Group[ 1]: 5012 Group[ 2]: 5032 Group[ 3]: 5010 Group[ 4]: 5067 Group[ 5]: 5052 [2013/11/07 14:24:55.992812, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1324(api_pipe_request) Requested \spoolss rpc service [2013/11/07 14:24:55.992904, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1356(api_rpcTNP) api_rpcTNP: \spoolss op 0x8 - api_rpcTNP: rpc command: SPOOLSS_GETPRINTER [2013/11/07 14:24:55.992990, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1390(api_rpcTNP) api_rpc_cmds[8].fn == 0xb766e000 [2013/11/07 14:24:55.993083, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) spoolss_GetPrinter: struct spoolss_GetPrinter in: struct spoolss_GetPrinter handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000010f-0000-0000-7b52-a4947f2c0000 level : 0x00000002 (2) buffer : * buffer : DATA_BLOB length=4096 [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ offered : 0x00001000 (4096) [2013/11/07 14:24:56.010601, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0F 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:56.010760, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0F 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:56.010910, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:489(get_printer_snum) short name:sprinter1 [2013/11/07 14:24:56.011101, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) Create pipe requested \winreg [2013/11/07 14:24:56.011194, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:221(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \winreg [2013/11/07 14:24:56.011278, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg [2013/11/07 14:24:56.011438, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) Created internal pipe \winreg [2013/11/07 14:24:56.011559, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:24:56.012146, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2013/11/07 14:24:56.012234, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(2016, 5001) : sec_ctx_stack_ndx = 2 [2013/11/07 14:24:56.012324, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:485(push_conn_ctx) push_conn_ctx(2620291195) : conn_ctx_stack_ndx = 0 [2013/11/07 14:24:56.012458, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/11/07 14:24:56.012541, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/11/07 14:24:56.012621, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/11/07 14:24:56.012879, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (2016, 5001) - sec_ctx_stack_ndx = 1 [2013/11/07 14:24:56.012966, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:866(regdb_open) regdb_open: registry db opened. refcount reset (1) [2013/11/07 14:24:56.013053, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2013/11/07 14:24:56.013134, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2013/11/07 14:24:56.013219, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:56.013330, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM] [2013/11/07 14:24:56.013466, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2013/11/07 14:24:56.013572, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:24:56.013662, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 4C 01 00 00 00 00 00 00 7B 52 A8 94 ....L... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:56.013816, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000014c-0000-0000-7b52-a8947f2c0000 result : WERR_OK [2013/11/07 14:24:56.014205, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000014c-0000-0000-7b52-a8947f2c0000 keyname: struct winreg_String name_len : 0x008c (140) name_size : 0x008c (140) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:24:56.015212, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 4C 01 00 00 00 00 00 00 7B 52 A8 94 ....L... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:56.015368, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2013/11/07 14:24:56.015450, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (1->2) [2013/11/07 14:24:56.015534, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2013/11/07 14:24:56.015614, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2013/11/07 14:24:56.015698, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:56.015777, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE] [2013/11/07 14:24:56.015888, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2013/11/07 14:24:56.015989, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2013/11/07 14:24:56.016071, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (2->3) [2013/11/07 14:24:56.016156, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:56.016250, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:56.016334, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:56.016456, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:56.016564, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:56.016665, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2013/11/07 14:24:56.016746, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (3->4) [2013/11/07 14:24:56.016831, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:56.016910, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:56.016994, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:56.017073, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:56.017175, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:56.017292, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2013/11/07 14:24:56.017375, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (4->5) [2013/11/07 14:24:56.017460, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:56.017539, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:56.017625, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:56.017704, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:56.017830, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2013/11/07 14:24:56.017913, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (5->6) [2013/11/07 14:24:56.017998, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:56.018093, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:56.018182, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:56.018262, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:56.018371, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2013/11/07 14:24:56.018453, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (6->7) [2013/11/07 14:24:56.018540, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:56.018620, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:56.018772, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:56.018855, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:56.018960, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:56.019064, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [sprinter1] [2013/11/07 14:24:56.019146, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (7->8) [2013/11/07 14:24:56.019232, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:56.019313, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:56.019403, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:56.019483, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:56.019611, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:56.019715, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:24:56.019815, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (8->7) [2013/11/07 14:24:56.019899, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (7->6) [2013/11/07 14:24:56.019984, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (6->5) [2013/11/07 14:24:56.020067, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (5->4) [2013/11/07 14:24:56.020150, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (4->3) [2013/11/07 14:24:56.020233, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (3->2) [2013/11/07 14:24:56.020317, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 4D 01 00 00 00 00 00 00 7B 52 A8 94 ....M... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:56.020504, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000014d-0000-0000-7b52-a8947f2c0000 result : WERR_OK [2013/11/07 14:24:56.020858, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey in: struct winreg_QueryInfoKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000014d-0000-0000-7b52-a8947f2c0000 classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL [2013/11/07 14:24:56.021348, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 4D 01 00 00 00 00 00 00 7B 52 A8 94 ....M... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:56.021506, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' (ops 0xb6d86bc0) [2013/11/07 14:24:56.021590, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:56.021710, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[0]: name[Attributes] len[4] [2013/11/07 14:24:56.021796, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[1]: name[Description] len[2] [2013/11/07 14:24:56.021895, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[2]: name[Datatype] len[8] [2013/11/07 14:24:56.021979, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[3]: name[Default Priority] len[4] [2013/11/07 14:24:56.022064, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[4]: name[Port] len[38] [2013/11/07 14:24:56.022150, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[5]: name[Name] len[20] [2013/11/07 14:24:56.022234, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[6]: name[Print Processor] len[18] [2013/11/07 14:24:56.022320, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[7]: name[Priority] len[4] [2013/11/07 14:24:56.022405, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[8]: name[Security] len[248] [2013/11/07 14:24:56.022490, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[9]: name[Share Name] len[20] [2013/11/07 14:24:56.022575, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[10]: name[StartTime] len[4] [2013/11/07 14:24:56.022661, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[11]: name[UntilTime] len[4] [2013/11/07 14:24:56.022746, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[12]: name[ChangeID] len[4] [2013/11/07 14:24:56.022832, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:56.022937, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey out: struct winreg_QueryInfoKey classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL num_subkeys : * num_subkeys : 0x00000003 (3) max_subkeylen : * max_subkeylen : 0x00000022 (34) max_classlen : * max_classlen : 0x00000000 (0) num_values : * num_values : 0x0000000d (13) max_valnamelen : * max_valnamelen : 0x00000022 (34) max_valbufsize : * max_valbufsize : 0x000000f8 (248) secdescsize : * secdescsize : 0x00000078 (120) last_changed_time : * last_changed_time : NTTIME(0) result : WERR_OK [2013/11/07 14:24:56.023940, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000014d-0000-0000-7b52-a8947f2c0000 enum_index : 0x00000000 (0) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:56.024835, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 4D 01 00 00 00 00 00 00 7B 52 A8 94 ....M... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:56.024986, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:56.025075, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0016 (22) size : 0x0024 (36) name : * name : 'Attributes' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x48 (72) [1] : 0x10 (16) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:56.025984, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000014d-0000-0000-7b52-a8947f2c0000 enum_index : 0x00000001 (1) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:56.027139, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 4D 01 00 00 00 00 00 00 7B 52 A8 94 ....M... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:56.027294, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:56.027406, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0018 (24) size : 0x0024 (36) name : * name : 'Description' type : * type : REG_SZ (1) value : * value: ARRAY(2) [0] : 0x00 (0) [1] : 0x00 (0) size : * size : 0x00000002 (2) length : * length : 0x00000002 (2) result : WERR_OK [2013/11/07 14:24:56.028237, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000014d-0000-0000-7b52-a8947f2c0000 enum_index : 0x00000002 (2) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:56.029130, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 4D 01 00 00 00 00 00 00 7B 52 A8 94 ....M... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:56.029300, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:56.029391, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Datatype' type : * type : REG_SZ (1) value : * value: ARRAY(8) [0] : 0x52 (82) [1] : 0x00 (0) [2] : 0x41 (65) [3] : 0x00 (0) [4] : 0x57 (87) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) size : * size : 0x00000008 (8) length : * length : 0x00000008 (8) result : WERR_OK [2013/11/07 14:24:56.030444, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000014d-0000-0000-7b52-a8947f2c0000 enum_index : 0x00000003 (3) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:56.031293, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 4D 01 00 00 00 00 00 00 7B 52 A8 94 ....M... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:56.031446, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:56.031535, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0022 (34) size : 0x0024 (36) name : * name : 'Default Priority' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:56.032447, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000014d-0000-0000-7b52-a8947f2c0000 enum_index : 0x00000004 (4) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:56.033341, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 4D 01 00 00 00 00 00 00 7B 52 A8 94 ....M... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:56.033491, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:56.033579, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x000a (10) size : 0x0024 (36) name : * name : 'Port' type : * type : REG_SZ (1) value : * value: ARRAY(38) [0] : 0x53 (83) [1] : 0x00 (0) [2] : 0x61 (97) [3] : 0x00 (0) [4] : 0x6d (109) [5] : 0x00 (0) [6] : 0x62 (98) [7] : 0x00 (0) [8] : 0x61 (97) [9] : 0x00 (0) [10] : 0x20 (32) [11] : 0x00 (0) [12] : 0x50 (80) [13] : 0x00 (0) [14] : 0x72 (114) [15] : 0x00 (0) [16] : 0x69 (105) [17] : 0x00 (0) [18] : 0x6e (110) [19] : 0x00 (0) [20] : 0x74 (116) [21] : 0x00 (0) [22] : 0x65 (101) [23] : 0x00 (0) [24] : 0x72 (114) [25] : 0x00 (0) [26] : 0x20 (32) [27] : 0x00 (0) [28] : 0x50 (80) [29] : 0x00 (0) [30] : 0x6f (111) [31] : 0x00 (0) [32] : 0x72 (114) [33] : 0x00 (0) [34] : 0x74 (116) [35] : 0x00 (0) [36] : 0x00 (0) [37] : 0x00 (0) size : * size : 0x00000026 (38) length : * length : 0x00000026 (38) result : WERR_OK [2013/11/07 14:24:56.035798, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000014d-0000-0000-7b52-a8947f2c0000 enum_index : 0x00000005 (5) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:56.036678, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 4D 01 00 00 00 00 00 00 7B 52 A8 94 ....M... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:56.036827, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:56.036914, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x000a (10) size : 0x0024 (36) name : * name : 'Name' type : * type : REG_SZ (1) value : * value: ARRAY(20) [0] : 0x73 (115) [1] : 0x00 (0) [2] : 0x70 (112) [3] : 0x00 (0) [4] : 0x72 (114) [5] : 0x00 (0) [6] : 0x69 (105) [7] : 0x00 (0) [8] : 0x6e (110) [9] : 0x00 (0) [10] : 0x74 (116) [11] : 0x00 (0) [12] : 0x65 (101) [13] : 0x00 (0) [14] : 0x72 (114) [15] : 0x00 (0) [16] : 0x31 (49) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) size : * size : 0x00000014 (20) length : * length : 0x00000014 (20) result : WERR_OK [2013/11/07 14:24:56.038493, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000014d-0000-0000-7b52-a8947f2c0000 enum_index : 0x00000006 (6) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:56.039345, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 4D 01 00 00 00 00 00 00 7B 52 A8 94 ....M... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:56.039503, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:56.039591, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0020 (32) size : 0x0024 (36) name : * name : 'Print Processor' type : * type : REG_SZ (1) value : * value: ARRAY(18) [0] : 0x77 (119) [1] : 0x00 (0) [2] : 0x69 (105) [3] : 0x00 (0) [4] : 0x6e (110) [5] : 0x00 (0) [6] : 0x70 (112) [7] : 0x00 (0) [8] : 0x72 (114) [9] : 0x00 (0) [10] : 0x69 (105) [11] : 0x00 (0) [12] : 0x6e (110) [13] : 0x00 (0) [14] : 0x74 (116) [15] : 0x00 (0) [16] : 0x00 (0) [17] : 0x00 (0) size : * size : 0x00000012 (18) length : * length : 0x00000012 (18) result : WERR_OK [2013/11/07 14:24:56.041043, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000014d-0000-0000-7b52-a8947f2c0000 enum_index : 0x00000007 (7) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:56.041911, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 4D 01 00 00 00 00 00 00 7B 52 A8 94 ....M... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:56.042061, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:56.042148, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Priority' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:56.043023, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000014d-0000-0000-7b52-a8947f2c0000 enum_index : 0x00000008 (8) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:56.043886, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 4D 01 00 00 00 00 00 00 7B 52 A8 94 ....M... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:56.044038, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:56.044125, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Security' type : * type : REG_BINARY (3) value : * value: ARRAY(248) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0xc4 (196) [55] : 0x00 (0) [56] : 0x07 (7) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x24 (36) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x05 (5) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x15 (21) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0xcd (205) [101] : 0x0e (14) [102] : 0x37 (55) [103] : 0x41 (65) [104] : 0xea (234) [105] : 0x03 (3) [106] : 0x00 (0) [107] : 0x1d (29) [108] : 0x0e (14) [109] : 0x89 (137) [110] : 0x3c (60) [111] : 0xd2 (210) [112] : 0x00 (0) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x02 (2) [118] : 0x24 (36) [119] : 0x00 (0) [120] : 0x0c (12) [121] : 0x00 (0) [122] : 0x0f (15) [123] : 0x10 (16) [124] : 0x01 (1) [125] : 0x05 (5) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x05 (5) [132] : 0x15 (21) [133] : 0x00 (0) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0xcd (205) [137] : 0x0e (14) [138] : 0x37 (55) [139] : 0x41 (65) [140] : 0xea (234) [141] : 0x03 (3) [142] : 0x00 (0) [143] : 0x1d (29) [144] : 0x0e (14) [145] : 0x89 (137) [146] : 0x3c (60) [147] : 0xd2 (210) [148] : 0x00 (0) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x09 (9) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x20 (32) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x02 (2) [178] : 0x18 (24) [179] : 0x00 (0) [180] : 0x0c (12) [181] : 0x00 (0) [182] : 0x0f (15) [183] : 0x10 (16) [184] : 0x01 (1) [185] : 0x02 (2) [186] : 0x00 (0) [187] : 0x00 (0) [188] : 0x00 (0) [189] : 0x00 (0) [190] : 0x00 (0) [191] : 0x05 (5) [192] : 0x20 (32) [193] : 0x00 (0) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x20 (32) [197] : 0x02 (2) [198] : 0x00 (0) [199] : 0x00 (0) [200] : 0x00 (0) [201] : 0x09 (9) [202] : 0x18 (24) [203] : 0x00 (0) [204] : 0x0c (12) [205] : 0x00 (0) [206] : 0x0f (15) [207] : 0x10 (16) [208] : 0x01 (1) [209] : 0x02 (2) [210] : 0x00 (0) [211] : 0x00 (0) [212] : 0x00 (0) [213] : 0x00 (0) [214] : 0x00 (0) [215] : 0x05 (5) [216] : 0x20 (32) [217] : 0x00 (0) [218] : 0x00 (0) [219] : 0x00 (0) [220] : 0x26 (38) [221] : 0x02 (2) [222] : 0x00 (0) [223] : 0x00 (0) [224] : 0x00 (0) [225] : 0x02 (2) [226] : 0x18 (24) [227] : 0x00 (0) [228] : 0x0c (12) [229] : 0x00 (0) [230] : 0x0f (15) [231] : 0x10 (16) [232] : 0x01 (1) [233] : 0x02 (2) [234] : 0x00 (0) [235] : 0x00 (0) [236] : 0x00 (0) [237] : 0x00 (0) [238] : 0x00 (0) [239] : 0x05 (5) [240] : 0x20 (32) [241] : 0x00 (0) [242] : 0x00 (0) [243] : 0x00 (0) [244] : 0x26 (38) [245] : 0x02 (2) [246] : 0x00 (0) [247] : 0x00 (0) size : * size : 0x000000f8 (248) length : * length : 0x000000f8 (248) result : WERR_OK [2013/11/07 14:24:56.054669, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000014d-0000-0000-7b52-a8947f2c0000 enum_index : 0x00000009 (9) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:56.055530, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 4D 01 00 00 00 00 00 00 7B 52 A8 94 ....M... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:56.055680, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:56.055767, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0016 (22) size : 0x0024 (36) name : * name : 'Share Name' type : * type : REG_SZ (1) value : * value: ARRAY(20) [0] : 0x73 (115) [1] : 0x00 (0) [2] : 0x70 (112) [3] : 0x00 (0) [4] : 0x72 (114) [5] : 0x00 (0) [6] : 0x69 (105) [7] : 0x00 (0) [8] : 0x6e (110) [9] : 0x00 (0) [10] : 0x74 (116) [11] : 0x00 (0) [12] : 0x65 (101) [13] : 0x00 (0) [14] : 0x72 (114) [15] : 0x00 (0) [16] : 0x31 (49) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) size : * size : 0x00000014 (20) length : * length : 0x00000014 (20) result : WERR_OK [2013/11/07 14:24:56.057326, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000014d-0000-0000-7b52-a8947f2c0000 enum_index : 0x0000000a (10) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:56.058177, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 4D 01 00 00 00 00 00 00 7B 52 A8 94 ....M... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:56.058326, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:56.058413, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0014 (20) size : 0x0024 (36) name : * name : 'StartTime' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:56.059279, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000014d-0000-0000-7b52-a8947f2c0000 enum_index : 0x0000000b (11) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:56.060154, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 4D 01 00 00 00 00 00 00 7B 52 A8 94 ....M... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:56.060303, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:56.060412, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0014 (20) size : 0x0024 (36) name : * name : 'UntilTime' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:56.061322, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000014d-0000-0000-7b52-a8947f2c0000 enum_index : 0x0000000c (12) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:56.062184, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 4D 01 00 00 00 00 00 00 7B 52 A8 94 ....M... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:56.062333, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:56.062433, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'ChangeID' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x33 (51) [1] : 0xac (172) [2] : 0x0e (14) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:56.063353, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000014d-0000-0000-7b52-a8947f2c0000 value_name : * value_name: struct winreg_String name_len : 0x0020 (32) name_size : 0x0020 (32) name : * name : 'Default DevMode' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2013/11/07 14:24:56.064127, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 4D 01 00 00 00 00 00 00 7B 52 A8 94 ....M... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:56.064277, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:56.064360, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2013/11/07 14:24:56.064476, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:316(_winreg_QueryValue) _winreg_QueryValue: reg_queryvalue failed with: WERR_BADFILE [2013/11/07 14:24:56.064557, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) result : WERR_BADFILE [2013/11/07 14:24:56.065029, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:24:56.065558, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2013/11/07 14:24:56.065642, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (2->3) [2013/11/07 14:24:56.065728, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2013/11/07 14:24:56.065809, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2013/11/07 14:24:56.065893, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:56.065972, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM] [2013/11/07 14:24:56.066097, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2013/11/07 14:24:56.066203, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:24:56.066292, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[3] [0000] 00 00 00 00 4E 01 00 00 00 00 00 00 7B 52 A8 94 ....N... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:56.066441, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000014e-0000-0000-7b52-a8947f2c0000 result : WERR_OK [2013/11/07 14:24:56.066787, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000014e-0000-0000-7b52-a8947f2c0000 keyname: struct winreg_String name_len : 0x008c (140) name_size : 0x008c (140) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:24:56.067806, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 4E 01 00 00 00 00 00 00 7B 52 A8 94 ....N... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:56.067962, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2013/11/07 14:24:56.068044, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (3->4) [2013/11/07 14:24:56.068128, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2013/11/07 14:24:56.068208, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2013/11/07 14:24:56.068291, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:56.068370, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE] [2013/11/07 14:24:56.068512, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2013/11/07 14:24:56.068612, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2013/11/07 14:24:56.068694, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (4->5) [2013/11/07 14:24:56.068778, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:56.068932, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:56.069018, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:56.069097, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:56.069206, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:56.069331, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2013/11/07 14:24:56.069415, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (5->6) [2013/11/07 14:24:56.069514, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:56.069594, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:56.069678, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:56.069757, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:56.069861, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:56.069961, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2013/11/07 14:24:56.070043, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (6->7) [2013/11/07 14:24:56.070128, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:56.070208, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:56.070294, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:56.070372, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:56.070495, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2013/11/07 14:24:56.070578, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (7->8) [2013/11/07 14:24:56.070666, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:56.070746, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:56.070835, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:56.070914, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:56.071023, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2013/11/07 14:24:56.071105, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (8->9) [2013/11/07 14:24:56.071204, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:56.071286, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:56.071376, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:56.071456, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:56.071585, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:56.071692, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [sprinter1] [2013/11/07 14:24:56.071776, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (9->10) [2013/11/07 14:24:56.071861, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:56.071943, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:56.072030, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:56.072110, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:56.072223, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:56.072326, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:24:56.072440, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (10->9) [2013/11/07 14:24:56.072525, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (9->8) [2013/11/07 14:24:56.072610, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (8->7) [2013/11/07 14:24:56.072693, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (7->6) [2013/11/07 14:24:56.072776, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (6->5) [2013/11/07 14:24:56.072875, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (5->4) [2013/11/07 14:24:56.072976, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[4] [0000] 00 00 00 00 4F 01 00 00 00 00 00 00 7B 52 A8 94 ....O... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:56.073139, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000014f-0000-0000-7b52-a8947f2c0000 result : WERR_OK [2013/11/07 14:24:56.073534, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000014f-0000-0000-7b52-a8947f2c0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2013/11/07 14:24:56.074313, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 4F 01 00 00 00 00 00 00 7B 52 A8 94 ....O... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:56.074464, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:56.074547, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2013/11/07 14:24:56.074630, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' (ops 0xb6d86bc0) [2013/11/07 14:24:56.074714, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:56.074825, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[0]: name[Attributes] len[4] [2013/11/07 14:24:56.074910, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[1]: name[Description] len[2] [2013/11/07 14:24:56.074995, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[2]: name[Datatype] len[8] [2013/11/07 14:24:56.075095, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[3]: name[Default Priority] len[4] [2013/11/07 14:24:56.075179, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[4]: name[Port] len[38] [2013/11/07 14:24:56.075264, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[5]: name[Name] len[20] [2013/11/07 14:24:56.075348, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[6]: name[Print Processor] len[18] [2013/11/07 14:24:56.075433, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[7]: name[Priority] len[4] [2013/11/07 14:24:56.075518, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[8]: name[Security] len[248] [2013/11/07 14:24:56.075603, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[9]: name[Share Name] len[20] [2013/11/07 14:24:56.075688, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[10]: name[StartTime] len[4] [2013/11/07 14:24:56.075773, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[11]: name[UntilTime] len[4] [2013/11/07 14:24:56.075858, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[12]: name[ChangeID] len[4] [2013/11/07 14:24:56.075945, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : NULL data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x00000000 (0) result : WERR_OK [2013/11/07 14:24:56.076427, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000014f-0000-0000-7b52-a8947f2c0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_BINARY (3) data : * data: ARRAY(0) data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x00000000 (0) [2013/11/07 14:24:56.077257, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 4F 01 00 00 00 00 00 00 7B 52 A8 94 ....O... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:56.077432, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:56.077514, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2013/11/07 14:24:56.077603, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : * data: ARRAY(248) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0xc4 (196) [55] : 0x00 (0) [56] : 0x07 (7) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x24 (36) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x05 (5) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x15 (21) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0xcd (205) [101] : 0x0e (14) [102] : 0x37 (55) [103] : 0x41 (65) [104] : 0xea (234) [105] : 0x03 (3) [106] : 0x00 (0) [107] : 0x1d (29) [108] : 0x0e (14) [109] : 0x89 (137) [110] : 0x3c (60) [111] : 0xd2 (210) [112] : 0x00 (0) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x02 (2) [118] : 0x24 (36) [119] : 0x00 (0) [120] : 0x0c (12) [121] : 0x00 (0) [122] : 0x0f (15) [123] : 0x10 (16) [124] : 0x01 (1) [125] : 0x05 (5) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x05 (5) [132] : 0x15 (21) [133] : 0x00 (0) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0xcd (205) [137] : 0x0e (14) [138] : 0x37 (55) [139] : 0x41 (65) [140] : 0xea (234) [141] : 0x03 (3) [142] : 0x00 (0) [143] : 0x1d (29) [144] : 0x0e (14) [145] : 0x89 (137) [146] : 0x3c (60) [147] : 0xd2 (210) [148] : 0x00 (0) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x09 (9) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x20 (32) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x02 (2) [178] : 0x18 (24) [179] : 0x00 (0) [180] : 0x0c (12) [181] : 0x00 (0) [182] : 0x0f (15) [183] : 0x10 (16) [184] : 0x01 (1) [185] : 0x02 (2) [186] : 0x00 (0) [187] : 0x00 (0) [188] : 0x00 (0) [189] : 0x00 (0) [190] : 0x00 (0) [191] : 0x05 (5) [192] : 0x20 (32) [193] : 0x00 (0) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x20 (32) [197] : 0x02 (2) [198] : 0x00 (0) [199] : 0x00 (0) [200] : 0x00 (0) [201] : 0x09 (9) [202] : 0x18 (24) [203] : 0x00 (0) [204] : 0x0c (12) [205] : 0x00 (0) [206] : 0x0f (15) [207] : 0x10 (16) [208] : 0x01 (1) [209] : 0x02 (2) [210] : 0x00 (0) [211] : 0x00 (0) [212] : 0x00 (0) [213] : 0x00 (0) [214] : 0x00 (0) [215] : 0x05 (5) [216] : 0x20 (32) [217] : 0x00 (0) [218] : 0x00 (0) [219] : 0x00 (0) [220] : 0x26 (38) [221] : 0x02 (2) [222] : 0x00 (0) [223] : 0x00 (0) [224] : 0x00 (0) [225] : 0x02 (2) [226] : 0x18 (24) [227] : 0x00 (0) [228] : 0x0c (12) [229] : 0x00 (0) [230] : 0x0f (15) [231] : 0x10 (16) [232] : 0x01 (1) [233] : 0x02 (2) [234] : 0x00 (0) [235] : 0x00 (0) [236] : 0x00 (0) [237] : 0x00 (0) [238] : 0x00 (0) [239] : 0x05 (5) [240] : 0x20 (32) [241] : 0x00 (0) [242] : 0x00 (0) [243] : 0x00 (0) [244] : 0x26 (38) [245] : 0x02 (2) [246] : 0x00 (0) [247] : 0x00 (0) data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x000000f8 (248) result : WERR_OK [2013/11/07 14:24:56.087949, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000014f-0000-0000-7b52-a8947f2c0000 [2013/11/07 14:24:56.088248, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 4F 01 00 00 00 00 00 00 7B 52 A8 94 ....O... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:56.088423, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 4F 01 00 00 00 00 00 00 7B 52 A8 94 ....O... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:56.088574, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:24:56.088661, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (4->3) [2013/11/07 14:24:56.088745, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:24:56.089083, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000014e-0000-0000-7b52-a8947f2c0000 [2013/11/07 14:24:56.089380, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 4E 01 00 00 00 00 00 00 7B 52 A8 94 ....N... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:56.089533, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 4E 01 00 00 00 00 00 00 7B 52 A8 94 ....N... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:56.089684, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:24:56.089767, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (3->2) [2013/11/07 14:24:56.089850, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:24:56.090188, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000014d-0000-0000-7b52-a8947f2c0000 [2013/11/07 14:24:56.090469, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 4D 01 00 00 00 00 00 00 7B 52 A8 94 ....M... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:56.090633, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 4D 01 00 00 00 00 00 00 7B 52 A8 94 ....M... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:56.090783, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:24:56.090872, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (2->1) [2013/11/07 14:24:56.090957, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:24:56.091291, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000014c-0000-0000-7b52-a8947f2c0000 [2013/11/07 14:24:56.091570, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 4C 01 00 00 00 00 00 00 7B 52 A8 94 ....L... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:56.091717, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 4C 01 00 00 00 00 00 00 7B 52 A8 94 ....L... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:56.091863, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:24:56.091947, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (1->0) [2013/11/07 14:24:56.092053, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:24:56.092450, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:416(close_policy_by_pipe) Deleted handle list for RPC connection \winreg [2013/11/07 14:24:56.092674, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) spoolss_GetPrinter: struct spoolss_GetPrinter out: struct spoolss_GetPrinter info : * info : union spoolss_PrinterInfo(case 2) info2: struct spoolss_PrinterInfo2 servername : * servername : '\\SLAVER' printername : * printername : '\\SLAVER\sprinter1' sharename : * sharename : 'sprinter1' portname : * portname : 'Samba Printer Port' drivername : * drivername : '' comment : * comment : '' location : * location : '' devmode : * devmode: struct spoolss_DeviceMode devicename : '\\SLAVER\sprinter1' specversion : DMSPEC_NT4_AND_ABOVE (1025) driverversion : 0x0400 (1024) size : 0x00dc (220) __driverextra_length : 0x0000 (0) fields : 0x00014713 (83731) 1: DEVMODE_ORIENTATION 1: DEVMODE_PAPERSIZE 0: DEVMODE_PAPERLENGTH 0: DEVMODE_PAPERWIDTH 1: DEVMODE_SCALE 0: DEVMODE_POSITION 0: DEVMODE_NUP 1: DEVMODE_COPIES 1: DEVMODE_DEFAULTSOURCE 1: DEVMODE_PRINTQUALITY 0: DEVMODE_COLOR 0: DEVMODE_DUPLEX 0: DEVMODE_YRESOLUTION 1: DEVMODE_TTOPTION 0: DEVMODE_COLLATE 1: DEVMODE_FORMNAME 0: DEVMODE_LOGPIXELS 0: DEVMODE_BITSPERPEL 0: DEVMODE_PELSWIDTH 0: DEVMODE_PELSHEIGHT 0: DEVMODE_DISPLAYFLAGS 0: DEVMODE_DISPLAYFREQUENCY 0: DEVMODE_ICMMETHOD 0: DEVMODE_ICMINTENT 0: DEVMODE_MEDIATYPE 0: DEVMODE_DITHERTYPE 0: DEVMODE_PANNINGWIDTH 0: DEVMODE_PANNINGHEIGHT orientation : DMORIENT_PORTRAIT (1) papersize : DMPAPER_LETTER (1) paperlength : 0x0000 (0) paperwidth : 0x0000 (0) scale : 0x0064 (100) copies : 0x0001 (1) defaultsource : DMBIN_FORMSOURCE (15) printquality : DMRES_HIGH (65532) color : DMRES_MONOCHROME (1) duplex : DMDUP_SIMPLEX (1) yresolution : 0x0000 (0) ttoption : DMTT_SUBDEV (3) collate : DMCOLLATE_FALSE (0) formname : 'Letter' logpixels : 0x0000 (0) bitsperpel : 0x00000000 (0) pelswidth : 0x00000000 (0) pelsheight : 0x00000000 (0) displayflags : UNKNOWN_ENUM_VALUE (0) displayfrequency : 0x00000000 (0) icmmethod : UNKNOWN_ENUM_VALUE (0) icmintent : UNKNOWN_ENUM_VALUE (0) mediatype : UNKNOWN_ENUM_VALUE (0) dithertype : UNKNOWN_ENUM_VALUE (0) reserved1 : 0x00000000 (0) reserved2 : 0x00000000 (0) panningwidth : 0x00000000 (0) panningheight : 0x00000000 (0) driverextra_data : DATA_BLOB length=0 sepfile : * sepfile : '' printprocessor : * printprocessor : 'winprint' datatype : * datatype : 'RAW' parameters : * parameters : '' secdesc : * secdesc: struct security_descriptor revision : SECURITY_DESCRIPTOR_REVISION_1 (1) type : 0x8004 (32772) 0: SEC_DESC_OWNER_DEFAULTED 0: SEC_DESC_GROUP_DEFAULTED 1: SEC_DESC_DACL_PRESENT 0: SEC_DESC_DACL_DEFAULTED 0: SEC_DESC_SACL_PRESENT 0: SEC_DESC_SACL_DEFAULTED 0: SEC_DESC_DACL_TRUSTED 0: SEC_DESC_SERVER_SECURITY 0: SEC_DESC_DACL_AUTO_INHERIT_REQ 0: SEC_DESC_SACL_AUTO_INHERIT_REQ 0: SEC_DESC_DACL_AUTO_INHERITED 0: SEC_DESC_SACL_AUTO_INHERITED 0: SEC_DESC_DACL_PROTECTED 0: SEC_DESC_SACL_PROTECTED 0: SEC_DESC_RM_CONTROL_VALID 1: SEC_DESC_SELF_RELATIVE owner_sid : * owner_sid : S-1-5-32-544 group_sid : * group_sid : S-1-5-32-544 sacl : NULL dacl : * dacl: struct security_acl revision : SECURITY_ACL_REVISION_NT4 (2) size : 0x00c4 (196) num_aces : 0x00000007 (7) aces: ARRAY(7) aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0014 (20) access_mask : 0x20020008 (537001992) object : union security_ace_object_ctr(case 0) trustee : S-1-1-0 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x09 (9) 1: SEC_ACE_FLAG_OBJECT_INHERIT 0: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 1: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0024 (36) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-21-1094127309-486540266-3527182606-512 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0024 (36) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-21-1094127309-486540266-3527182606-512 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x09 (9) 1: SEC_ACE_FLAG_OBJECT_INHERIT 0: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 1: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-544 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-544 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x09 (9) 1: SEC_ACE_FLAG_OBJECT_INHERIT 0: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 1: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-550 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-550 attributes : 0x00001048 (4168) 0: PRINTER_ATTRIBUTE_QUEUED 0: PRINTER_ATTRIBUTE_DIRECT 0: PRINTER_ATTRIBUTE_DEFAULT 1: PRINTER_ATTRIBUTE_SHARED 0: PRINTER_ATTRIBUTE_NETWORK 0: PRINTER_ATTRIBUTE_HIDDEN 1: PRINTER_ATTRIBUTE_LOCAL 0: PRINTER_ATTRIBUTE_ENABLE_DEVQ 0: PRINTER_ATTRIBUTE_KEEPPRINTEDJOBS 0: PRINTER_ATTRIBUTE_DO_COMPLETE_FIRST 0: PRINTER_ATTRIBUTE_WORK_OFFLINE 0: PRINTER_ATTRIBUTE_ENABLE_BIDI 1: PRINTER_ATTRIBUTE_RAW_ONLY 0: PRINTER_ATTRIBUTE_PUBLISHED 0: PRINTER_ATTRIBUTE_FAX 0: PRINTER_ATTRIBUTE_TS priority : 0x00000001 (1) defaultpriority : 0x00000001 (1) starttime : 0x00000000 (0) untiltime : 0x00000000 (0) status : 0x00000000 (0) 0: PRINTER_STATUS_PAUSED 0: PRINTER_STATUS_ERROR 0: PRINTER_STATUS_PENDING_DELETION 0: PRINTER_STATUS_PAPER_JAM 0: PRINTER_STATUS_PAPER_OUT 0: PRINTER_STATUS_MANUAL_FEED 0: PRINTER_STATUS_PAPER_PROBLEM 0: PRINTER_STATUS_OFFLINE 0: PRINTER_STATUS_IO_ACTIVE 0: PRINTER_STATUS_BUSY 0: PRINTER_STATUS_PRINTING 0: PRINTER_STATUS_OUTPUT_BIN_FULL 0: PRINTER_STATUS_NOT_AVAILABLE 0: PRINTER_STATUS_WAITING 0: PRINTER_STATUS_PROCESSING 0: PRINTER_STATUS_INITIALIZING 0: PRINTER_STATUS_WARMING_UP 0: PRINTER_STATUS_TONER_LOW 0: PRINTER_STATUS_NO_TONER 0: PRINTER_STATUS_PAGE_PUNT 0: PRINTER_STATUS_USER_INTERVENTION 0: PRINTER_STATUS_OUT_OF_MEMORY 0: PRINTER_STATUS_DOOR_OPEN 0: PRINTER_STATUS_SERVER_UNKNOWN 0: PRINTER_STATUS_POWER_SAVE cjobs : 0x00000000 (0) averageppm : 0x00000000 (0) needed : * needed : 0x000002f0 (752) result : WERR_OK [2013/11/07 14:24:56.104217, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1417(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2013/11/07 14:24:56.104348, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (2016, 5001) - sec_ctx_stack_ndx = 0 [2013/11/07 14:24:56.104505, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 4140 smbd_smb2_request_pending_queue: req->current_idx = 1 req->in.vector[0].iov_len = 0 req->in.vector[1].iov_len = 0 req->in.vector[2].iov_len = 64 req->in.vector[3].iov_len = 56 req->in.vector[4].iov_len = 4156 req->out.vector[0].iov_len = 4 req->out.vector[1].iov_len = 0 req->out.vector[2].iov_len = 64 req->out.vector[3].iov_len = 8 req->out.vector[4].iov_len = 0 [2013/11/07 14:24:56.105012, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:128(smbd_smb2_ioctl_pipe_write_done) smbd_smb2_ioctl_pipe_write_done: received 4156 [2013/11/07 14:24:56.105098, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:149(smbd_smb2_ioctl_pipe_write_done) smbd_smb2_ioctl_pipe_write_done: issuing np_read_send of size 4136 [2013/11/07 14:24:56.105183, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) name: \spoolss len: 4136 [2013/11/07 14:24:56.105267, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:347(read_from_internal_pipe) read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 4112. [2013/11/07 14:24:56.105380, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x1028 (4136) auth_length : 0x0000 (0) call_id : 0x00000011 (17) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00001010 (4112) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=4112 [0000] 04 00 02 00 00 10 00 00 EE 0F 00 00 C8 0F 00 00 ........ ........ [0010] B4 0F 00 00 8E 0F 00 00 8C 0F 00 00 8A 0F 00 00 ........ ........ [0020] 88 0F 00 00 8C 0E 00 00 86 0F 00 00 74 0F 00 00 ........ ....t... [0030] 6C 0F 00 00 6A 0F 00 00 94 0D 00 00 48 10 00 00 l...j... ....H... [0040] 01 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 01 00 04 80 ........ ........ [0DA0] D8 00 00 00 E8 00 00 00 00 00 00 00 14 00 00 00 ........ ........ [0DB0] 02 00 C4 00 07 00 00 00 00 02 14 00 08 00 02 20 ........ ....... [0DC0] 01 01 00 00 00 00 00 01 00 00 00 00 00 09 24 00 ........ ......$. [0DD0] 0C 00 0F 10 01 05 00 00 00 00 00 05 15 00 00 00 ........ ........ [0DE0] CD 0E 37 41 EA 03 00 1D 0E 89 3C D2 00 02 00 00 ..7A.... ..<..... [0DF0] 00 02 24 00 0C 00 0F 10 01 05 00 00 00 00 00 05 ..$..... ........ [0E00] 15 00 00 00 CD 0E 37 41 EA 03 00 1D 0E 89 3C D2 ......7A ......<. [0E10] 00 02 00 00 00 09 18 00 0C 00 0F 10 01 02 00 00 ........ ........ [0E20] 00 00 00 05 20 00 00 00 20 02 00 00 00 02 18 00 .... ... ....... [0E30] 0C 00 0F 10 01 02 00 00 00 00 00 05 20 00 00 00 ........ .... ... [0E40] 20 02 00 00 00 09 18 00 0C 00 0F 10 01 02 00 00 ....... ........ [0E50] 00 00 00 05 20 00 00 00 26 02 00 00 00 02 18 00 .... ... &....... [0E60] 0C 00 0F 10 01 02 00 00 00 00 00 05 20 00 00 00 ........ .... ... [0E70] 26 02 00 00 01 02 00 00 00 00 00 05 20 00 00 00 &....... .... ... [0E80] 20 02 00 00 01 02 00 00 00 00 00 05 20 00 00 00 ....... .... ... [0E90] 20 02 00 00 5C 00 5C 00 53 00 4C 00 41 00 56 00 ...\.\. S.L.A.V. [0EA0] 45 00 52 00 5C 00 73 00 70 00 72 00 69 00 6E 00 E.R.\.s. p.r.i.n. [0EB0] 74 00 65 00 72 00 31 00 00 00 00 00 00 00 00 00 t.e.r.1. ........ [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0ED0] 00 00 00 00 01 04 00 04 DC 00 00 00 13 47 01 00 ........ .....G.. [0EE0] 01 00 01 00 00 00 00 00 64 00 01 00 0F 00 FC FF ........ d....... [0EF0] 01 00 01 00 00 00 03 00 00 00 4C 00 65 00 74 00 ........ ..L.e.t. [0F00] 74 00 65 00 72 00 00 00 00 00 00 00 00 00 00 00 t.e.r... ........ [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F70] 00 00 00 00 52 00 41 00 57 00 00 00 77 00 69 00 ....R.A. W...w.i. [0F80] 6E 00 70 00 72 00 69 00 6E 00 74 00 00 00 00 00 n.p.r.i. n.t..... [0F90] 00 00 00 00 00 00 53 00 61 00 6D 00 62 00 61 00 ......S. a.m.b.a. [0FA0] 20 00 50 00 72 00 69 00 6E 00 74 00 65 00 72 00 .P.r.i. n.t.e.r. [0FB0] 20 00 50 00 6F 00 72 00 74 00 00 00 73 00 70 00 .P.o.r. t...s.p. [0FC0] 72 00 69 00 6E 00 74 00 65 00 72 00 31 00 00 00 r.i.n.t. e.r.1... [0FD0] 5C 00 5C 00 53 00 4C 00 41 00 56 00 45 00 52 00 \.\.S.L. A.V.E.R. [0FE0] 5C 00 73 00 70 00 72 00 69 00 6E 00 74 00 65 00 \.s.p.r. i.n.t.e. [0FF0] 72 00 31 00 00 00 5C 00 5C 00 53 00 4C 00 41 00 r.1...\. \.S.L.A. [1000] 56 00 45 00 52 00 00 00 F0 02 00 00 00 00 00 00 V.E.R... ........ [2013/11/07 14:24:56.123877, 3, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) free_pipe_context: destroying talloc pool of size 1258 [2013/11/07 14:24:56.124003, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 4136 bytes. There is no more data outstanding [2013/11/07 14:24:56.124086, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:178(smbd_smb2_ioctl_pipe_read_done) smbd_smb2_ioctl_pipe_read_done: np_read_recv nread = 4136 is_data_outstanding = 0, status = NT_STATUS_OK [2013/11/07 14:24:56.124178, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl.c:291(smbd_smb2_request_ioctl_done) smbd_smb2_request_ioctl_done: smbd_smb2_ioctl_recv returned 4136 status NT_STATUS_OK [2013/11/07 14:24:56.124262, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[48] dyn[yes:4136] at ../source3/smbd/smb2_ioctl.c:358 [2013/11/07 14:24:56.124349, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/184/127 [2013/11/07 14:24:56.124627, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) smbd_smb2_request_incoming: idx[1] of 5 vectors [2013/11/07 14:24:56.124735, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) smb2_validate_sequence_number: clearing id 184 (position 184) from bitmap [2013/11/07 14:24:56.124820, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) smbd_smb2_request_dispatch: opcode[SMB2_OP_IOCTL] mid = 184 [2013/11/07 14:24:56.124930, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2013/11/07 14:24:56.125023, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) mid 184, CreditCharge: 1, NeededCharge: 1 [2013/11/07 14:24:56.125106, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl.c:394(smbd_smb2_ioctl_send) smbd_smb2_ioctl: ctl_code[0x0011c017] spoolss, fnum 1101484138 [2013/11/07 14:24:56.125196, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:59(smb2_ioctl_named_pipe) smbd_smb2_ioctl_send: np_write_send of size 44 [2013/11/07 14:24:56.125292, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 44 [2013/11/07 14:24:56.125376, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 44 [2013/11/07 14:24:56.125457, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 44 [2013/11/07 14:24:56.125539, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 [2013/11/07 14:24:56.125622, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 16 [2013/11/07 14:24:56.125702, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 28 [2013/11/07 14:24:56.125782, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 28 [2013/11/07 14:24:56.125865, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 0 [2013/11/07 14:24:56.125994, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 28 [2013/11/07 14:24:56.126076, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 28, incoming data = 28 [2013/11/07 14:24:56.126161, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) PDU is in Little Endian format! [2013/11/07 14:24:56.126252, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x002c (44) auth_length : 0x0000 (0) call_id : 0x0000000b (11) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x00000014 (20) context_id : 0x0000 (0) opnum : 0x001d (29) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=20 [0000] 00 00 00 00 93 00 00 00 00 00 00 00 7B 52 90 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:56.127455, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) Processing packet type 0 [2013/11/07 14:24:56.127541, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1472(dcesrv_auth_request) Checking request auth. [2013/11/07 14:24:56.127628, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(2016, 5001) : sec_ctx_stack_ndx = 1 [2013/11/07 14:24:56.127720, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (2016, 5001) - sec_ctx_stack_ndx = 1 [2013/11/07 14:24:56.127804, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (7): SID[ 0]: S-1-5-21-1094127309-486540266-3527182606-1118 SID[ 1]: S-1-5-21-1094127309-486540266-3527182606-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-32-545 SID[ 6]: S-1-5-32-554 Privileges (0x 800000): Privilege[ 0]: SeChangeNotifyPrivilege Rights (0x 400): Right[ 0]: SeRemoteInteractiveLogonRight [2013/11/07 14:24:56.128286, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 2016 Primary group is 5001 and contains 6 supplementary groups Group[ 0]: 5001 Group[ 1]: 5012 Group[ 2]: 5032 Group[ 3]: 5010 Group[ 4]: 5067 Group[ 5]: 5052 [2013/11/07 14:24:56.128663, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1324(api_pipe_request) Requested \spoolss rpc service [2013/11/07 14:24:56.128749, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1356(api_rpcTNP) api_rpcTNP: \spoolss op 0x1d - api_rpcTNP: rpc command: SPOOLSS_CLOSEPRINTER [2013/11/07 14:24:56.128836, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1390(api_rpcTNP) api_rpc_cmds[29].fn == 0xb766a170 [2013/11/07 14:24:56.128922, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) spoolss_ClosePrinter: struct spoolss_ClosePrinter in: struct spoolss_ClosePrinter handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000093-0000-0000-7b52-90947f2c0000 [2013/11/07 14:24:56.129204, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[1] [0000] 00 00 00 00 93 00 00 00 00 00 00 00 7B 52 90 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:56.129374, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[1] [0000] 00 00 00 00 93 00 00 00 00 00 00 00 7B 52 90 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:56.129540, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[1] [0000] 00 00 00 00 93 00 00 00 00 00 00 00 7B 52 90 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:56.129689, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:24:56.129772, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) spoolss_ClosePrinter: struct spoolss_ClosePrinter out: struct spoolss_ClosePrinter handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:24:56.130096, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1417(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2013/11/07 14:24:56.130190, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (2016, 5001) - sec_ctx_stack_ndx = 0 [2013/11/07 14:24:56.130274, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 28 smbd_smb2_request_pending_queue: req->current_idx = 1 req->in.vector[0].iov_len = 0 req->in.vector[1].iov_len = 0 req->in.vector[2].iov_len = 64 req->in.vector[3].iov_len = 56 req->in.vector[4].iov_len = 44 req->out.vector[0].iov_len = 4 req->out.vector[1].iov_len = 0 req->out.vector[2].iov_len = 64 req->out.vector[3].iov_len = 8 req->out.vector[4].iov_len = 0 [2013/11/07 14:24:56.130765, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:128(smbd_smb2_ioctl_pipe_write_done) smbd_smb2_ioctl_pipe_write_done: received 44 [2013/11/07 14:24:56.130848, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:149(smbd_smb2_ioctl_pipe_write_done) smbd_smb2_ioctl_pipe_write_done: issuing np_read_send of size 4136 [2013/11/07 14:24:56.130931, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) name: \spoolss len: 4136 [2013/11/07 14:24:56.131014, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:347(read_from_internal_pipe) read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 24. [2013/11/07 14:24:56.131109, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0030 (48) auth_length : 0x0000 (0) call_id : 0x0000000b (11) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00000018 (24) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=24 [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0010] 00 00 00 00 00 00 00 00 ........ [2013/11/07 14:24:56.132089, 3, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) free_pipe_context: destroying talloc pool of size 25 [2013/11/07 14:24:56.132192, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 48 bytes. There is no more data outstanding [2013/11/07 14:24:56.132298, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:178(smbd_smb2_ioctl_pipe_read_done) smbd_smb2_ioctl_pipe_read_done: np_read_recv nread = 48 is_data_outstanding = 0, status = NT_STATUS_OK [2013/11/07 14:24:56.132459, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl.c:291(smbd_smb2_request_ioctl_done) smbd_smb2_request_ioctl_done: smbd_smb2_ioctl_recv returned 48 status NT_STATUS_OK [2013/11/07 14:24:56.132548, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[48] dyn[yes:48] at ../source3/smbd/smb2_ioctl.c:358 [2013/11/07 14:24:56.132633, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/185/127 [2013/11/07 14:24:56.132815, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) smbd_smb2_request_incoming: idx[1] of 5 vectors [2013/11/07 14:24:56.132902, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) smb2_validate_sequence_number: clearing id 185 (position 185) from bitmap [2013/11/07 14:24:56.132985, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) smbd_smb2_request_dispatch: opcode[SMB2_OP_IOCTL] mid = 185 [2013/11/07 14:24:56.133088, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2013/11/07 14:24:56.133176, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) mid 185, CreditCharge: 1, NeededCharge: 1 [2013/11/07 14:24:56.133259, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl.c:394(smbd_smb2_ioctl_send) smbd_smb2_ioctl: ctl_code[0x0011c017] spoolss, fnum 3571729150 [2013/11/07 14:24:56.133379, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:59(smb2_ioctl_named_pipe) smbd_smb2_ioctl_send: np_write_send of size 4156 [2013/11/07 14:24:56.133461, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 4156 [2013/11/07 14:24:56.133542, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 4156 [2013/11/07 14:24:56.133622, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 4156 [2013/11/07 14:24:56.133704, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) fill_rpc_header: data_to_copy = 4156, len_needed_to_complete_hdr = 16, receive_len = 0 [2013/11/07 14:24:56.133786, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 16 [2013/11/07 14:24:56.133866, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 4140 [2013/11/07 14:24:56.133963, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 4140 [2013/11/07 14:24:56.134050, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 0 [2013/11/07 14:24:56.134130, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 4140 [2013/11/07 14:24:56.134209, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 4140, incoming data = 4140 [2013/11/07 14:24:56.134293, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) PDU is in Little Endian format! [2013/11/07 14:24:56.134382, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x103c (4156) auth_length : 0x0000 (0) call_id : 0x00000012 (18) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x00001024 (4132) context_id : 0x0000 (0) opnum : 0x0008 (8) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=4132 [0000] 00 00 00 00 0F 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 02 00 00 00 00 00 02 00 00 10 00 00 .,...... ........ [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1020] 00 10 00 00 .... [2013/11/07 14:24:56.152799, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) Processing packet type 0 [2013/11/07 14:24:56.152883, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1472(dcesrv_auth_request) Checking request auth. [2013/11/07 14:24:56.152973, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(2016, 5001) : sec_ctx_stack_ndx = 1 [2013/11/07 14:24:56.153061, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (2016, 5001) - sec_ctx_stack_ndx = 1 [2013/11/07 14:24:56.153144, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (7): SID[ 0]: S-1-5-21-1094127309-486540266-3527182606-1118 SID[ 1]: S-1-5-21-1094127309-486540266-3527182606-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-32-545 SID[ 6]: S-1-5-32-554 Privileges (0x 800000): Privilege[ 0]: SeChangeNotifyPrivilege Rights (0x 400): Right[ 0]: SeRemoteInteractiveLogonRight [2013/11/07 14:24:56.153641, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 2016 Primary group is 5001 and contains 6 supplementary groups Group[ 0]: 5001 Group[ 1]: 5012 Group[ 2]: 5032 Group[ 3]: 5010 Group[ 4]: 5067 Group[ 5]: 5052 [2013/11/07 14:24:56.153994, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1324(api_pipe_request) Requested \spoolss rpc service [2013/11/07 14:24:56.154080, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1356(api_rpcTNP) api_rpcTNP: \spoolss op 0x8 - api_rpcTNP: rpc command: SPOOLSS_GETPRINTER [2013/11/07 14:24:56.154165, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1390(api_rpcTNP) api_rpc_cmds[8].fn == 0xb766e000 [2013/11/07 14:24:56.154253, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) spoolss_GetPrinter: struct spoolss_GetPrinter in: struct spoolss_GetPrinter handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000010f-0000-0000-7b52-a4947f2c0000 level : 0x00000002 (2) buffer : * buffer : DATA_BLOB length=4096 [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ offered : 0x00001000 (4096) [2013/11/07 14:24:56.171740, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0F 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:56.171895, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0F 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:56.172044, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:489(get_printer_snum) short name:sprinter1 [2013/11/07 14:24:56.172227, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) Create pipe requested \winreg [2013/11/07 14:24:56.172320, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:221(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \winreg [2013/11/07 14:24:56.172450, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg [2013/11/07 14:24:56.172596, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) Created internal pipe \winreg [2013/11/07 14:24:56.172712, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:24:56.173221, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2013/11/07 14:24:56.173326, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(2016, 5001) : sec_ctx_stack_ndx = 2 [2013/11/07 14:24:56.173414, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:485(push_conn_ctx) push_conn_ctx(2620291195) : conn_ctx_stack_ndx = 0 [2013/11/07 14:24:56.173496, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/11/07 14:24:56.173593, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/11/07 14:24:56.173673, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/11/07 14:24:56.173922, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (2016, 5001) - sec_ctx_stack_ndx = 1 [2013/11/07 14:24:56.174007, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:866(regdb_open) regdb_open: registry db opened. refcount reset (1) [2013/11/07 14:24:56.174094, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2013/11/07 14:24:56.174174, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2013/11/07 14:24:56.174258, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:56.174338, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM] [2013/11/07 14:24:56.174466, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2013/11/07 14:24:56.174570, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:24:56.174659, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 50 01 00 00 00 00 00 00 7B 52 A8 94 ....P... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:56.174811, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000150-0000-0000-7b52-a8947f2c0000 result : WERR_OK [2013/11/07 14:24:56.175171, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000150-0000-0000-7b52-a8947f2c0000 keyname: struct winreg_String name_len : 0x008c (140) name_size : 0x008c (140) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:24:56.176187, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 50 01 00 00 00 00 00 00 7B 52 A8 94 ....P... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:56.176342, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2013/11/07 14:24:56.176531, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (1->2) [2013/11/07 14:24:56.176617, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2013/11/07 14:24:56.176697, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2013/11/07 14:24:56.176782, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:56.176861, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE] [2013/11/07 14:24:56.176975, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2013/11/07 14:24:56.177077, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2013/11/07 14:24:56.177159, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (2->3) [2013/11/07 14:24:56.177243, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:56.177342, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:56.177445, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:56.177525, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:56.177644, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:56.177755, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2013/11/07 14:24:56.177837, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (3->4) [2013/11/07 14:24:56.177922, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:56.178001, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:56.178101, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:56.178181, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:56.178286, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:56.178390, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2013/11/07 14:24:56.178472, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (4->5) [2013/11/07 14:24:56.178557, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:56.178638, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:56.178726, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:56.178805, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:56.178930, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2013/11/07 14:24:56.179013, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (5->6) [2013/11/07 14:24:56.179097, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:56.179179, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:56.179268, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:56.179347, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:56.179455, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2013/11/07 14:24:56.179538, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (6->7) [2013/11/07 14:24:56.179625, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:56.179705, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:56.179806, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:56.179886, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:56.179990, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:56.180092, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [sprinter1] [2013/11/07 14:24:56.180174, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (7->8) [2013/11/07 14:24:56.180260, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:56.180341, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:56.180497, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:56.180577, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:56.180704, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:56.180807, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:24:56.180892, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (8->7) [2013/11/07 14:24:56.180976, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (7->6) [2013/11/07 14:24:56.181060, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (6->5) [2013/11/07 14:24:56.181143, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (5->4) [2013/11/07 14:24:56.181225, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (4->3) [2013/11/07 14:24:56.181345, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (3->2) [2013/11/07 14:24:56.181430, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 51 01 00 00 00 00 00 00 7B 52 A8 94 ....Q... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:56.181580, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000151-0000-0000-7b52-a8947f2c0000 result : WERR_OK [2013/11/07 14:24:56.181950, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey in: struct winreg_QueryInfoKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000151-0000-0000-7b52-a8947f2c0000 classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL [2013/11/07 14:24:56.182424, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 51 01 00 00 00 00 00 00 7B 52 A8 94 ....Q... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:56.182580, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' (ops 0xb6d86bc0) [2013/11/07 14:24:56.182664, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:56.182788, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[0]: name[Attributes] len[4] [2013/11/07 14:24:56.182874, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[1]: name[Description] len[2] [2013/11/07 14:24:56.182958, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[2]: name[Datatype] len[8] [2013/11/07 14:24:56.183041, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[3]: name[Default Priority] len[4] [2013/11/07 14:24:56.183126, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[4]: name[Port] len[38] [2013/11/07 14:24:56.183211, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[5]: name[Name] len[20] [2013/11/07 14:24:56.183295, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[6]: name[Print Processor] len[18] [2013/11/07 14:24:56.183380, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[7]: name[Priority] len[4] [2013/11/07 14:24:56.183465, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[8]: name[Security] len[248] [2013/11/07 14:24:56.183550, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[9]: name[Share Name] len[20] [2013/11/07 14:24:56.183650, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[10]: name[StartTime] len[4] [2013/11/07 14:24:56.183735, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[11]: name[UntilTime] len[4] [2013/11/07 14:24:56.183820, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[12]: name[ChangeID] len[4] [2013/11/07 14:24:56.183906, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:56.184012, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey out: struct winreg_QueryInfoKey classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL num_subkeys : * num_subkeys : 0x00000003 (3) max_subkeylen : * max_subkeylen : 0x00000022 (34) max_classlen : * max_classlen : 0x00000000 (0) num_values : * num_values : 0x0000000d (13) max_valnamelen : * max_valnamelen : 0x00000022 (34) max_valbufsize : * max_valbufsize : 0x000000f8 (248) secdescsize : * secdescsize : 0x00000078 (120) last_changed_time : * last_changed_time : NTTIME(0) result : WERR_OK [2013/11/07 14:24:56.185038, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000151-0000-0000-7b52-a8947f2c0000 enum_index : 0x00000000 (0) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:56.185919, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 51 01 00 00 00 00 00 00 7B 52 A8 94 ....Q... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:56.186072, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:56.186175, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0016 (22) size : 0x0024 (36) name : * name : 'Attributes' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x48 (72) [1] : 0x10 (16) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:56.187052, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000151-0000-0000-7b52-a8947f2c0000 enum_index : 0x00000001 (1) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:56.187895, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 51 01 00 00 00 00 00 00 7B 52 A8 94 ....Q... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:56.188046, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:56.188132, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0018 (24) size : 0x0024 (36) name : * name : 'Description' type : * type : REG_SZ (1) value : * value: ARRAY(2) [0] : 0x00 (0) [1] : 0x00 (0) size : * size : 0x00000002 (2) length : * length : 0x00000002 (2) result : WERR_OK [2013/11/07 14:24:56.188970, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000151-0000-0000-7b52-a8947f2c0000 enum_index : 0x00000002 (2) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:56.189831, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 51 01 00 00 00 00 00 00 7B 52 A8 94 ....Q... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:56.189979, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:56.190066, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Datatype' type : * type : REG_SZ (1) value : * value: ARRAY(8) [0] : 0x52 (82) [1] : 0x00 (0) [2] : 0x41 (65) [3] : 0x00 (0) [4] : 0x57 (87) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) size : * size : 0x00000008 (8) length : * length : 0x00000008 (8) result : WERR_OK [2013/11/07 14:24:56.191094, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000151-0000-0000-7b52-a8947f2c0000 enum_index : 0x00000003 (3) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:56.191954, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 51 01 00 00 00 00 00 00 7B 52 A8 94 ....Q... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:56.192102, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:56.192189, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0022 (34) size : 0x0024 (36) name : * name : 'Default Priority' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:56.193085, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000151-0000-0000-7b52-a8947f2c0000 enum_index : 0x00000004 (4) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:56.193977, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 51 01 00 00 00 00 00 00 7B 52 A8 94 ....Q... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:56.194140, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:56.194230, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x000a (10) size : 0x0024 (36) name : * name : 'Port' type : * type : REG_SZ (1) value : * value: ARRAY(38) [0] : 0x53 (83) [1] : 0x00 (0) [2] : 0x61 (97) [3] : 0x00 (0) [4] : 0x6d (109) [5] : 0x00 (0) [6] : 0x62 (98) [7] : 0x00 (0) [8] : 0x61 (97) [9] : 0x00 (0) [10] : 0x20 (32) [11] : 0x00 (0) [12] : 0x50 (80) [13] : 0x00 (0) [14] : 0x72 (114) [15] : 0x00 (0) [16] : 0x69 (105) [17] : 0x00 (0) [18] : 0x6e (110) [19] : 0x00 (0) [20] : 0x74 (116) [21] : 0x00 (0) [22] : 0x65 (101) [23] : 0x00 (0) [24] : 0x72 (114) [25] : 0x00 (0) [26] : 0x20 (32) [27] : 0x00 (0) [28] : 0x50 (80) [29] : 0x00 (0) [30] : 0x6f (111) [31] : 0x00 (0) [32] : 0x72 (114) [33] : 0x00 (0) [34] : 0x74 (116) [35] : 0x00 (0) [36] : 0x00 (0) [37] : 0x00 (0) size : * size : 0x00000026 (38) length : * length : 0x00000026 (38) result : WERR_OK [2013/11/07 14:24:56.196419, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000151-0000-0000-7b52-a8947f2c0000 enum_index : 0x00000005 (5) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:56.197291, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 51 01 00 00 00 00 00 00 7B 52 A8 94 ....Q... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:56.197441, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:56.197527, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x000a (10) size : 0x0024 (36) name : * name : 'Name' type : * type : REG_SZ (1) value : * value: ARRAY(20) [0] : 0x73 (115) [1] : 0x00 (0) [2] : 0x70 (112) [3] : 0x00 (0) [4] : 0x72 (114) [5] : 0x00 (0) [6] : 0x69 (105) [7] : 0x00 (0) [8] : 0x6e (110) [9] : 0x00 (0) [10] : 0x74 (116) [11] : 0x00 (0) [12] : 0x65 (101) [13] : 0x00 (0) [14] : 0x72 (114) [15] : 0x00 (0) [16] : 0x31 (49) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) size : * size : 0x00000014 (20) length : * length : 0x00000014 (20) result : WERR_OK [2013/11/07 14:24:56.198997, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000151-0000-0000-7b52-a8947f2c0000 enum_index : 0x00000006 (6) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:56.199892, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 51 01 00 00 00 00 00 00 7B 52 A8 94 ....Q... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:56.200041, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:56.200140, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0020 (32) size : 0x0024 (36) name : * name : 'Print Processor' type : * type : REG_SZ (1) value : * value: ARRAY(18) [0] : 0x77 (119) [1] : 0x00 (0) [2] : 0x69 (105) [3] : 0x00 (0) [4] : 0x6e (110) [5] : 0x00 (0) [6] : 0x70 (112) [7] : 0x00 (0) [8] : 0x72 (114) [9] : 0x00 (0) [10] : 0x69 (105) [11] : 0x00 (0) [12] : 0x6e (110) [13] : 0x00 (0) [14] : 0x74 (116) [15] : 0x00 (0) [16] : 0x00 (0) [17] : 0x00 (0) size : * size : 0x00000012 (18) length : * length : 0x00000012 (18) result : WERR_OK [2013/11/07 14:24:56.201582, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000151-0000-0000-7b52-a8947f2c0000 enum_index : 0x00000007 (7) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:56.202444, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 51 01 00 00 00 00 00 00 7B 52 A8 94 ....Q... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:56.202592, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:56.202679, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Priority' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:56.203539, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000151-0000-0000-7b52-a8947f2c0000 enum_index : 0x00000008 (8) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:56.204410, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 51 01 00 00 00 00 00 00 7B 52 A8 94 ....Q... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:56.204561, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:56.204647, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Security' type : * type : REG_BINARY (3) value : * value: ARRAY(248) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0xc4 (196) [55] : 0x00 (0) [56] : 0x07 (7) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x24 (36) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x05 (5) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x15 (21) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0xcd (205) [101] : 0x0e (14) [102] : 0x37 (55) [103] : 0x41 (65) [104] : 0xea (234) [105] : 0x03 (3) [106] : 0x00 (0) [107] : 0x1d (29) [108] : 0x0e (14) [109] : 0x89 (137) [110] : 0x3c (60) [111] : 0xd2 (210) [112] : 0x00 (0) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x02 (2) [118] : 0x24 (36) [119] : 0x00 (0) [120] : 0x0c (12) [121] : 0x00 (0) [122] : 0x0f (15) [123] : 0x10 (16) [124] : 0x01 (1) [125] : 0x05 (5) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x05 (5) [132] : 0x15 (21) [133] : 0x00 (0) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0xcd (205) [137] : 0x0e (14) [138] : 0x37 (55) [139] : 0x41 (65) [140] : 0xea (234) [141] : 0x03 (3) [142] : 0x00 (0) [143] : 0x1d (29) [144] : 0x0e (14) [145] : 0x89 (137) [146] : 0x3c (60) [147] : 0xd2 (210) [148] : 0x00 (0) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x09 (9) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x20 (32) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x02 (2) [178] : 0x18 (24) [179] : 0x00 (0) [180] : 0x0c (12) [181] : 0x00 (0) [182] : 0x0f (15) [183] : 0x10 (16) [184] : 0x01 (1) [185] : 0x02 (2) [186] : 0x00 (0) [187] : 0x00 (0) [188] : 0x00 (0) [189] : 0x00 (0) [190] : 0x00 (0) [191] : 0x05 (5) [192] : 0x20 (32) [193] : 0x00 (0) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x20 (32) [197] : 0x02 (2) [198] : 0x00 (0) [199] : 0x00 (0) [200] : 0x00 (0) [201] : 0x09 (9) [202] : 0x18 (24) [203] : 0x00 (0) [204] : 0x0c (12) [205] : 0x00 (0) [206] : 0x0f (15) [207] : 0x10 (16) [208] : 0x01 (1) [209] : 0x02 (2) [210] : 0x00 (0) [211] : 0x00 (0) [212] : 0x00 (0) [213] : 0x00 (0) [214] : 0x00 (0) [215] : 0x05 (5) [216] : 0x20 (32) [217] : 0x00 (0) [218] : 0x00 (0) [219] : 0x00 (0) [220] : 0x26 (38) [221] : 0x02 (2) [222] : 0x00 (0) [223] : 0x00 (0) [224] : 0x00 (0) [225] : 0x02 (2) [226] : 0x18 (24) [227] : 0x00 (0) [228] : 0x0c (12) [229] : 0x00 (0) [230] : 0x0f (15) [231] : 0x10 (16) [232] : 0x01 (1) [233] : 0x02 (2) [234] : 0x00 (0) [235] : 0x00 (0) [236] : 0x00 (0) [237] : 0x00 (0) [238] : 0x00 (0) [239] : 0x05 (5) [240] : 0x20 (32) [241] : 0x00 (0) [242] : 0x00 (0) [243] : 0x00 (0) [244] : 0x26 (38) [245] : 0x02 (2) [246] : 0x00 (0) [247] : 0x00 (0) size : * size : 0x000000f8 (248) length : * length : 0x000000f8 (248) result : WERR_OK [2013/11/07 14:24:56.215264, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000151-0000-0000-7b52-a8947f2c0000 enum_index : 0x00000009 (9) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:56.216145, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 51 01 00 00 00 00 00 00 7B 52 A8 94 ....Q... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:56.216294, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:56.216382, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0016 (22) size : 0x0024 (36) name : * name : 'Share Name' type : * type : REG_SZ (1) value : * value: ARRAY(20) [0] : 0x73 (115) [1] : 0x00 (0) [2] : 0x70 (112) [3] : 0x00 (0) [4] : 0x72 (114) [5] : 0x00 (0) [6] : 0x69 (105) [7] : 0x00 (0) [8] : 0x6e (110) [9] : 0x00 (0) [10] : 0x74 (116) [11] : 0x00 (0) [12] : 0x65 (101) [13] : 0x00 (0) [14] : 0x72 (114) [15] : 0x00 (0) [16] : 0x31 (49) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) size : * size : 0x00000014 (20) length : * length : 0x00000014 (20) result : WERR_OK [2013/11/07 14:24:56.217916, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000151-0000-0000-7b52-a8947f2c0000 enum_index : 0x0000000a (10) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:56.218823, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 51 01 00 00 00 00 00 00 7B 52 A8 94 ....Q... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:56.218971, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:56.219058, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0014 (20) size : 0x0024 (36) name : * name : 'StartTime' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:56.219991, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000151-0000-0000-7b52-a8947f2c0000 enum_index : 0x0000000b (11) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:56.220869, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 51 01 00 00 00 00 00 00 7B 52 A8 94 ....Q... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:56.221017, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:56.221104, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0014 (20) size : 0x0024 (36) name : * name : 'UntilTime' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:56.222002, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000151-0000-0000-7b52-a8947f2c0000 enum_index : 0x0000000c (12) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:56.222843, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 51 01 00 00 00 00 00 00 7B 52 A8 94 ....Q... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:56.222991, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:56.223078, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'ChangeID' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x33 (51) [1] : 0xac (172) [2] : 0x0e (14) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:56.223983, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000151-0000-0000-7b52-a8947f2c0000 value_name : * value_name: struct winreg_String name_len : 0x0020 (32) name_size : 0x0020 (32) name : * name : 'Default DevMode' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2013/11/07 14:24:56.224797, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 51 01 00 00 00 00 00 00 7B 52 A8 94 ....Q... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:56.224946, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:56.225028, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2013/11/07 14:24:56.225116, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:316(_winreg_QueryValue) _winreg_QueryValue: reg_queryvalue failed with: WERR_BADFILE [2013/11/07 14:24:56.225197, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) result : WERR_BADFILE [2013/11/07 14:24:56.225672, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:24:56.226177, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2013/11/07 14:24:56.226260, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (2->3) [2013/11/07 14:24:56.226346, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2013/11/07 14:24:56.226425, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2013/11/07 14:24:56.226660, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:56.226746, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM] [2013/11/07 14:24:56.226870, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2013/11/07 14:24:56.226975, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:24:56.227064, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[3] [0000] 00 00 00 00 52 01 00 00 00 00 00 00 7B 52 A8 94 ....R... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:56.227217, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000152-0000-0000-7b52-a8947f2c0000 result : WERR_OK [2013/11/07 14:24:56.227567, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000152-0000-0000-7b52-a8947f2c0000 keyname: struct winreg_String name_len : 0x008c (140) name_size : 0x008c (140) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:24:56.228601, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 52 01 00 00 00 00 00 00 7B 52 A8 94 ....R... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:56.228756, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2013/11/07 14:24:56.228838, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (3->4) [2013/11/07 14:24:56.228922, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2013/11/07 14:24:56.229019, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2013/11/07 14:24:56.229102, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:56.229181, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE] [2013/11/07 14:24:56.229324, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2013/11/07 14:24:56.229427, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2013/11/07 14:24:56.229508, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (4->5) [2013/11/07 14:24:56.229593, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:56.229672, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:56.229756, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:56.229835, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:56.229939, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:56.230039, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2013/11/07 14:24:56.230122, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (5->6) [2013/11/07 14:24:56.230207, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:56.230286, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:56.230370, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:56.230448, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:56.230551, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:56.230651, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2013/11/07 14:24:56.230733, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (6->7) [2013/11/07 14:24:56.230832, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:56.230913, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:56.230999, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:56.231078, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:56.231201, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2013/11/07 14:24:56.231283, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (7->8) [2013/11/07 14:24:56.231369, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:56.231449, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:56.231537, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:56.231616, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:56.231723, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2013/11/07 14:24:56.231805, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (8->9) [2013/11/07 14:24:56.231890, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:56.231972, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:56.232062, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:56.232141, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:56.232246, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:56.232348, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [sprinter1] [2013/11/07 14:24:56.232461, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (9->10) [2013/11/07 14:24:56.232561, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:56.232642, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:56.232730, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:56.232809, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:56.232923, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:56.233025, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:24:56.233111, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (10->9) [2013/11/07 14:24:56.233194, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (9->8) [2013/11/07 14:24:56.233291, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (8->7) [2013/11/07 14:24:56.233375, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (7->6) [2013/11/07 14:24:56.233458, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (6->5) [2013/11/07 14:24:56.233541, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (5->4) [2013/11/07 14:24:56.233625, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[4] [0000] 00 00 00 00 53 01 00 00 00 00 00 00 7B 52 A8 94 ....S... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:56.233776, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000153-0000-0000-7b52-a8947f2c0000 result : WERR_OK [2013/11/07 14:24:56.234130, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000153-0000-0000-7b52-a8947f2c0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2013/11/07 14:24:56.234916, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 53 01 00 00 00 00 00 00 7B 52 A8 94 ....S... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:56.235067, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:56.235149, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2013/11/07 14:24:56.235231, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' (ops 0xb6d86bc0) [2013/11/07 14:24:56.235314, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:56.235421, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[0]: name[Attributes] len[4] [2013/11/07 14:24:56.235505, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[1]: name[Description] len[2] [2013/11/07 14:24:56.235589, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[2]: name[Datatype] len[8] [2013/11/07 14:24:56.235673, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[3]: name[Default Priority] len[4] [2013/11/07 14:24:56.235757, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[4]: name[Port] len[38] [2013/11/07 14:24:56.235841, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[5]: name[Name] len[20] [2013/11/07 14:24:56.235925, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[6]: name[Print Processor] len[18] [2013/11/07 14:24:56.236010, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[7]: name[Priority] len[4] [2013/11/07 14:24:56.236095, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[8]: name[Security] len[248] [2013/11/07 14:24:56.236181, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[9]: name[Share Name] len[20] [2013/11/07 14:24:56.236278, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[10]: name[StartTime] len[4] [2013/11/07 14:24:56.236364, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[11]: name[UntilTime] len[4] [2013/11/07 14:24:56.236478, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[12]: name[ChangeID] len[4] [2013/11/07 14:24:56.236565, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : NULL data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x00000000 (0) result : WERR_OK [2013/11/07 14:24:56.237019, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000153-0000-0000-7b52-a8947f2c0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_BINARY (3) data : * data: ARRAY(0) data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x00000000 (0) [2013/11/07 14:24:56.237845, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 53 01 00 00 00 00 00 00 7B 52 A8 94 ....S... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:56.237996, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:56.238077, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2013/11/07 14:24:56.238165, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : * data: ARRAY(248) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0xc4 (196) [55] : 0x00 (0) [56] : 0x07 (7) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x24 (36) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x05 (5) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x15 (21) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0xcd (205) [101] : 0x0e (14) [102] : 0x37 (55) [103] : 0x41 (65) [104] : 0xea (234) [105] : 0x03 (3) [106] : 0x00 (0) [107] : 0x1d (29) [108] : 0x0e (14) [109] : 0x89 (137) [110] : 0x3c (60) [111] : 0xd2 (210) [112] : 0x00 (0) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x02 (2) [118] : 0x24 (36) [119] : 0x00 (0) [120] : 0x0c (12) [121] : 0x00 (0) [122] : 0x0f (15) [123] : 0x10 (16) [124] : 0x01 (1) [125] : 0x05 (5) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x05 (5) [132] : 0x15 (21) [133] : 0x00 (0) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0xcd (205) [137] : 0x0e (14) [138] : 0x37 (55) [139] : 0x41 (65) [140] : 0xea (234) [141] : 0x03 (3) [142] : 0x00 (0) [143] : 0x1d (29) [144] : 0x0e (14) [145] : 0x89 (137) [146] : 0x3c (60) [147] : 0xd2 (210) [148] : 0x00 (0) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x09 (9) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x20 (32) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x02 (2) [178] : 0x18 (24) [179] : 0x00 (0) [180] : 0x0c (12) [181] : 0x00 (0) [182] : 0x0f (15) [183] : 0x10 (16) [184] : 0x01 (1) [185] : 0x02 (2) [186] : 0x00 (0) [187] : 0x00 (0) [188] : 0x00 (0) [189] : 0x00 (0) [190] : 0x00 (0) [191] : 0x05 (5) [192] : 0x20 (32) [193] : 0x00 (0) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x20 (32) [197] : 0x02 (2) [198] : 0x00 (0) [199] : 0x00 (0) [200] : 0x00 (0) [201] : 0x09 (9) [202] : 0x18 (24) [203] : 0x00 (0) [204] : 0x0c (12) [205] : 0x00 (0) [206] : 0x0f (15) [207] : 0x10 (16) [208] : 0x01 (1) [209] : 0x02 (2) [210] : 0x00 (0) [211] : 0x00 (0) [212] : 0x00 (0) [213] : 0x00 (0) [214] : 0x00 (0) [215] : 0x05 (5) [216] : 0x20 (32) [217] : 0x00 (0) [218] : 0x00 (0) [219] : 0x00 (0) [220] : 0x26 (38) [221] : 0x02 (2) [222] : 0x00 (0) [223] : 0x00 (0) [224] : 0x00 (0) [225] : 0x02 (2) [226] : 0x18 (24) [227] : 0x00 (0) [228] : 0x0c (12) [229] : 0x00 (0) [230] : 0x0f (15) [231] : 0x10 (16) [232] : 0x01 (1) [233] : 0x02 (2) [234] : 0x00 (0) [235] : 0x00 (0) [236] : 0x00 (0) [237] : 0x00 (0) [238] : 0x00 (0) [239] : 0x05 (5) [240] : 0x20 (32) [241] : 0x00 (0) [242] : 0x00 (0) [243] : 0x00 (0) [244] : 0x26 (38) [245] : 0x02 (2) [246] : 0x00 (0) [247] : 0x00 (0) data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x000000f8 (248) result : WERR_OK [2013/11/07 14:24:56.248541, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000153-0000-0000-7b52-a8947f2c0000 [2013/11/07 14:24:56.248825, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 53 01 00 00 00 00 00 00 7B 52 A8 94 ....S... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:56.248975, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 53 01 00 00 00 00 00 00 7B 52 A8 94 ....S... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:56.249121, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:24:56.249208, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (4->3) [2013/11/07 14:24:56.249304, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:24:56.249639, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000152-0000-0000-7b52-a8947f2c0000 [2013/11/07 14:24:56.249933, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 52 01 00 00 00 00 00 00 7B 52 A8 94 ....R... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:56.250085, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 52 01 00 00 00 00 00 00 7B 52 A8 94 ....R... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:56.250236, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:24:56.250317, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (3->2) [2013/11/07 14:24:56.250399, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:24:56.250736, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000151-0000-0000-7b52-a8947f2c0000 [2013/11/07 14:24:56.251014, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 51 01 00 00 00 00 00 00 7B 52 A8 94 ....Q... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:56.251165, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 51 01 00 00 00 00 00 00 7B 52 A8 94 ....Q... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:56.251314, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:24:56.251404, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (2->1) [2013/11/07 14:24:56.251487, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:24:56.251820, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000150-0000-0000-7b52-a8947f2c0000 [2013/11/07 14:24:56.252113, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 50 01 00 00 00 00 00 00 7B 52 A8 94 ....P... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:56.252267, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 50 01 00 00 00 00 00 00 7B 52 A8 94 ....P... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:56.252448, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:24:56.252531, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (1->0) [2013/11/07 14:24:56.252637, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:24:56.252978, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:416(close_policy_by_pipe) Deleted handle list for RPC connection \winreg [2013/11/07 14:24:56.253199, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) spoolss_GetPrinter: struct spoolss_GetPrinter out: struct spoolss_GetPrinter info : * info : union spoolss_PrinterInfo(case 2) info2: struct spoolss_PrinterInfo2 servername : * servername : '\\SLAVER' printername : * printername : '\\SLAVER\sprinter1' sharename : * sharename : 'sprinter1' portname : * portname : 'Samba Printer Port' drivername : * drivername : '' comment : * comment : '' location : * location : '' devmode : * devmode: struct spoolss_DeviceMode devicename : '\\SLAVER\sprinter1' specversion : DMSPEC_NT4_AND_ABOVE (1025) driverversion : 0x0400 (1024) size : 0x00dc (220) __driverextra_length : 0x0000 (0) fields : 0x00014713 (83731) 1: DEVMODE_ORIENTATION 1: DEVMODE_PAPERSIZE 0: DEVMODE_PAPERLENGTH 0: DEVMODE_PAPERWIDTH 1: DEVMODE_SCALE 0: DEVMODE_POSITION 0: DEVMODE_NUP 1: DEVMODE_COPIES 1: DEVMODE_DEFAULTSOURCE 1: DEVMODE_PRINTQUALITY 0: DEVMODE_COLOR 0: DEVMODE_DUPLEX 0: DEVMODE_YRESOLUTION 1: DEVMODE_TTOPTION 0: DEVMODE_COLLATE 1: DEVMODE_FORMNAME 0: DEVMODE_LOGPIXELS 0: DEVMODE_BITSPERPEL 0: DEVMODE_PELSWIDTH 0: DEVMODE_PELSHEIGHT 0: DEVMODE_DISPLAYFLAGS 0: DEVMODE_DISPLAYFREQUENCY 0: DEVMODE_ICMMETHOD 0: DEVMODE_ICMINTENT 0: DEVMODE_MEDIATYPE 0: DEVMODE_DITHERTYPE 0: DEVMODE_PANNINGWIDTH 0: DEVMODE_PANNINGHEIGHT orientation : DMORIENT_PORTRAIT (1) papersize : DMPAPER_LETTER (1) paperlength : 0x0000 (0) paperwidth : 0x0000 (0) scale : 0x0064 (100) copies : 0x0001 (1) defaultsource : DMBIN_FORMSOURCE (15) printquality : DMRES_HIGH (65532) color : DMRES_MONOCHROME (1) duplex : DMDUP_SIMPLEX (1) yresolution : 0x0000 (0) ttoption : DMTT_SUBDEV (3) collate : DMCOLLATE_FALSE (0) formname : 'Letter' logpixels : 0x0000 (0) bitsperpel : 0x00000000 (0) pelswidth : 0x00000000 (0) pelsheight : 0x00000000 (0) displayflags : UNKNOWN_ENUM_VALUE (0) displayfrequency : 0x00000000 (0) icmmethod : UNKNOWN_ENUM_VALUE (0) icmintent : UNKNOWN_ENUM_VALUE (0) mediatype : UNKNOWN_ENUM_VALUE (0) dithertype : UNKNOWN_ENUM_VALUE (0) reserved1 : 0x00000000 (0) reserved2 : 0x00000000 (0) panningwidth : 0x00000000 (0) panningheight : 0x00000000 (0) driverextra_data : DATA_BLOB length=0 sepfile : * sepfile : '' printprocessor : * printprocessor : 'winprint' datatype : * datatype : 'RAW' parameters : * parameters : '' secdesc : * secdesc: struct security_descriptor revision : SECURITY_DESCRIPTOR_REVISION_1 (1) type : 0x8004 (32772) 0: SEC_DESC_OWNER_DEFAULTED 0: SEC_DESC_GROUP_DEFAULTED 1: SEC_DESC_DACL_PRESENT 0: SEC_DESC_DACL_DEFAULTED 0: SEC_DESC_SACL_PRESENT 0: SEC_DESC_SACL_DEFAULTED 0: SEC_DESC_DACL_TRUSTED 0: SEC_DESC_SERVER_SECURITY 0: SEC_DESC_DACL_AUTO_INHERIT_REQ 0: SEC_DESC_SACL_AUTO_INHERIT_REQ 0: SEC_DESC_DACL_AUTO_INHERITED 0: SEC_DESC_SACL_AUTO_INHERITED 0: SEC_DESC_DACL_PROTECTED 0: SEC_DESC_SACL_PROTECTED 0: SEC_DESC_RM_CONTROL_VALID 1: SEC_DESC_SELF_RELATIVE owner_sid : * owner_sid : S-1-5-32-544 group_sid : * group_sid : S-1-5-32-544 sacl : NULL dacl : * dacl: struct security_acl revision : SECURITY_ACL_REVISION_NT4 (2) size : 0x00c4 (196) num_aces : 0x00000007 (7) aces: ARRAY(7) aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0014 (20) access_mask : 0x20020008 (537001992) object : union security_ace_object_ctr(case 0) trustee : S-1-1-0 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x09 (9) 1: SEC_ACE_FLAG_OBJECT_INHERIT 0: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 1: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0024 (36) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-21-1094127309-486540266-3527182606-512 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0024 (36) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-21-1094127309-486540266-3527182606-512 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x09 (9) 1: SEC_ACE_FLAG_OBJECT_INHERIT 0: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 1: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-544 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-544 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x09 (9) 1: SEC_ACE_FLAG_OBJECT_INHERIT 0: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 1: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-550 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-550 attributes : 0x00001048 (4168) 0: PRINTER_ATTRIBUTE_QUEUED 0: PRINTER_ATTRIBUTE_DIRECT 0: PRINTER_ATTRIBUTE_DEFAULT 1: PRINTER_ATTRIBUTE_SHARED 0: PRINTER_ATTRIBUTE_NETWORK 0: PRINTER_ATTRIBUTE_HIDDEN 1: PRINTER_ATTRIBUTE_LOCAL 0: PRINTER_ATTRIBUTE_ENABLE_DEVQ 0: PRINTER_ATTRIBUTE_KEEPPRINTEDJOBS 0: PRINTER_ATTRIBUTE_DO_COMPLETE_FIRST 0: PRINTER_ATTRIBUTE_WORK_OFFLINE 0: PRINTER_ATTRIBUTE_ENABLE_BIDI 1: PRINTER_ATTRIBUTE_RAW_ONLY 0: PRINTER_ATTRIBUTE_PUBLISHED 0: PRINTER_ATTRIBUTE_FAX 0: PRINTER_ATTRIBUTE_TS priority : 0x00000001 (1) defaultpriority : 0x00000001 (1) starttime : 0x00000000 (0) untiltime : 0x00000000 (0) status : 0x00000000 (0) 0: PRINTER_STATUS_PAUSED 0: PRINTER_STATUS_ERROR 0: PRINTER_STATUS_PENDING_DELETION 0: PRINTER_STATUS_PAPER_JAM 0: PRINTER_STATUS_PAPER_OUT 0: PRINTER_STATUS_MANUAL_FEED 0: PRINTER_STATUS_PAPER_PROBLEM 0: PRINTER_STATUS_OFFLINE 0: PRINTER_STATUS_IO_ACTIVE 0: PRINTER_STATUS_BUSY 0: PRINTER_STATUS_PRINTING 0: PRINTER_STATUS_OUTPUT_BIN_FULL 0: PRINTER_STATUS_NOT_AVAILABLE 0: PRINTER_STATUS_WAITING 0: PRINTER_STATUS_PROCESSING 0: PRINTER_STATUS_INITIALIZING 0: PRINTER_STATUS_WARMING_UP 0: PRINTER_STATUS_TONER_LOW 0: PRINTER_STATUS_NO_TONER 0: PRINTER_STATUS_PAGE_PUNT 0: PRINTER_STATUS_USER_INTERVENTION 0: PRINTER_STATUS_OUT_OF_MEMORY 0: PRINTER_STATUS_DOOR_OPEN 0: PRINTER_STATUS_SERVER_UNKNOWN 0: PRINTER_STATUS_POWER_SAVE cjobs : 0x00000000 (0) averageppm : 0x00000000 (0) needed : * needed : 0x000002f0 (752) result : WERR_OK [2013/11/07 14:24:56.264628, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1417(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2013/11/07 14:24:56.264754, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (2016, 5001) - sec_ctx_stack_ndx = 0 [2013/11/07 14:24:56.264843, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 4140 smbd_smb2_request_pending_queue: req->current_idx = 1 req->in.vector[0].iov_len = 0 req->in.vector[1].iov_len = 0 req->in.vector[2].iov_len = 64 req->in.vector[3].iov_len = 56 req->in.vector[4].iov_len = 4156 req->out.vector[0].iov_len = 4 req->out.vector[1].iov_len = 0 req->out.vector[2].iov_len = 64 req->out.vector[3].iov_len = 8 req->out.vector[4].iov_len = 0 [2013/11/07 14:24:56.265375, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:128(smbd_smb2_ioctl_pipe_write_done) smbd_smb2_ioctl_pipe_write_done: received 4156 [2013/11/07 14:24:56.265460, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:149(smbd_smb2_ioctl_pipe_write_done) smbd_smb2_ioctl_pipe_write_done: issuing np_read_send of size 4136 [2013/11/07 14:24:56.265545, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) name: \spoolss len: 4136 [2013/11/07 14:24:56.265629, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:347(read_from_internal_pipe) read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 4112. [2013/11/07 14:24:56.265727, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x1028 (4136) auth_length : 0x0000 (0) call_id : 0x00000012 (18) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00001010 (4112) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=4112 [0000] 04 00 02 00 00 10 00 00 EE 0F 00 00 C8 0F 00 00 ........ ........ [0010] B4 0F 00 00 8E 0F 00 00 8C 0F 00 00 8A 0F 00 00 ........ ........ [0020] 88 0F 00 00 8C 0E 00 00 86 0F 00 00 74 0F 00 00 ........ ....t... [0030] 6C 0F 00 00 6A 0F 00 00 94 0D 00 00 48 10 00 00 l...j... ....H... [0040] 01 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 01 00 04 80 ........ ........ [0DA0] D8 00 00 00 E8 00 00 00 00 00 00 00 14 00 00 00 ........ ........ [0DB0] 02 00 C4 00 07 00 00 00 00 02 14 00 08 00 02 20 ........ ....... [0DC0] 01 01 00 00 00 00 00 01 00 00 00 00 00 09 24 00 ........ ......$. [0DD0] 0C 00 0F 10 01 05 00 00 00 00 00 05 15 00 00 00 ........ ........ [0DE0] CD 0E 37 41 EA 03 00 1D 0E 89 3C D2 00 02 00 00 ..7A.... ..<..... [0DF0] 00 02 24 00 0C 00 0F 10 01 05 00 00 00 00 00 05 ..$..... ........ [0E00] 15 00 00 00 CD 0E 37 41 EA 03 00 1D 0E 89 3C D2 ......7A ......<. [0E10] 00 02 00 00 00 09 18 00 0C 00 0F 10 01 02 00 00 ........ ........ [0E20] 00 00 00 05 20 00 00 00 20 02 00 00 00 02 18 00 .... ... ....... [0E30] 0C 00 0F 10 01 02 00 00 00 00 00 05 20 00 00 00 ........ .... ... [0E40] 20 02 00 00 00 09 18 00 0C 00 0F 10 01 02 00 00 ....... ........ [0E50] 00 00 00 05 20 00 00 00 26 02 00 00 00 02 18 00 .... ... &....... [0E60] 0C 00 0F 10 01 02 00 00 00 00 00 05 20 00 00 00 ........ .... ... [0E70] 26 02 00 00 01 02 00 00 00 00 00 05 20 00 00 00 &....... .... ... [0E80] 20 02 00 00 01 02 00 00 00 00 00 05 20 00 00 00 ....... .... ... [0E90] 20 02 00 00 5C 00 5C 00 53 00 4C 00 41 00 56 00 ...\.\. S.L.A.V. [0EA0] 45 00 52 00 5C 00 73 00 70 00 72 00 69 00 6E 00 E.R.\.s. p.r.i.n. [0EB0] 74 00 65 00 72 00 31 00 00 00 00 00 00 00 00 00 t.e.r.1. ........ [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0ED0] 00 00 00 00 01 04 00 04 DC 00 00 00 13 47 01 00 ........ .....G.. [0EE0] 01 00 01 00 00 00 00 00 64 00 01 00 0F 00 FC FF ........ d....... [0EF0] 01 00 01 00 00 00 03 00 00 00 4C 00 65 00 74 00 ........ ..L.e.t. [0F00] 74 00 65 00 72 00 00 00 00 00 00 00 00 00 00 00 t.e.r... ........ [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F70] 00 00 00 00 52 00 41 00 57 00 00 00 77 00 69 00 ....R.A. W...w.i. [0F80] 6E 00 70 00 72 00 69 00 6E 00 74 00 00 00 00 00 n.p.r.i. n.t..... [0F90] 00 00 00 00 00 00 53 00 61 00 6D 00 62 00 61 00 ......S. a.m.b.a. [0FA0] 20 00 50 00 72 00 69 00 6E 00 74 00 65 00 72 00 .P.r.i. n.t.e.r. [0FB0] 20 00 50 00 6F 00 72 00 74 00 00 00 73 00 70 00 .P.o.r. t...s.p. [0FC0] 72 00 69 00 6E 00 74 00 65 00 72 00 31 00 00 00 r.i.n.t. e.r.1... [0FD0] 5C 00 5C 00 53 00 4C 00 41 00 56 00 45 00 52 00 \.\.S.L. A.V.E.R. [0FE0] 5C 00 73 00 70 00 72 00 69 00 6E 00 74 00 65 00 \.s.p.r. i.n.t.e. [0FF0] 72 00 31 00 00 00 5C 00 5C 00 53 00 4C 00 41 00 r.1...\. \.S.L.A. [1000] 56 00 45 00 52 00 00 00 F0 02 00 00 00 00 00 00 V.E.R... ........ [2013/11/07 14:24:56.284055, 3, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) free_pipe_context: destroying talloc pool of size 1258 [2013/11/07 14:24:56.284174, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 4136 bytes. There is no more data outstanding [2013/11/07 14:24:56.284256, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:178(smbd_smb2_ioctl_pipe_read_done) smbd_smb2_ioctl_pipe_read_done: np_read_recv nread = 4136 is_data_outstanding = 0, status = NT_STATUS_OK [2013/11/07 14:24:56.284346, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl.c:291(smbd_smb2_request_ioctl_done) smbd_smb2_request_ioctl_done: smbd_smb2_ioctl_recv returned 4136 status NT_STATUS_OK [2013/11/07 14:24:56.284456, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[48] dyn[yes:4136] at ../source3/smbd/smb2_ioctl.c:358 [2013/11/07 14:24:56.284544, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/186/127 [2013/11/07 14:24:56.284814, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) smbd_smb2_request_incoming: idx[1] of 5 vectors [2013/11/07 14:24:56.284904, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) smb2_validate_sequence_number: clearing id 186 (position 186) from bitmap [2013/11/07 14:24:56.284989, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) smbd_smb2_request_dispatch: opcode[SMB2_OP_CLOSE] mid = 186 [2013/11/07 14:24:56.285094, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2013/11/07 14:24:56.285188, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_close.c:185(smbd_smb2_close) smbd_smb2_close: spoolss - fnum 1101484138 [2013/11/07 14:24:56.285294, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap.c:187(dbwrap_check_lock_order) check lock order 1 for /var/run/samba/smbXsrv_open_global.tdb [2013/11/07 14:24:56.285377, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) lock order: 1:/var/run/samba/smbXsrv_open_global.tdb 2: 3: [2013/11/07 14:24:56.285463, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) Locking key 69F4C610 [2013/11/07 14:24:56.285557, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap_tdb.c:143(db_tdb_fetch_locked_internal) Allocated locked data 0x0xb854cba8 [2013/11/07 14:24:56.285651, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) Unlocking key 69F4C610 [2013/11/07 14:24:56.285760, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor) release lock order 1 for /var/run/samba/smbXsrv_open_global.tdb [2013/11/07 14:24:56.285840, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) lock order: 1: 2: 3: [2013/11/07 14:24:56.286004, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/files.c:525(file_free) freed files structure 1101484138 (1 used) [2013/11/07 14:24:56.286112, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[60] dyn[no:0] at ../source3/smbd/smb2_close.c:139 [2013/11/07 14:24:56.286197, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/187/127 [2013/11/07 14:24:56.289234, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) smbd_smb2_request_incoming: idx[1] of 5 vectors [2013/11/07 14:24:56.289406, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) smb2_validate_sequence_number: clearing id 187 (position 187) from bitmap [2013/11/07 14:24:56.289510, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) smbd_smb2_request_dispatch: opcode[SMB2_OP_IOCTL] mid = 187 [2013/11/07 14:24:56.289610, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2013/11/07 14:24:56.289699, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) mid 187, CreditCharge: 1, NeededCharge: 1 [2013/11/07 14:24:56.289789, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl.c:394(smbd_smb2_ioctl_send) smbd_smb2_ioctl: ctl_code[0x0011c017] spoolss, fnum 3571729150 [2013/11/07 14:24:56.289886, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:59(smb2_ioctl_named_pipe) smbd_smb2_ioctl_send: np_write_send of size 4156 [2013/11/07 14:24:56.289975, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 4156 [2013/11/07 14:24:56.290071, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 4156 [2013/11/07 14:24:56.290152, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 4156 [2013/11/07 14:24:56.290240, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) fill_rpc_header: data_to_copy = 4156, len_needed_to_complete_hdr = 16, receive_len = 0 [2013/11/07 14:24:56.290323, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 16 [2013/11/07 14:24:56.290401, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 4140 [2013/11/07 14:24:56.290480, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 4140 [2013/11/07 14:24:56.290586, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 0 [2013/11/07 14:24:56.290667, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 4140 [2013/11/07 14:24:56.290746, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 4140, incoming data = 4140 [2013/11/07 14:24:56.290832, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) PDU is in Little Endian format! [2013/11/07 14:24:56.290926, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x103c (4156) auth_length : 0x0000 (0) call_id : 0x00000013 (19) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x00001024 (4132) context_id : 0x0000 (0) opnum : 0x0008 (8) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=4132 [0000] 00 00 00 00 0F 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 02 00 00 00 00 00 02 00 00 10 00 00 .,...... ........ [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1020] 00 10 00 00 .... [2013/11/07 14:24:56.308952, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) Processing packet type 0 [2013/11/07 14:24:56.309034, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1472(dcesrv_auth_request) Checking request auth. [2013/11/07 14:24:56.309125, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(2016, 5001) : sec_ctx_stack_ndx = 1 [2013/11/07 14:24:56.309215, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (2016, 5001) - sec_ctx_stack_ndx = 1 [2013/11/07 14:24:56.309311, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (7): SID[ 0]: S-1-5-21-1094127309-486540266-3527182606-1118 SID[ 1]: S-1-5-21-1094127309-486540266-3527182606-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-32-545 SID[ 6]: S-1-5-32-554 Privileges (0x 800000): Privilege[ 0]: SeChangeNotifyPrivilege Rights (0x 400): Right[ 0]: SeRemoteInteractiveLogonRight [2013/11/07 14:24:56.309796, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 2016 Primary group is 5001 and contains 6 supplementary groups Group[ 0]: 5001 Group[ 1]: 5012 Group[ 2]: 5032 Group[ 3]: 5010 Group[ 4]: 5067 Group[ 5]: 5052 [2013/11/07 14:24:56.310140, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1324(api_pipe_request) Requested \spoolss rpc service [2013/11/07 14:24:56.310227, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1356(api_rpcTNP) api_rpcTNP: \spoolss op 0x8 - api_rpcTNP: rpc command: SPOOLSS_GETPRINTER [2013/11/07 14:24:56.310326, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1390(api_rpcTNP) api_rpc_cmds[8].fn == 0xb766e000 [2013/11/07 14:24:56.310415, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) spoolss_GetPrinter: struct spoolss_GetPrinter in: struct spoolss_GetPrinter handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000010f-0000-0000-7b52-a4947f2c0000 level : 0x00000002 (2) buffer : * buffer : DATA_BLOB length=4096 [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ offered : 0x00001000 (4096) [2013/11/07 14:24:56.327615, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0F 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:56.327771, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0F 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:56.327918, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:489(get_printer_snum) short name:sprinter1 [2013/11/07 14:24:56.328099, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) Create pipe requested \winreg [2013/11/07 14:24:56.328192, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:221(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \winreg [2013/11/07 14:24:56.328275, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg [2013/11/07 14:24:56.328468, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) Created internal pipe \winreg [2013/11/07 14:24:56.328590, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:24:56.329096, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2013/11/07 14:24:56.329183, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(2016, 5001) : sec_ctx_stack_ndx = 2 [2013/11/07 14:24:56.329284, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:485(push_conn_ctx) push_conn_ctx(2620291195) : conn_ctx_stack_ndx = 0 [2013/11/07 14:24:56.329368, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/11/07 14:24:56.329448, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/11/07 14:24:56.329528, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/11/07 14:24:56.329795, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (2016, 5001) - sec_ctx_stack_ndx = 1 [2013/11/07 14:24:56.329881, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:866(regdb_open) regdb_open: registry db opened. refcount reset (1) [2013/11/07 14:24:56.329968, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2013/11/07 14:24:56.330048, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2013/11/07 14:24:56.330133, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:56.330212, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM] [2013/11/07 14:24:56.330341, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2013/11/07 14:24:56.330444, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:24:56.330533, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 54 01 00 00 00 00 00 00 7B 52 A8 94 ....T... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:56.330684, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000154-0000-0000-7b52-a8947f2c0000 result : WERR_OK [2013/11/07 14:24:56.331043, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000154-0000-0000-7b52-a8947f2c0000 keyname: struct winreg_String name_len : 0x008c (140) name_size : 0x008c (140) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:24:56.332043, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 54 01 00 00 00 00 00 00 7B 52 A8 94 ....T... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:56.332208, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2013/11/07 14:24:56.332291, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (1->2) [2013/11/07 14:24:56.332375, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2013/11/07 14:24:56.332497, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2013/11/07 14:24:56.332582, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:56.332661, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE] [2013/11/07 14:24:56.332773, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2013/11/07 14:24:56.332873, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2013/11/07 14:24:56.332955, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (2->3) [2013/11/07 14:24:56.333040, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:56.333119, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:56.333202, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:56.333293, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:56.333401, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:56.333501, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2013/11/07 14:24:56.333583, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (3->4) [2013/11/07 14:24:56.333667, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:56.333746, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:56.333830, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:56.333908, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:56.334024, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:56.334126, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2013/11/07 14:24:56.334208, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (4->5) [2013/11/07 14:24:56.334292, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:56.334371, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:56.334457, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:56.334536, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:56.334659, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2013/11/07 14:24:56.334742, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (5->6) [2013/11/07 14:24:56.334826, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:56.334907, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:56.334995, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:56.335074, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:56.335181, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2013/11/07 14:24:56.335263, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (6->7) [2013/11/07 14:24:56.335348, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:56.335429, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:56.335519, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:56.335598, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:56.335717, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:56.335821, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [sprinter1] [2013/11/07 14:24:56.335903, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (7->8) [2013/11/07 14:24:56.335989, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:56.336070, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:56.336158, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:56.336237, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:56.336363, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:56.336502, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:24:56.336587, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (8->7) [2013/11/07 14:24:56.336671, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (7->6) [2013/11/07 14:24:56.336755, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (6->5) [2013/11/07 14:24:56.336838, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (5->4) [2013/11/07 14:24:56.336921, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (4->3) [2013/11/07 14:24:56.337004, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (3->2) [2013/11/07 14:24:56.337089, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 55 01 00 00 00 00 00 00 7B 52 A8 94 ....U... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:56.337238, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000155-0000-0000-7b52-a8947f2c0000 result : WERR_OK [2013/11/07 14:24:56.337630, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey in: struct winreg_QueryInfoKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000155-0000-0000-7b52-a8947f2c0000 classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL [2013/11/07 14:24:56.338103, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 55 01 00 00 00 00 00 00 7B 52 A8 94 ....U... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:56.338259, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' (ops 0xb6d86bc0) [2013/11/07 14:24:56.338343, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:56.338467, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[0]: name[Attributes] len[4] [2013/11/07 14:24:56.338552, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[1]: name[Description] len[2] [2013/11/07 14:24:56.338636, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[2]: name[Datatype] len[8] [2013/11/07 14:24:56.338720, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[3]: name[Default Priority] len[4] [2013/11/07 14:24:56.338805, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[4]: name[Port] len[38] [2013/11/07 14:24:56.338889, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[5]: name[Name] len[20] [2013/11/07 14:24:56.338973, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[6]: name[Print Processor] len[18] [2013/11/07 14:24:56.339058, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[7]: name[Priority] len[4] [2013/11/07 14:24:56.339143, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[8]: name[Security] len[248] [2013/11/07 14:24:56.339228, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[9]: name[Share Name] len[20] [2013/11/07 14:24:56.339313, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[10]: name[StartTime] len[4] [2013/11/07 14:24:56.339412, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[11]: name[UntilTime] len[4] [2013/11/07 14:24:56.339497, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[12]: name[ChangeID] len[4] [2013/11/07 14:24:56.339584, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:56.339688, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey out: struct winreg_QueryInfoKey classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL num_subkeys : * num_subkeys : 0x00000003 (3) max_subkeylen : * max_subkeylen : 0x00000022 (34) max_classlen : * max_classlen : 0x00000000 (0) num_values : * num_values : 0x0000000d (13) max_valnamelen : * max_valnamelen : 0x00000022 (34) max_valbufsize : * max_valbufsize : 0x000000f8 (248) secdescsize : * secdescsize : 0x00000078 (120) last_changed_time : * last_changed_time : NTTIME(0) result : WERR_OK [2013/11/07 14:24:56.340710, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000155-0000-0000-7b52-a8947f2c0000 enum_index : 0x00000000 (0) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:56.341576, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 55 01 00 00 00 00 00 00 7B 52 A8 94 ....U... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:56.341725, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:56.341813, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0016 (22) size : 0x0024 (36) name : * name : 'Attributes' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x48 (72) [1] : 0x10 (16) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:56.342706, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000155-0000-0000-7b52-a8947f2c0000 enum_index : 0x00000001 (1) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:56.343551, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 55 01 00 00 00 00 00 00 7B 52 A8 94 ....U... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:56.343699, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:56.343785, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0018 (24) size : 0x0024 (36) name : * name : 'Description' type : * type : REG_SZ (1) value : * value: ARRAY(2) [0] : 0x00 (0) [1] : 0x00 (0) size : * size : 0x00000002 (2) length : * length : 0x00000002 (2) result : WERR_OK [2013/11/07 14:24:56.344603, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000155-0000-0000-7b52-a8947f2c0000 enum_index : 0x00000002 (2) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:56.345481, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 55 01 00 00 00 00 00 00 7B 52 A8 94 ....U... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:56.345629, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:56.345715, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Datatype' type : * type : REG_SZ (1) value : * value: ARRAY(8) [0] : 0x52 (82) [1] : 0x00 (0) [2] : 0x41 (65) [3] : 0x00 (0) [4] : 0x57 (87) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) size : * size : 0x00000008 (8) length : * length : 0x00000008 (8) result : WERR_OK [2013/11/07 14:24:56.346733, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000155-0000-0000-7b52-a8947f2c0000 enum_index : 0x00000003 (3) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:56.347592, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 55 01 00 00 00 00 00 00 7B 52 A8 94 ....U... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:56.347739, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:56.347825, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0022 (34) size : 0x0024 (36) name : * name : 'Default Priority' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:56.348720, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000155-0000-0000-7b52-a8947f2c0000 enum_index : 0x00000004 (4) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:56.349612, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 55 01 00 00 00 00 00 00 7B 52 A8 94 ....U... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:56.349761, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:56.349850, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x000a (10) size : 0x0024 (36) name : * name : 'Port' type : * type : REG_SZ (1) value : * value: ARRAY(38) [0] : 0x53 (83) [1] : 0x00 (0) [2] : 0x61 (97) [3] : 0x00 (0) [4] : 0x6d (109) [5] : 0x00 (0) [6] : 0x62 (98) [7] : 0x00 (0) [8] : 0x61 (97) [9] : 0x00 (0) [10] : 0x20 (32) [11] : 0x00 (0) [12] : 0x50 (80) [13] : 0x00 (0) [14] : 0x72 (114) [15] : 0x00 (0) [16] : 0x69 (105) [17] : 0x00 (0) [18] : 0x6e (110) [19] : 0x00 (0) [20] : 0x74 (116) [21] : 0x00 (0) [22] : 0x65 (101) [23] : 0x00 (0) [24] : 0x72 (114) [25] : 0x00 (0) [26] : 0x20 (32) [27] : 0x00 (0) [28] : 0x50 (80) [29] : 0x00 (0) [30] : 0x6f (111) [31] : 0x00 (0) [32] : 0x72 (114) [33] : 0x00 (0) [34] : 0x74 (116) [35] : 0x00 (0) [36] : 0x00 (0) [37] : 0x00 (0) size : * size : 0x00000026 (38) length : * length : 0x00000026 (38) result : WERR_OK [2013/11/07 14:24:56.352061, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000155-0000-0000-7b52-a8947f2c0000 enum_index : 0x00000005 (5) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:56.352955, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 55 01 00 00 00 00 00 00 7B 52 A8 94 ....U... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:56.353104, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:56.353192, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x000a (10) size : 0x0024 (36) name : * name : 'Name' type : * type : REG_SZ (1) value : * value: ARRAY(20) [0] : 0x73 (115) [1] : 0x00 (0) [2] : 0x70 (112) [3] : 0x00 (0) [4] : 0x72 (114) [5] : 0x00 (0) [6] : 0x69 (105) [7] : 0x00 (0) [8] : 0x6e (110) [9] : 0x00 (0) [10] : 0x74 (116) [11] : 0x00 (0) [12] : 0x65 (101) [13] : 0x00 (0) [14] : 0x72 (114) [15] : 0x00 (0) [16] : 0x31 (49) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) size : * size : 0x00000014 (20) length : * length : 0x00000014 (20) result : WERR_OK [2013/11/07 14:24:56.354753, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000155-0000-0000-7b52-a8947f2c0000 enum_index : 0x00000006 (6) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:56.355625, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 55 01 00 00 00 00 00 00 7B 52 A8 94 ....U... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:56.355773, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:56.355863, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0020 (32) size : 0x0024 (36) name : * name : 'Print Processor' type : * type : REG_SZ (1) value : * value: ARRAY(18) [0] : 0x77 (119) [1] : 0x00 (0) [2] : 0x69 (105) [3] : 0x00 (0) [4] : 0x6e (110) [5] : 0x00 (0) [6] : 0x70 (112) [7] : 0x00 (0) [8] : 0x72 (114) [9] : 0x00 (0) [10] : 0x69 (105) [11] : 0x00 (0) [12] : 0x6e (110) [13] : 0x00 (0) [14] : 0x74 (116) [15] : 0x00 (0) [16] : 0x00 (0) [17] : 0x00 (0) size : * size : 0x00000012 (18) length : * length : 0x00000012 (18) result : WERR_OK [2013/11/07 14:24:56.357321, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000155-0000-0000-7b52-a8947f2c0000 enum_index : 0x00000007 (7) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:56.358169, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 55 01 00 00 00 00 00 00 7B 52 A8 94 ....U... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:56.358333, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:56.358420, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Priority' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:56.359283, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000155-0000-0000-7b52-a8947f2c0000 enum_index : 0x00000008 (8) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:56.360141, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 55 01 00 00 00 00 00 00 7B 52 A8 94 ....U... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:56.360290, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:56.360376, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Security' type : * type : REG_BINARY (3) value : * value: ARRAY(248) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0xc4 (196) [55] : 0x00 (0) [56] : 0x07 (7) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x24 (36) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x05 (5) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x15 (21) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0xcd (205) [101] : 0x0e (14) [102] : 0x37 (55) [103] : 0x41 (65) [104] : 0xea (234) [105] : 0x03 (3) [106] : 0x00 (0) [107] : 0x1d (29) [108] : 0x0e (14) [109] : 0x89 (137) [110] : 0x3c (60) [111] : 0xd2 (210) [112] : 0x00 (0) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x02 (2) [118] : 0x24 (36) [119] : 0x00 (0) [120] : 0x0c (12) [121] : 0x00 (0) [122] : 0x0f (15) [123] : 0x10 (16) [124] : 0x01 (1) [125] : 0x05 (5) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x05 (5) [132] : 0x15 (21) [133] : 0x00 (0) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0xcd (205) [137] : 0x0e (14) [138] : 0x37 (55) [139] : 0x41 (65) [140] : 0xea (234) [141] : 0x03 (3) [142] : 0x00 (0) [143] : 0x1d (29) [144] : 0x0e (14) [145] : 0x89 (137) [146] : 0x3c (60) [147] : 0xd2 (210) [148] : 0x00 (0) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x09 (9) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x20 (32) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x02 (2) [178] : 0x18 (24) [179] : 0x00 (0) [180] : 0x0c (12) [181] : 0x00 (0) [182] : 0x0f (15) [183] : 0x10 (16) [184] : 0x01 (1) [185] : 0x02 (2) [186] : 0x00 (0) [187] : 0x00 (0) [188] : 0x00 (0) [189] : 0x00 (0) [190] : 0x00 (0) [191] : 0x05 (5) [192] : 0x20 (32) [193] : 0x00 (0) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x20 (32) [197] : 0x02 (2) [198] : 0x00 (0) [199] : 0x00 (0) [200] : 0x00 (0) [201] : 0x09 (9) [202] : 0x18 (24) [203] : 0x00 (0) [204] : 0x0c (12) [205] : 0x00 (0) [206] : 0x0f (15) [207] : 0x10 (16) [208] : 0x01 (1) [209] : 0x02 (2) [210] : 0x00 (0) [211] : 0x00 (0) [212] : 0x00 (0) [213] : 0x00 (0) [214] : 0x00 (0) [215] : 0x05 (5) [216] : 0x20 (32) [217] : 0x00 (0) [218] : 0x00 (0) [219] : 0x00 (0) [220] : 0x26 (38) [221] : 0x02 (2) [222] : 0x00 (0) [223] : 0x00 (0) [224] : 0x00 (0) [225] : 0x02 (2) [226] : 0x18 (24) [227] : 0x00 (0) [228] : 0x0c (12) [229] : 0x00 (0) [230] : 0x0f (15) [231] : 0x10 (16) [232] : 0x01 (1) [233] : 0x02 (2) [234] : 0x00 (0) [235] : 0x00 (0) [236] : 0x00 (0) [237] : 0x00 (0) [238] : 0x00 (0) [239] : 0x05 (5) [240] : 0x20 (32) [241] : 0x00 (0) [242] : 0x00 (0) [243] : 0x00 (0) [244] : 0x26 (38) [245] : 0x02 (2) [246] : 0x00 (0) [247] : 0x00 (0) size : * size : 0x000000f8 (248) length : * length : 0x000000f8 (248) result : WERR_OK [2013/11/07 14:24:56.371030, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000155-0000-0000-7b52-a8947f2c0000 enum_index : 0x00000009 (9) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:56.371878, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 55 01 00 00 00 00 00 00 7B 52 A8 94 ....U... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:56.372044, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:56.372132, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0016 (22) size : 0x0024 (36) name : * name : 'Share Name' type : * type : REG_SZ (1) value : * value: ARRAY(20) [0] : 0x73 (115) [1] : 0x00 (0) [2] : 0x70 (112) [3] : 0x00 (0) [4] : 0x72 (114) [5] : 0x00 (0) [6] : 0x69 (105) [7] : 0x00 (0) [8] : 0x6e (110) [9] : 0x00 (0) [10] : 0x74 (116) [11] : 0x00 (0) [12] : 0x65 (101) [13] : 0x00 (0) [14] : 0x72 (114) [15] : 0x00 (0) [16] : 0x31 (49) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) size : * size : 0x00000014 (20) length : * length : 0x00000014 (20) result : WERR_OK [2013/11/07 14:24:56.373658, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000155-0000-0000-7b52-a8947f2c0000 enum_index : 0x0000000a (10) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:56.374502, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 55 01 00 00 00 00 00 00 7B 52 A8 94 ....U... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:56.374673, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:56.374761, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0014 (20) size : 0x0024 (36) name : * name : 'StartTime' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:56.375623, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000155-0000-0000-7b52-a8947f2c0000 enum_index : 0x0000000b (11) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:56.376500, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 55 01 00 00 00 00 00 00 7B 52 A8 94 ....U... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:56.376649, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:56.376735, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0014 (20) size : 0x0024 (36) name : * name : 'UntilTime' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:56.377632, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000155-0000-0000-7b52-a8947f2c0000 enum_index : 0x0000000c (12) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:56.378477, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 55 01 00 00 00 00 00 00 7B 52 A8 94 ....U... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:56.378626, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:56.378712, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'ChangeID' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x33 (51) [1] : 0xac (172) [2] : 0x0e (14) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:56.379625, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000155-0000-0000-7b52-a8947f2c0000 value_name : * value_name: struct winreg_String name_len : 0x0020 (32) name_size : 0x0020 (32) name : * name : 'Default DevMode' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2013/11/07 14:24:56.380463, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 55 01 00 00 00 00 00 00 7B 52 A8 94 ....U... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:56.380616, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:56.380698, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2013/11/07 14:24:56.380786, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:316(_winreg_QueryValue) _winreg_QueryValue: reg_queryvalue failed with: WERR_BADFILE [2013/11/07 14:24:56.380867, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) result : WERR_BADFILE [2013/11/07 14:24:56.381341, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:24:56.381846, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2013/11/07 14:24:56.381930, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (2->3) [2013/11/07 14:24:56.382014, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2013/11/07 14:24:56.382094, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2013/11/07 14:24:56.382177, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:56.382256, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM] [2013/11/07 14:24:56.382389, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2013/11/07 14:24:56.382492, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:24:56.382580, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[3] [0000] 00 00 00 00 56 01 00 00 00 00 00 00 7B 52 A8 94 ....V... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:56.382732, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000156-0000-0000-7b52-a8947f2c0000 result : WERR_OK [2013/11/07 14:24:56.383075, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000156-0000-0000-7b52-a8947f2c0000 keyname: struct winreg_String name_len : 0x008c (140) name_size : 0x008c (140) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:24:56.384070, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 56 01 00 00 00 00 00 00 7B 52 A8 94 ....V... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:56.384224, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2013/11/07 14:24:56.384306, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (3->4) [2013/11/07 14:24:56.384416, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2013/11/07 14:24:56.384499, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2013/11/07 14:24:56.384583, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:56.384661, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE] [2013/11/07 14:24:56.384780, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2013/11/07 14:24:56.384881, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2013/11/07 14:24:56.384963, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (4->5) [2013/11/07 14:24:56.385047, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:56.385126, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:56.385209, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:56.385314, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:56.385425, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:56.385525, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2013/11/07 14:24:56.385608, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (5->6) [2013/11/07 14:24:56.385692, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:56.385771, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:56.385855, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:56.385934, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:56.386037, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:56.386137, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2013/11/07 14:24:56.386219, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (6->7) [2013/11/07 14:24:56.386304, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:56.386383, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:56.386481, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:56.386561, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:56.386683, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2013/11/07 14:24:56.386765, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (7->8) [2013/11/07 14:24:56.386850, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:56.386931, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:56.387019, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:56.387097, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:56.387205, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2013/11/07 14:24:56.387288, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (8->9) [2013/11/07 14:24:56.387373, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:56.387470, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:56.387558, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:56.387637, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:56.387753, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:56.387857, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [sprinter1] [2013/11/07 14:24:56.387950, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (9->10) [2013/11/07 14:24:56.388035, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:56.388116, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:56.388219, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:56.388299, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:56.388438, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:56.388546, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:24:56.388631, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (10->9) [2013/11/07 14:24:56.388715, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (9->8) [2013/11/07 14:24:56.388798, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (8->7) [2013/11/07 14:24:56.388881, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (7->6) [2013/11/07 14:24:56.388964, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (6->5) [2013/11/07 14:24:56.389047, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (5->4) [2013/11/07 14:24:56.389131, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[4] [0000] 00 00 00 00 57 01 00 00 00 00 00 00 7B 52 A8 94 ....W... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:56.389293, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000157-0000-0000-7b52-a8947f2c0000 result : WERR_OK [2013/11/07 14:24:56.389645, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000157-0000-0000-7b52-a8947f2c0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2013/11/07 14:24:56.390433, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 57 01 00 00 00 00 00 00 7B 52 A8 94 ....W... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:56.390582, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:56.390664, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2013/11/07 14:24:56.390746, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' (ops 0xb6d86bc0) [2013/11/07 14:24:56.390829, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:56.390934, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[0]: name[Attributes] len[4] [2013/11/07 14:24:56.391019, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[1]: name[Description] len[2] [2013/11/07 14:24:56.391102, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[2]: name[Datatype] len[8] [2013/11/07 14:24:56.391186, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[3]: name[Default Priority] len[4] [2013/11/07 14:24:56.391270, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[4]: name[Port] len[38] [2013/11/07 14:24:56.391355, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[5]: name[Name] len[20] [2013/11/07 14:24:56.391439, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[6]: name[Print Processor] len[18] [2013/11/07 14:24:56.391524, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[7]: name[Priority] len[4] [2013/11/07 14:24:56.391608, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[8]: name[Security] len[248] [2013/11/07 14:24:56.391693, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[9]: name[Share Name] len[20] [2013/11/07 14:24:56.391778, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[10]: name[StartTime] len[4] [2013/11/07 14:24:56.391863, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[11]: name[UntilTime] len[4] [2013/11/07 14:24:56.391963, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[12]: name[ChangeID] len[4] [2013/11/07 14:24:56.392050, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : NULL data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x00000000 (0) result : WERR_OK [2013/11/07 14:24:56.392533, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000157-0000-0000-7b52-a8947f2c0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_BINARY (3) data : * data: ARRAY(0) data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x00000000 (0) [2013/11/07 14:24:56.393351, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 57 01 00 00 00 00 00 00 7B 52 A8 94 ....W... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:56.393500, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:56.393582, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2013/11/07 14:24:56.393670, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : * data: ARRAY(248) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0xc4 (196) [55] : 0x00 (0) [56] : 0x07 (7) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x24 (36) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x05 (5) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x15 (21) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0xcd (205) [101] : 0x0e (14) [102] : 0x37 (55) [103] : 0x41 (65) [104] : 0xea (234) [105] : 0x03 (3) [106] : 0x00 (0) [107] : 0x1d (29) [108] : 0x0e (14) [109] : 0x89 (137) [110] : 0x3c (60) [111] : 0xd2 (210) [112] : 0x00 (0) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x02 (2) [118] : 0x24 (36) [119] : 0x00 (0) [120] : 0x0c (12) [121] : 0x00 (0) [122] : 0x0f (15) [123] : 0x10 (16) [124] : 0x01 (1) [125] : 0x05 (5) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x05 (5) [132] : 0x15 (21) [133] : 0x00 (0) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0xcd (205) [137] : 0x0e (14) [138] : 0x37 (55) [139] : 0x41 (65) [140] : 0xea (234) [141] : 0x03 (3) [142] : 0x00 (0) [143] : 0x1d (29) [144] : 0x0e (14) [145] : 0x89 (137) [146] : 0x3c (60) [147] : 0xd2 (210) [148] : 0x00 (0) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x09 (9) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x20 (32) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x02 (2) [178] : 0x18 (24) [179] : 0x00 (0) [180] : 0x0c (12) [181] : 0x00 (0) [182] : 0x0f (15) [183] : 0x10 (16) [184] : 0x01 (1) [185] : 0x02 (2) [186] : 0x00 (0) [187] : 0x00 (0) [188] : 0x00 (0) [189] : 0x00 (0) [190] : 0x00 (0) [191] : 0x05 (5) [192] : 0x20 (32) [193] : 0x00 (0) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x20 (32) [197] : 0x02 (2) [198] : 0x00 (0) [199] : 0x00 (0) [200] : 0x00 (0) [201] : 0x09 (9) [202] : 0x18 (24) [203] : 0x00 (0) [204] : 0x0c (12) [205] : 0x00 (0) [206] : 0x0f (15) [207] : 0x10 (16) [208] : 0x01 (1) [209] : 0x02 (2) [210] : 0x00 (0) [211] : 0x00 (0) [212] : 0x00 (0) [213] : 0x00 (0) [214] : 0x00 (0) [215] : 0x05 (5) [216] : 0x20 (32) [217] : 0x00 (0) [218] : 0x00 (0) [219] : 0x00 (0) [220] : 0x26 (38) [221] : 0x02 (2) [222] : 0x00 (0) [223] : 0x00 (0) [224] : 0x00 (0) [225] : 0x02 (2) [226] : 0x18 (24) [227] : 0x00 (0) [228] : 0x0c (12) [229] : 0x00 (0) [230] : 0x0f (15) [231] : 0x10 (16) [232] : 0x01 (1) [233] : 0x02 (2) [234] : 0x00 (0) [235] : 0x00 (0) [236] : 0x00 (0) [237] : 0x00 (0) [238] : 0x00 (0) [239] : 0x05 (5) [240] : 0x20 (32) [241] : 0x00 (0) [242] : 0x00 (0) [243] : 0x00 (0) [244] : 0x26 (38) [245] : 0x02 (2) [246] : 0x00 (0) [247] : 0x00 (0) data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x000000f8 (248) result : WERR_OK [2013/11/07 14:24:56.403784, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000157-0000-0000-7b52-a8947f2c0000 [2013/11/07 14:24:56.404065, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 57 01 00 00 00 00 00 00 7B 52 A8 94 ....W... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:56.404214, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 57 01 00 00 00 00 00 00 7B 52 A8 94 ....W... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:56.404361, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:24:56.404473, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (4->3) [2013/11/07 14:24:56.404555, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:24:56.404890, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000156-0000-0000-7b52-a8947f2c0000 [2013/11/07 14:24:56.405184, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 56 01 00 00 00 00 00 00 7B 52 A8 94 ....V... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:56.405347, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 56 01 00 00 00 00 00 00 7B 52 A8 94 ....V... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:56.405493, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:24:56.405575, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (3->2) [2013/11/07 14:24:56.405658, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:24:56.405996, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000155-0000-0000-7b52-a8947f2c0000 [2013/11/07 14:24:56.406274, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 55 01 00 00 00 00 00 00 7B 52 A8 94 ....U... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:56.406422, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 55 01 00 00 00 00 00 00 7B 52 A8 94 ....U... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:56.406568, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:24:56.406656, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (2->1) [2013/11/07 14:24:56.406739, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:24:56.407072, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000154-0000-0000-7b52-a8947f2c0000 [2013/11/07 14:24:56.407351, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 54 01 00 00 00 00 00 00 7B 52 A8 94 ....T... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:56.407516, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 54 01 00 00 00 00 00 00 7B 52 A8 94 ....T... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:56.407665, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:24:56.407749, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (1->0) [2013/11/07 14:24:56.407856, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:24:56.408192, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:416(close_policy_by_pipe) Deleted handle list for RPC connection \winreg [2013/11/07 14:24:56.408461, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) spoolss_GetPrinter: struct spoolss_GetPrinter out: struct spoolss_GetPrinter info : * info : union spoolss_PrinterInfo(case 2) info2: struct spoolss_PrinterInfo2 servername : * servername : '\\SLAVER' printername : * printername : '\\SLAVER\sprinter1' sharename : * sharename : 'sprinter1' portname : * portname : 'Samba Printer Port' drivername : * drivername : '' comment : * comment : '' location : * location : '' devmode : * devmode: struct spoolss_DeviceMode devicename : '\\SLAVER\sprinter1' specversion : DMSPEC_NT4_AND_ABOVE (1025) driverversion : 0x0400 (1024) size : 0x00dc (220) __driverextra_length : 0x0000 (0) fields : 0x00014713 (83731) 1: DEVMODE_ORIENTATION 1: DEVMODE_PAPERSIZE 0: DEVMODE_PAPERLENGTH 0: DEVMODE_PAPERWIDTH 1: DEVMODE_SCALE 0: DEVMODE_POSITION 0: DEVMODE_NUP 1: DEVMODE_COPIES 1: DEVMODE_DEFAULTSOURCE 1: DEVMODE_PRINTQUALITY 0: DEVMODE_COLOR 0: DEVMODE_DUPLEX 0: DEVMODE_YRESOLUTION 1: DEVMODE_TTOPTION 0: DEVMODE_COLLATE 1: DEVMODE_FORMNAME 0: DEVMODE_LOGPIXELS 0: DEVMODE_BITSPERPEL 0: DEVMODE_PELSWIDTH 0: DEVMODE_PELSHEIGHT 0: DEVMODE_DISPLAYFLAGS 0: DEVMODE_DISPLAYFREQUENCY 0: DEVMODE_ICMMETHOD 0: DEVMODE_ICMINTENT 0: DEVMODE_MEDIATYPE 0: DEVMODE_DITHERTYPE 0: DEVMODE_PANNINGWIDTH 0: DEVMODE_PANNINGHEIGHT orientation : DMORIENT_PORTRAIT (1) papersize : DMPAPER_LETTER (1) paperlength : 0x0000 (0) paperwidth : 0x0000 (0) scale : 0x0064 (100) copies : 0x0001 (1) defaultsource : DMBIN_FORMSOURCE (15) printquality : DMRES_HIGH (65532) color : DMRES_MONOCHROME (1) duplex : DMDUP_SIMPLEX (1) yresolution : 0x0000 (0) ttoption : DMTT_SUBDEV (3) collate : DMCOLLATE_FALSE (0) formname : 'Letter' logpixels : 0x0000 (0) bitsperpel : 0x00000000 (0) pelswidth : 0x00000000 (0) pelsheight : 0x00000000 (0) displayflags : UNKNOWN_ENUM_VALUE (0) displayfrequency : 0x00000000 (0) icmmethod : UNKNOWN_ENUM_VALUE (0) icmintent : UNKNOWN_ENUM_VALUE (0) mediatype : UNKNOWN_ENUM_VALUE (0) dithertype : UNKNOWN_ENUM_VALUE (0) reserved1 : 0x00000000 (0) reserved2 : 0x00000000 (0) panningwidth : 0x00000000 (0) panningheight : 0x00000000 (0) driverextra_data : DATA_BLOB length=0 sepfile : * sepfile : '' printprocessor : * printprocessor : 'winprint' datatype : * datatype : 'RAW' parameters : * parameters : '' secdesc : * secdesc: struct security_descriptor revision : SECURITY_DESCRIPTOR_REVISION_1 (1) type : 0x8004 (32772) 0: SEC_DESC_OWNER_DEFAULTED 0: SEC_DESC_GROUP_DEFAULTED 1: SEC_DESC_DACL_PRESENT 0: SEC_DESC_DACL_DEFAULTED 0: SEC_DESC_SACL_PRESENT 0: SEC_DESC_SACL_DEFAULTED 0: SEC_DESC_DACL_TRUSTED 0: SEC_DESC_SERVER_SECURITY 0: SEC_DESC_DACL_AUTO_INHERIT_REQ 0: SEC_DESC_SACL_AUTO_INHERIT_REQ 0: SEC_DESC_DACL_AUTO_INHERITED 0: SEC_DESC_SACL_AUTO_INHERITED 0: SEC_DESC_DACL_PROTECTED 0: SEC_DESC_SACL_PROTECTED 0: SEC_DESC_RM_CONTROL_VALID 1: SEC_DESC_SELF_RELATIVE owner_sid : * owner_sid : S-1-5-32-544 group_sid : * group_sid : S-1-5-32-544 sacl : NULL dacl : * dacl: struct security_acl revision : SECURITY_ACL_REVISION_NT4 (2) size : 0x00c4 (196) num_aces : 0x00000007 (7) aces: ARRAY(7) aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0014 (20) access_mask : 0x20020008 (537001992) object : union security_ace_object_ctr(case 0) trustee : S-1-1-0 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x09 (9) 1: SEC_ACE_FLAG_OBJECT_INHERIT 0: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 1: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0024 (36) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-21-1094127309-486540266-3527182606-512 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0024 (36) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-21-1094127309-486540266-3527182606-512 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x09 (9) 1: SEC_ACE_FLAG_OBJECT_INHERIT 0: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 1: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-544 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-544 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x09 (9) 1: SEC_ACE_FLAG_OBJECT_INHERIT 0: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 1: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-550 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-550 attributes : 0x00001048 (4168) 0: PRINTER_ATTRIBUTE_QUEUED 0: PRINTER_ATTRIBUTE_DIRECT 0: PRINTER_ATTRIBUTE_DEFAULT 1: PRINTER_ATTRIBUTE_SHARED 0: PRINTER_ATTRIBUTE_NETWORK 0: PRINTER_ATTRIBUTE_HIDDEN 1: PRINTER_ATTRIBUTE_LOCAL 0: PRINTER_ATTRIBUTE_ENABLE_DEVQ 0: PRINTER_ATTRIBUTE_KEEPPRINTEDJOBS 0: PRINTER_ATTRIBUTE_DO_COMPLETE_FIRST 0: PRINTER_ATTRIBUTE_WORK_OFFLINE 0: PRINTER_ATTRIBUTE_ENABLE_BIDI 1: PRINTER_ATTRIBUTE_RAW_ONLY 0: PRINTER_ATTRIBUTE_PUBLISHED 0: PRINTER_ATTRIBUTE_FAX 0: PRINTER_ATTRIBUTE_TS priority : 0x00000001 (1) defaultpriority : 0x00000001 (1) starttime : 0x00000000 (0) untiltime : 0x00000000 (0) status : 0x00000000 (0) 0: PRINTER_STATUS_PAUSED 0: PRINTER_STATUS_ERROR 0: PRINTER_STATUS_PENDING_DELETION 0: PRINTER_STATUS_PAPER_JAM 0: PRINTER_STATUS_PAPER_OUT 0: PRINTER_STATUS_MANUAL_FEED 0: PRINTER_STATUS_PAPER_PROBLEM 0: PRINTER_STATUS_OFFLINE 0: PRINTER_STATUS_IO_ACTIVE 0: PRINTER_STATUS_BUSY 0: PRINTER_STATUS_PRINTING 0: PRINTER_STATUS_OUTPUT_BIN_FULL 0: PRINTER_STATUS_NOT_AVAILABLE 0: PRINTER_STATUS_WAITING 0: PRINTER_STATUS_PROCESSING 0: PRINTER_STATUS_INITIALIZING 0: PRINTER_STATUS_WARMING_UP 0: PRINTER_STATUS_TONER_LOW 0: PRINTER_STATUS_NO_TONER 0: PRINTER_STATUS_PAGE_PUNT 0: PRINTER_STATUS_USER_INTERVENTION 0: PRINTER_STATUS_OUT_OF_MEMORY 0: PRINTER_STATUS_DOOR_OPEN 0: PRINTER_STATUS_SERVER_UNKNOWN 0: PRINTER_STATUS_POWER_SAVE cjobs : 0x00000000 (0) averageppm : 0x00000000 (0) needed : * needed : 0x000002f0 (752) result : WERR_OK [2013/11/07 14:24:56.419952, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1417(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2013/11/07 14:24:56.420074, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (2016, 5001) - sec_ctx_stack_ndx = 0 [2013/11/07 14:24:56.420163, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 4140 smbd_smb2_request_pending_queue: req->current_idx = 1 req->in.vector[0].iov_len = 0 req->in.vector[1].iov_len = 0 req->in.vector[2].iov_len = 64 req->in.vector[3].iov_len = 56 req->in.vector[4].iov_len = 4156 req->out.vector[0].iov_len = 4 req->out.vector[1].iov_len = 0 req->out.vector[2].iov_len = 64 req->out.vector[3].iov_len = 8 req->out.vector[4].iov_len = 0 [2013/11/07 14:24:56.420753, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:128(smbd_smb2_ioctl_pipe_write_done) smbd_smb2_ioctl_pipe_write_done: received 4156 [2013/11/07 14:24:56.420839, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:149(smbd_smb2_ioctl_pipe_write_done) smbd_smb2_ioctl_pipe_write_done: issuing np_read_send of size 4136 [2013/11/07 14:24:56.420925, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) name: \spoolss len: 4136 [2013/11/07 14:24:56.421009, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:347(read_from_internal_pipe) read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 4112. [2013/11/07 14:24:56.421120, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x1028 (4136) auth_length : 0x0000 (0) call_id : 0x00000013 (19) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00001010 (4112) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=4112 [0000] 04 00 02 00 00 10 00 00 EE 0F 00 00 C8 0F 00 00 ........ ........ [0010] B4 0F 00 00 8E 0F 00 00 8C 0F 00 00 8A 0F 00 00 ........ ........ [0020] 88 0F 00 00 8C 0E 00 00 86 0F 00 00 74 0F 00 00 ........ ....t... [0030] 6C 0F 00 00 6A 0F 00 00 94 0D 00 00 48 10 00 00 l...j... ....H... [0040] 01 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 01 00 04 80 ........ ........ [0DA0] D8 00 00 00 E8 00 00 00 00 00 00 00 14 00 00 00 ........ ........ [0DB0] 02 00 C4 00 07 00 00 00 00 02 14 00 08 00 02 20 ........ ....... [0DC0] 01 01 00 00 00 00 00 01 00 00 00 00 00 09 24 00 ........ ......$. [0DD0] 0C 00 0F 10 01 05 00 00 00 00 00 05 15 00 00 00 ........ ........ [0DE0] CD 0E 37 41 EA 03 00 1D 0E 89 3C D2 00 02 00 00 ..7A.... ..<..... [0DF0] 00 02 24 00 0C 00 0F 10 01 05 00 00 00 00 00 05 ..$..... ........ [0E00] 15 00 00 00 CD 0E 37 41 EA 03 00 1D 0E 89 3C D2 ......7A ......<. [0E10] 00 02 00 00 00 09 18 00 0C 00 0F 10 01 02 00 00 ........ ........ [0E20] 00 00 00 05 20 00 00 00 20 02 00 00 00 02 18 00 .... ... ....... [0E30] 0C 00 0F 10 01 02 00 00 00 00 00 05 20 00 00 00 ........ .... ... [0E40] 20 02 00 00 00 09 18 00 0C 00 0F 10 01 02 00 00 ....... ........ [0E50] 00 00 00 05 20 00 00 00 26 02 00 00 00 02 18 00 .... ... &....... [0E60] 0C 00 0F 10 01 02 00 00 00 00 00 05 20 00 00 00 ........ .... ... [0E70] 26 02 00 00 01 02 00 00 00 00 00 05 20 00 00 00 &....... .... ... [0E80] 20 02 00 00 01 02 00 00 00 00 00 05 20 00 00 00 ....... .... ... [0E90] 20 02 00 00 5C 00 5C 00 53 00 4C 00 41 00 56 00 ...\.\. S.L.A.V. [0EA0] 45 00 52 00 5C 00 73 00 70 00 72 00 69 00 6E 00 E.R.\.s. p.r.i.n. [0EB0] 74 00 65 00 72 00 31 00 00 00 00 00 00 00 00 00 t.e.r.1. ........ [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0ED0] 00 00 00 00 01 04 00 04 DC 00 00 00 13 47 01 00 ........ .....G.. [0EE0] 01 00 01 00 00 00 00 00 64 00 01 00 0F 00 FC FF ........ d....... [0EF0] 01 00 01 00 00 00 03 00 00 00 4C 00 65 00 74 00 ........ ..L.e.t. [0F00] 74 00 65 00 72 00 00 00 00 00 00 00 00 00 00 00 t.e.r... ........ [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F70] 00 00 00 00 52 00 41 00 57 00 00 00 77 00 69 00 ....R.A. W...w.i. [0F80] 6E 00 70 00 72 00 69 00 6E 00 74 00 00 00 00 00 n.p.r.i. n.t..... [0F90] 00 00 00 00 00 00 53 00 61 00 6D 00 62 00 61 00 ......S. a.m.b.a. [0FA0] 20 00 50 00 72 00 69 00 6E 00 74 00 65 00 72 00 .P.r.i. n.t.e.r. [0FB0] 20 00 50 00 6F 00 72 00 74 00 00 00 73 00 70 00 .P.o.r. t...s.p. [0FC0] 72 00 69 00 6E 00 74 00 65 00 72 00 31 00 00 00 r.i.n.t. e.r.1... [0FD0] 5C 00 5C 00 53 00 4C 00 41 00 56 00 45 00 52 00 \.\.S.L. A.V.E.R. [0FE0] 5C 00 73 00 70 00 72 00 69 00 6E 00 74 00 65 00 \.s.p.r. i.n.t.e. [0FF0] 72 00 31 00 00 00 5C 00 5C 00 53 00 4C 00 41 00 r.1...\. \.S.L.A. [1000] 56 00 45 00 52 00 00 00 F0 02 00 00 00 00 00 00 V.E.R... ........ [2013/11/07 14:24:56.439677, 3, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) free_pipe_context: destroying talloc pool of size 1258 [2013/11/07 14:24:56.439816, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 4136 bytes. There is no more data outstanding [2013/11/07 14:24:56.439902, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:178(smbd_smb2_ioctl_pipe_read_done) smbd_smb2_ioctl_pipe_read_done: np_read_recv nread = 4136 is_data_outstanding = 0, status = NT_STATUS_OK [2013/11/07 14:24:56.439993, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl.c:291(smbd_smb2_request_ioctl_done) smbd_smb2_request_ioctl_done: smbd_smb2_ioctl_recv returned 4136 status NT_STATUS_OK [2013/11/07 14:24:56.440077, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[48] dyn[yes:4136] at ../source3/smbd/smb2_ioctl.c:358 [2013/11/07 14:24:56.440165, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/188/127 [2013/11/07 14:24:56.444183, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) smbd_smb2_request_incoming: idx[1] of 5 vectors [2013/11/07 14:24:56.444366, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) smb2_validate_sequence_number: clearing id 188 (position 188) from bitmap [2013/11/07 14:24:56.444488, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) smbd_smb2_request_dispatch: opcode[SMB2_OP_IOCTL] mid = 188 [2013/11/07 14:24:56.444613, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2013/11/07 14:24:56.444742, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) mid 188, CreditCharge: 1, NeededCharge: 1 [2013/11/07 14:24:56.444826, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl.c:394(smbd_smb2_ioctl_send) smbd_smb2_ioctl: ctl_code[0x0011c017] spoolss, fnum 3571729150 [2013/11/07 14:24:56.444920, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:59(smb2_ioctl_named_pipe) smbd_smb2_ioctl_send: np_write_send of size 4156 [2013/11/07 14:24:56.445009, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 4156 [2013/11/07 14:24:56.445091, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 4156 [2013/11/07 14:24:56.445173, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 4156 [2013/11/07 14:24:56.445254, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) fill_rpc_header: data_to_copy = 4156, len_needed_to_complete_hdr = 16, receive_len = 0 [2013/11/07 14:24:56.445406, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 16 [2013/11/07 14:24:56.445486, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 4140 [2013/11/07 14:24:56.445565, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 4140 [2013/11/07 14:24:56.445652, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 0 [2013/11/07 14:24:56.445767, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 4140 [2013/11/07 14:24:56.445846, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 4140, incoming data = 4140 [2013/11/07 14:24:56.445932, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) PDU is in Little Endian format! [2013/11/07 14:24:56.446027, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x103c (4156) auth_length : 0x0000 (0) call_id : 0x00000014 (20) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x00001024 (4132) context_id : 0x0000 (0) opnum : 0x0008 (8) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=4132 [0000] 00 00 00 00 0F 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 02 00 00 00 00 00 02 00 00 10 00 00 .,...... ........ [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1020] 00 10 00 00 .... [2013/11/07 14:24:56.464092, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) Processing packet type 0 [2013/11/07 14:24:56.464176, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1472(dcesrv_auth_request) Checking request auth. [2013/11/07 14:24:56.464267, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(2016, 5001) : sec_ctx_stack_ndx = 1 [2013/11/07 14:24:56.464358, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (2016, 5001) - sec_ctx_stack_ndx = 1 [2013/11/07 14:24:56.464467, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (7): SID[ 0]: S-1-5-21-1094127309-486540266-3527182606-1118 SID[ 1]: S-1-5-21-1094127309-486540266-3527182606-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-32-545 SID[ 6]: S-1-5-32-554 Privileges (0x 800000): Privilege[ 0]: SeChangeNotifyPrivilege Rights (0x 400): Right[ 0]: SeRemoteInteractiveLogonRight [2013/11/07 14:24:56.464967, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 2016 Primary group is 5001 and contains 6 supplementary groups Group[ 0]: 5001 Group[ 1]: 5012 Group[ 2]: 5032 Group[ 3]: 5010 Group[ 4]: 5067 Group[ 5]: 5052 [2013/11/07 14:24:56.465337, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1324(api_pipe_request) Requested \spoolss rpc service [2013/11/07 14:24:56.465425, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1356(api_rpcTNP) api_rpcTNP: \spoolss op 0x8 - api_rpcTNP: rpc command: SPOOLSS_GETPRINTER [2013/11/07 14:24:56.465511, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1390(api_rpcTNP) api_rpc_cmds[8].fn == 0xb766e000 [2013/11/07 14:24:56.465600, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) spoolss_GetPrinter: struct spoolss_GetPrinter in: struct spoolss_GetPrinter handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000010f-0000-0000-7b52-a4947f2c0000 level : 0x00000002 (2) buffer : * buffer : DATA_BLOB length=4096 [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ offered : 0x00001000 (4096) [2013/11/07 14:24:56.482512, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0F 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:56.482667, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0F 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:56.482815, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:489(get_printer_snum) short name:sprinter1 [2013/11/07 14:24:56.482987, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) Create pipe requested \winreg [2013/11/07 14:24:56.483080, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:221(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \winreg [2013/11/07 14:24:56.483163, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg [2013/11/07 14:24:56.483305, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) Created internal pipe \winreg [2013/11/07 14:24:56.483422, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:24:56.483928, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2013/11/07 14:24:56.484014, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(2016, 5001) : sec_ctx_stack_ndx = 2 [2013/11/07 14:24:56.484116, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:485(push_conn_ctx) push_conn_ctx(2620291195) : conn_ctx_stack_ndx = 0 [2013/11/07 14:24:56.484199, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/11/07 14:24:56.484279, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/11/07 14:24:56.484359, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/11/07 14:24:56.484666, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (2016, 5001) - sec_ctx_stack_ndx = 1 [2013/11/07 14:24:56.484752, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:866(regdb_open) regdb_open: registry db opened. refcount reset (1) [2013/11/07 14:24:56.484840, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2013/11/07 14:24:56.484920, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2013/11/07 14:24:56.485005, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:56.485084, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM] [2013/11/07 14:24:56.485214, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2013/11/07 14:24:56.485331, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:24:56.485420, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 58 01 00 00 00 00 00 00 7B 52 A8 94 ....X... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:56.485573, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000158-0000-0000-7b52-a8947f2c0000 result : WERR_OK [2013/11/07 14:24:56.485935, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000158-0000-0000-7b52-a8947f2c0000 keyname: struct winreg_String name_len : 0x008c (140) name_size : 0x008c (140) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:24:56.486954, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 58 01 00 00 00 00 00 00 7B 52 A8 94 ....X... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:56.487106, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2013/11/07 14:24:56.487189, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (1->2) [2013/11/07 14:24:56.487273, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2013/11/07 14:24:56.487353, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2013/11/07 14:24:56.487461, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:56.487540, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE] [2013/11/07 14:24:56.487655, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2013/11/07 14:24:56.487756, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2013/11/07 14:24:56.487849, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (2->3) [2013/11/07 14:24:56.487944, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:56.488023, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:56.488107, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:56.488186, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:56.488296, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:56.488433, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2013/11/07 14:24:56.488519, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (3->4) [2013/11/07 14:24:56.488603, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:56.488697, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:56.488781, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:56.488860, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:56.488962, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:56.489064, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2013/11/07 14:24:56.489146, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (4->5) [2013/11/07 14:24:56.489231, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:56.489328, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:56.489413, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:56.489493, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:56.489617, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2013/11/07 14:24:56.489700, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (5->6) [2013/11/07 14:24:56.489785, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:56.489866, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:56.489954, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:56.490033, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:56.490140, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2013/11/07 14:24:56.490222, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (6->7) [2013/11/07 14:24:56.490307, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:56.490402, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:56.490492, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:56.490570, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:56.490675, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:56.490779, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [sprinter1] [2013/11/07 14:24:56.490861, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (7->8) [2013/11/07 14:24:56.490947, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:56.491028, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:56.491115, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:56.491194, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:56.491322, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:56.491425, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:24:56.491509, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (8->7) [2013/11/07 14:24:56.491593, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (7->6) [2013/11/07 14:24:56.491676, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (6->5) [2013/11/07 14:24:56.491759, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (5->4) [2013/11/07 14:24:56.491842, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (4->3) [2013/11/07 14:24:56.491926, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (3->2) [2013/11/07 14:24:56.492010, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 59 01 00 00 00 00 00 00 7B 52 A8 94 ....Y... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:56.492173, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000159-0000-0000-7b52-a8947f2c0000 result : WERR_OK [2013/11/07 14:24:56.492560, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey in: struct winreg_QueryInfoKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000159-0000-0000-7b52-a8947f2c0000 classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL [2013/11/07 14:24:56.493033, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 59 01 00 00 00 00 00 00 7B 52 A8 94 ....Y... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:56.493189, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' (ops 0xb6d86bc0) [2013/11/07 14:24:56.493301, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:56.493427, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[0]: name[Attributes] len[4] [2013/11/07 14:24:56.493513, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[1]: name[Description] len[2] [2013/11/07 14:24:56.493597, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[2]: name[Datatype] len[8] [2013/11/07 14:24:56.493681, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[3]: name[Default Priority] len[4] [2013/11/07 14:24:56.493765, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[4]: name[Port] len[38] [2013/11/07 14:24:56.493850, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[5]: name[Name] len[20] [2013/11/07 14:24:56.493934, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[6]: name[Print Processor] len[18] [2013/11/07 14:24:56.494018, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[7]: name[Priority] len[4] [2013/11/07 14:24:56.494118, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[8]: name[Security] len[248] [2013/11/07 14:24:56.494204, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[9]: name[Share Name] len[20] [2013/11/07 14:24:56.494289, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[10]: name[StartTime] len[4] [2013/11/07 14:24:56.494374, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[11]: name[UntilTime] len[4] [2013/11/07 14:24:56.494459, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[12]: name[ChangeID] len[4] [2013/11/07 14:24:56.494545, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:56.494650, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey out: struct winreg_QueryInfoKey classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL num_subkeys : * num_subkeys : 0x00000003 (3) max_subkeylen : * max_subkeylen : 0x00000022 (34) max_classlen : * max_classlen : 0x00000000 (0) num_values : * num_values : 0x0000000d (13) max_valnamelen : * max_valnamelen : 0x00000022 (34) max_valbufsize : * max_valbufsize : 0x000000f8 (248) secdescsize : * secdescsize : 0x00000078 (120) last_changed_time : * last_changed_time : NTTIME(0) result : WERR_OK [2013/11/07 14:24:56.495626, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000159-0000-0000-7b52-a8947f2c0000 enum_index : 0x00000000 (0) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:56.496566, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 59 01 00 00 00 00 00 00 7B 52 A8 94 ....Y... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:56.496731, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:56.496819, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0016 (22) size : 0x0024 (36) name : * name : 'Attributes' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x48 (72) [1] : 0x10 (16) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:56.497710, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000159-0000-0000-7b52-a8947f2c0000 enum_index : 0x00000001 (1) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:56.498555, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 59 01 00 00 00 00 00 00 7B 52 A8 94 ....Y... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:56.498704, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:56.498790, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0018 (24) size : 0x0024 (36) name : * name : 'Description' type : * type : REG_SZ (1) value : * value: ARRAY(2) [0] : 0x00 (0) [1] : 0x00 (0) size : * size : 0x00000002 (2) length : * length : 0x00000002 (2) result : WERR_OK [2013/11/07 14:24:56.499591, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000159-0000-0000-7b52-a8947f2c0000 enum_index : 0x00000002 (2) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:56.500484, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 59 01 00 00 00 00 00 00 7B 52 A8 94 ....Y... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:56.500633, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:56.500720, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Datatype' type : * type : REG_SZ (1) value : * value: ARRAY(8) [0] : 0x52 (82) [1] : 0x00 (0) [2] : 0x41 (65) [3] : 0x00 (0) [4] : 0x57 (87) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) size : * size : 0x00000008 (8) length : * length : 0x00000008 (8) result : WERR_OK [2013/11/07 14:24:56.501751, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000159-0000-0000-7b52-a8947f2c0000 enum_index : 0x00000003 (3) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:56.502610, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 59 01 00 00 00 00 00 00 7B 52 A8 94 ....Y... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:56.502758, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:56.502843, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0022 (34) size : 0x0024 (36) name : * name : 'Default Priority' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:56.503707, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000159-0000-0000-7b52-a8947f2c0000 enum_index : 0x00000004 (4) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:56.504608, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 59 01 00 00 00 00 00 00 7B 52 A8 94 ....Y... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:56.504757, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:56.504843, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x000a (10) size : 0x0024 (36) name : * name : 'Port' type : * type : REG_SZ (1) value : * value: ARRAY(38) [0] : 0x53 (83) [1] : 0x00 (0) [2] : 0x61 (97) [3] : 0x00 (0) [4] : 0x6d (109) [5] : 0x00 (0) [6] : 0x62 (98) [7] : 0x00 (0) [8] : 0x61 (97) [9] : 0x00 (0) [10] : 0x20 (32) [11] : 0x00 (0) [12] : 0x50 (80) [13] : 0x00 (0) [14] : 0x72 (114) [15] : 0x00 (0) [16] : 0x69 (105) [17] : 0x00 (0) [18] : 0x6e (110) [19] : 0x00 (0) [20] : 0x74 (116) [21] : 0x00 (0) [22] : 0x65 (101) [23] : 0x00 (0) [24] : 0x72 (114) [25] : 0x00 (0) [26] : 0x20 (32) [27] : 0x00 (0) [28] : 0x50 (80) [29] : 0x00 (0) [30] : 0x6f (111) [31] : 0x00 (0) [32] : 0x72 (114) [33] : 0x00 (0) [34] : 0x74 (116) [35] : 0x00 (0) [36] : 0x00 (0) [37] : 0x00 (0) size : * size : 0x00000026 (38) length : * length : 0x00000026 (38) result : WERR_OK [2013/11/07 14:24:56.507068, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000159-0000-0000-7b52-a8947f2c0000 enum_index : 0x00000005 (5) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:56.507934, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 59 01 00 00 00 00 00 00 7B 52 A8 94 ....Y... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:56.508083, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:56.508170, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x000a (10) size : 0x0024 (36) name : * name : 'Name' type : * type : REG_SZ (1) value : * value: ARRAY(20) [0] : 0x73 (115) [1] : 0x00 (0) [2] : 0x70 (112) [3] : 0x00 (0) [4] : 0x72 (114) [5] : 0x00 (0) [6] : 0x69 (105) [7] : 0x00 (0) [8] : 0x6e (110) [9] : 0x00 (0) [10] : 0x74 (116) [11] : 0x00 (0) [12] : 0x65 (101) [13] : 0x00 (0) [14] : 0x72 (114) [15] : 0x00 (0) [16] : 0x31 (49) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) size : * size : 0x00000014 (20) length : * length : 0x00000014 (20) result : WERR_OK [2013/11/07 14:24:56.509701, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000159-0000-0000-7b52-a8947f2c0000 enum_index : 0x00000006 (6) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:56.510559, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 59 01 00 00 00 00 00 00 7B 52 A8 94 ....Y... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:56.510707, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:56.510794, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0020 (32) size : 0x0024 (36) name : * name : 'Print Processor' type : * type : REG_SZ (1) value : * value: ARRAY(18) [0] : 0x77 (119) [1] : 0x00 (0) [2] : 0x69 (105) [3] : 0x00 (0) [4] : 0x6e (110) [5] : 0x00 (0) [6] : 0x70 (112) [7] : 0x00 (0) [8] : 0x72 (114) [9] : 0x00 (0) [10] : 0x69 (105) [11] : 0x00 (0) [12] : 0x6e (110) [13] : 0x00 (0) [14] : 0x74 (116) [15] : 0x00 (0) [16] : 0x00 (0) [17] : 0x00 (0) size : * size : 0x00000012 (18) length : * length : 0x00000012 (18) result : WERR_OK [2013/11/07 14:24:56.512205, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000159-0000-0000-7b52-a8947f2c0000 enum_index : 0x00000007 (7) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:56.513132, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 59 01 00 00 00 00 00 00 7B 52 A8 94 ....Y... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:56.513292, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:56.513381, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Priority' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:56.514243, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000159-0000-0000-7b52-a8947f2c0000 enum_index : 0x00000008 (8) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:56.515101, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 59 01 00 00 00 00 00 00 7B 52 A8 94 ....Y... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:56.515249, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:56.515349, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Security' type : * type : REG_BINARY (3) value : * value: ARRAY(248) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0xc4 (196) [55] : 0x00 (0) [56] : 0x07 (7) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x24 (36) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x05 (5) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x15 (21) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0xcd (205) [101] : 0x0e (14) [102] : 0x37 (55) [103] : 0x41 (65) [104] : 0xea (234) [105] : 0x03 (3) [106] : 0x00 (0) [107] : 0x1d (29) [108] : 0x0e (14) [109] : 0x89 (137) [110] : 0x3c (60) [111] : 0xd2 (210) [112] : 0x00 (0) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x02 (2) [118] : 0x24 (36) [119] : 0x00 (0) [120] : 0x0c (12) [121] : 0x00 (0) [122] : 0x0f (15) [123] : 0x10 (16) [124] : 0x01 (1) [125] : 0x05 (5) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x05 (5) [132] : 0x15 (21) [133] : 0x00 (0) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0xcd (205) [137] : 0x0e (14) [138] : 0x37 (55) [139] : 0x41 (65) [140] : 0xea (234) [141] : 0x03 (3) [142] : 0x00 (0) [143] : 0x1d (29) [144] : 0x0e (14) [145] : 0x89 (137) [146] : 0x3c (60) [147] : 0xd2 (210) [148] : 0x00 (0) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x09 (9) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x20 (32) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x02 (2) [178] : 0x18 (24) [179] : 0x00 (0) [180] : 0x0c (12) [181] : 0x00 (0) [182] : 0x0f (15) [183] : 0x10 (16) [184] : 0x01 (1) [185] : 0x02 (2) [186] : 0x00 (0) [187] : 0x00 (0) [188] : 0x00 (0) [189] : 0x00 (0) [190] : 0x00 (0) [191] : 0x05 (5) [192] : 0x20 (32) [193] : 0x00 (0) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x20 (32) [197] : 0x02 (2) [198] : 0x00 (0) [199] : 0x00 (0) [200] : 0x00 (0) [201] : 0x09 (9) [202] : 0x18 (24) [203] : 0x00 (0) [204] : 0x0c (12) [205] : 0x00 (0) [206] : 0x0f (15) [207] : 0x10 (16) [208] : 0x01 (1) [209] : 0x02 (2) [210] : 0x00 (0) [211] : 0x00 (0) [212] : 0x00 (0) [213] : 0x00 (0) [214] : 0x00 (0) [215] : 0x05 (5) [216] : 0x20 (32) [217] : 0x00 (0) [218] : 0x00 (0) [219] : 0x00 (0) [220] : 0x26 (38) [221] : 0x02 (2) [222] : 0x00 (0) [223] : 0x00 (0) [224] : 0x00 (0) [225] : 0x02 (2) [226] : 0x18 (24) [227] : 0x00 (0) [228] : 0x0c (12) [229] : 0x00 (0) [230] : 0x0f (15) [231] : 0x10 (16) [232] : 0x01 (1) [233] : 0x02 (2) [234] : 0x00 (0) [235] : 0x00 (0) [236] : 0x00 (0) [237] : 0x00 (0) [238] : 0x00 (0) [239] : 0x05 (5) [240] : 0x20 (32) [241] : 0x00 (0) [242] : 0x00 (0) [243] : 0x00 (0) [244] : 0x26 (38) [245] : 0x02 (2) [246] : 0x00 (0) [247] : 0x00 (0) size : * size : 0x000000f8 (248) length : * length : 0x000000f8 (248) result : WERR_OK [2013/11/07 14:24:56.526027, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000159-0000-0000-7b52-a8947f2c0000 enum_index : 0x00000009 (9) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:56.526890, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 59 01 00 00 00 00 00 00 7B 52 A8 94 ....Y... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:56.527039, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:56.527127, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0016 (22) size : 0x0024 (36) name : * name : 'Share Name' type : * type : REG_SZ (1) value : * value: ARRAY(20) [0] : 0x73 (115) [1] : 0x00 (0) [2] : 0x70 (112) [3] : 0x00 (0) [4] : 0x72 (114) [5] : 0x00 (0) [6] : 0x69 (105) [7] : 0x00 (0) [8] : 0x6e (110) [9] : 0x00 (0) [10] : 0x74 (116) [11] : 0x00 (0) [12] : 0x65 (101) [13] : 0x00 (0) [14] : 0x72 (114) [15] : 0x00 (0) [16] : 0x31 (49) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) size : * size : 0x00000014 (20) length : * length : 0x00000014 (20) result : WERR_OK [2013/11/07 14:24:56.528778, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000159-0000-0000-7b52-a8947f2c0000 enum_index : 0x0000000a (10) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:56.529668, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 59 01 00 00 00 00 00 00 7B 52 A8 94 ....Y... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:56.529818, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:56.529910, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0014 (20) size : 0x0024 (36) name : * name : 'StartTime' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:56.530775, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000159-0000-0000-7b52-a8947f2c0000 enum_index : 0x0000000b (11) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:56.531624, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 59 01 00 00 00 00 00 00 7B 52 A8 94 ....Y... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:56.531772, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:56.531872, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0014 (20) size : 0x0024 (36) name : * name : 'UntilTime' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:56.532773, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000159-0000-0000-7b52-a8947f2c0000 enum_index : 0x0000000c (12) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:56.533630, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 59 01 00 00 00 00 00 00 7B 52 A8 94 ....Y... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:56.533778, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:56.533864, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'ChangeID' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x33 (51) [1] : 0xac (172) [2] : 0x0e (14) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:56.534798, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000159-0000-0000-7b52-a8947f2c0000 value_name : * value_name: struct winreg_String name_len : 0x0020 (32) name_size : 0x0020 (32) name : * name : 'Default DevMode' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2013/11/07 14:24:56.535565, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 59 01 00 00 00 00 00 00 7B 52 A8 94 ....Y... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:56.535713, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:56.535795, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2013/11/07 14:24:56.535883, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:316(_winreg_QueryValue) _winreg_QueryValue: reg_queryvalue failed with: WERR_BADFILE [2013/11/07 14:24:56.535964, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) result : WERR_BADFILE [2013/11/07 14:24:56.536447, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:24:56.536955, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2013/11/07 14:24:56.537038, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (2->3) [2013/11/07 14:24:56.537141, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2013/11/07 14:24:56.537221, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2013/11/07 14:24:56.537316, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:56.537395, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM] [2013/11/07 14:24:56.537515, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2013/11/07 14:24:56.537617, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:24:56.537706, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[3] [0000] 00 00 00 00 5A 01 00 00 00 00 00 00 7B 52 A8 94 ....Z... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:56.537858, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000015a-0000-0000-7b52-a8947f2c0000 result : WERR_OK [2013/11/07 14:24:56.538203, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000015a-0000-0000-7b52-a8947f2c0000 keyname: struct winreg_String name_len : 0x008c (140) name_size : 0x008c (140) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:24:56.539204, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 5A 01 00 00 00 00 00 00 7B 52 A8 94 ....Z... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:56.539358, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2013/11/07 14:24:56.539454, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (3->4) [2013/11/07 14:24:56.539539, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2013/11/07 14:24:56.539618, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2013/11/07 14:24:56.539702, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:56.539781, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE] [2013/11/07 14:24:56.539890, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2013/11/07 14:24:56.539990, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2013/11/07 14:24:56.540072, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (4->5) [2013/11/07 14:24:56.540156, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:56.540236, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:56.540319, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:56.540424, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:56.540534, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:56.540634, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2013/11/07 14:24:56.540717, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (5->6) [2013/11/07 14:24:56.540802, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:56.540881, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:56.540965, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:56.541045, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:56.541148, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:56.541249, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2013/11/07 14:24:56.541369, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (6->7) [2013/11/07 14:24:56.541455, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:56.541534, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:56.541620, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:56.541699, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:56.541825, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2013/11/07 14:24:56.541908, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (7->8) [2013/11/07 14:24:56.541993, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:56.542073, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:56.542161, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:56.542240, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:56.542349, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2013/11/07 14:24:56.542431, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (8->9) [2013/11/07 14:24:56.542516, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:56.542598, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:56.542685, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:56.542764, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:56.542869, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:56.542973, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [sprinter1] [2013/11/07 14:24:56.543079, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (9->10) [2013/11/07 14:24:56.543165, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:56.543246, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:56.543334, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:56.543413, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:56.543527, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:56.543631, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:24:56.543716, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (10->9) [2013/11/07 14:24:56.543800, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (9->8) [2013/11/07 14:24:56.543883, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (8->7) [2013/11/07 14:24:56.543966, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (7->6) [2013/11/07 14:24:56.544049, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (6->5) [2013/11/07 14:24:56.544131, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (5->4) [2013/11/07 14:24:56.544216, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[4] [0000] 00 00 00 00 5B 01 00 00 00 00 00 00 7B 52 A8 94 ....[... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:56.544366, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000015b-0000-0000-7b52-a8947f2c0000 result : WERR_OK [2013/11/07 14:24:56.544745, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000015b-0000-0000-7b52-a8947f2c0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2013/11/07 14:24:56.545552, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 5B 01 00 00 00 00 00 00 7B 52 A8 94 ....[... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:56.545702, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:56.545783, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2013/11/07 14:24:56.545866, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' (ops 0xb6d86bc0) [2013/11/07 14:24:56.545949, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:56.546056, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[0]: name[Attributes] len[4] [2013/11/07 14:24:56.546140, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[1]: name[Description] len[2] [2013/11/07 14:24:56.546224, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[2]: name[Datatype] len[8] [2013/11/07 14:24:56.546308, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[3]: name[Default Priority] len[4] [2013/11/07 14:24:56.546392, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[4]: name[Port] len[38] [2013/11/07 14:24:56.546477, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[5]: name[Name] len[20] [2013/11/07 14:24:56.546560, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[6]: name[Print Processor] len[18] [2013/11/07 14:24:56.546645, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[7]: name[Priority] len[4] [2013/11/07 14:24:56.546730, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[8]: name[Security] len[248] [2013/11/07 14:24:56.546829, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[9]: name[Share Name] len[20] [2013/11/07 14:24:56.546914, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[10]: name[StartTime] len[4] [2013/11/07 14:24:56.546999, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[11]: name[UntilTime] len[4] [2013/11/07 14:24:56.547084, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[12]: name[ChangeID] len[4] [2013/11/07 14:24:56.547171, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : NULL data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x00000000 (0) result : WERR_OK [2013/11/07 14:24:56.547623, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000015b-0000-0000-7b52-a8947f2c0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_BINARY (3) data : * data: ARRAY(0) data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x00000000 (0) [2013/11/07 14:24:56.548458, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 5B 01 00 00 00 00 00 00 7B 52 A8 94 ....[... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:56.548608, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:56.548690, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2013/11/07 14:24:56.548779, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : * data: ARRAY(248) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0xc4 (196) [55] : 0x00 (0) [56] : 0x07 (7) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x24 (36) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x05 (5) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x15 (21) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0xcd (205) [101] : 0x0e (14) [102] : 0x37 (55) [103] : 0x41 (65) [104] : 0xea (234) [105] : 0x03 (3) [106] : 0x00 (0) [107] : 0x1d (29) [108] : 0x0e (14) [109] : 0x89 (137) [110] : 0x3c (60) [111] : 0xd2 (210) [112] : 0x00 (0) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x02 (2) [118] : 0x24 (36) [119] : 0x00 (0) [120] : 0x0c (12) [121] : 0x00 (0) [122] : 0x0f (15) [123] : 0x10 (16) [124] : 0x01 (1) [125] : 0x05 (5) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x05 (5) [132] : 0x15 (21) [133] : 0x00 (0) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0xcd (205) [137] : 0x0e (14) [138] : 0x37 (55) [139] : 0x41 (65) [140] : 0xea (234) [141] : 0x03 (3) [142] : 0x00 (0) [143] : 0x1d (29) [144] : 0x0e (14) [145] : 0x89 (137) [146] : 0x3c (60) [147] : 0xd2 (210) [148] : 0x00 (0) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x09 (9) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x20 (32) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x02 (2) [178] : 0x18 (24) [179] : 0x00 (0) [180] : 0x0c (12) [181] : 0x00 (0) [182] : 0x0f (15) [183] : 0x10 (16) [184] : 0x01 (1) [185] : 0x02 (2) [186] : 0x00 (0) [187] : 0x00 (0) [188] : 0x00 (0) [189] : 0x00 (0) [190] : 0x00 (0) [191] : 0x05 (5) [192] : 0x20 (32) [193] : 0x00 (0) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x20 (32) [197] : 0x02 (2) [198] : 0x00 (0) [199] : 0x00 (0) [200] : 0x00 (0) [201] : 0x09 (9) [202] : 0x18 (24) [203] : 0x00 (0) [204] : 0x0c (12) [205] : 0x00 (0) [206] : 0x0f (15) [207] : 0x10 (16) [208] : 0x01 (1) [209] : 0x02 (2) [210] : 0x00 (0) [211] : 0x00 (0) [212] : 0x00 (0) [213] : 0x00 (0) [214] : 0x00 (0) [215] : 0x05 (5) [216] : 0x20 (32) [217] : 0x00 (0) [218] : 0x00 (0) [219] : 0x00 (0) [220] : 0x26 (38) [221] : 0x02 (2) [222] : 0x00 (0) [223] : 0x00 (0) [224] : 0x00 (0) [225] : 0x02 (2) [226] : 0x18 (24) [227] : 0x00 (0) [228] : 0x0c (12) [229] : 0x00 (0) [230] : 0x0f (15) [231] : 0x10 (16) [232] : 0x01 (1) [233] : 0x02 (2) [234] : 0x00 (0) [235] : 0x00 (0) [236] : 0x00 (0) [237] : 0x00 (0) [238] : 0x00 (0) [239] : 0x05 (5) [240] : 0x20 (32) [241] : 0x00 (0) [242] : 0x00 (0) [243] : 0x00 (0) [244] : 0x26 (38) [245] : 0x02 (2) [246] : 0x00 (0) [247] : 0x00 (0) data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x000000f8 (248) result : WERR_OK [2013/11/07 14:24:56.558990, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000015b-0000-0000-7b52-a8947f2c0000 [2013/11/07 14:24:56.559275, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 5B 01 00 00 00 00 00 00 7B 52 A8 94 ....[... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:56.559425, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 5B 01 00 00 00 00 00 00 7B 52 A8 94 ....[... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:56.559572, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:24:56.559659, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (4->3) [2013/11/07 14:24:56.559741, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:24:56.560090, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000015a-0000-0000-7b52-a8947f2c0000 [2013/11/07 14:24:56.560371, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 5A 01 00 00 00 00 00 00 7B 52 A8 94 ....Z... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:56.560549, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 5A 01 00 00 00 00 00 00 7B 52 A8 94 ....Z... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:56.560696, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:24:56.560779, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (3->2) [2013/11/07 14:24:56.560861, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:24:56.561199, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000159-0000-0000-7b52-a8947f2c0000 [2013/11/07 14:24:56.561490, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 59 01 00 00 00 00 00 00 7B 52 A8 94 ....Y... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:56.561638, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 59 01 00 00 00 00 00 00 7B 52 A8 94 ....Y... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:56.561785, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:24:56.561873, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (2->1) [2013/11/07 14:24:56.561956, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:24:56.562305, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000158-0000-0000-7b52-a8947f2c0000 [2013/11/07 14:24:56.562585, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 58 01 00 00 00 00 00 00 7B 52 A8 94 ....X... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:56.562735, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 58 01 00 00 00 00 00 00 7B 52 A8 94 ....X... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:56.562885, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:24:56.562968, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (1->0) [2013/11/07 14:24:56.563075, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:24:56.563412, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:416(close_policy_by_pipe) Deleted handle list for RPC connection \winreg [2013/11/07 14:24:56.563627, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) spoolss_GetPrinter: struct spoolss_GetPrinter out: struct spoolss_GetPrinter info : * info : union spoolss_PrinterInfo(case 2) info2: struct spoolss_PrinterInfo2 servername : * servername : '\\SLAVER' printername : * printername : '\\SLAVER\sprinter1' sharename : * sharename : 'sprinter1' portname : * portname : 'Samba Printer Port' drivername : * drivername : '' comment : * comment : '' location : * location : '' devmode : * devmode: struct spoolss_DeviceMode devicename : '\\SLAVER\sprinter1' specversion : DMSPEC_NT4_AND_ABOVE (1025) driverversion : 0x0400 (1024) size : 0x00dc (220) __driverextra_length : 0x0000 (0) fields : 0x00014713 (83731) 1: DEVMODE_ORIENTATION 1: DEVMODE_PAPERSIZE 0: DEVMODE_PAPERLENGTH 0: DEVMODE_PAPERWIDTH 1: DEVMODE_SCALE 0: DEVMODE_POSITION 0: DEVMODE_NUP 1: DEVMODE_COPIES 1: DEVMODE_DEFAULTSOURCE 1: DEVMODE_PRINTQUALITY 0: DEVMODE_COLOR 0: DEVMODE_DUPLEX 0: DEVMODE_YRESOLUTION 1: DEVMODE_TTOPTION 0: DEVMODE_COLLATE 1: DEVMODE_FORMNAME 0: DEVMODE_LOGPIXELS 0: DEVMODE_BITSPERPEL 0: DEVMODE_PELSWIDTH 0: DEVMODE_PELSHEIGHT 0: DEVMODE_DISPLAYFLAGS 0: DEVMODE_DISPLAYFREQUENCY 0: DEVMODE_ICMMETHOD 0: DEVMODE_ICMINTENT 0: DEVMODE_MEDIATYPE 0: DEVMODE_DITHERTYPE 0: DEVMODE_PANNINGWIDTH 0: DEVMODE_PANNINGHEIGHT orientation : DMORIENT_PORTRAIT (1) papersize : DMPAPER_LETTER (1) paperlength : 0x0000 (0) paperwidth : 0x0000 (0) scale : 0x0064 (100) copies : 0x0001 (1) defaultsource : DMBIN_FORMSOURCE (15) printquality : DMRES_HIGH (65532) color : DMRES_MONOCHROME (1) duplex : DMDUP_SIMPLEX (1) yresolution : 0x0000 (0) ttoption : DMTT_SUBDEV (3) collate : DMCOLLATE_FALSE (0) formname : 'Letter' logpixels : 0x0000 (0) bitsperpel : 0x00000000 (0) pelswidth : 0x00000000 (0) pelsheight : 0x00000000 (0) displayflags : UNKNOWN_ENUM_VALUE (0) displayfrequency : 0x00000000 (0) icmmethod : UNKNOWN_ENUM_VALUE (0) icmintent : UNKNOWN_ENUM_VALUE (0) mediatype : UNKNOWN_ENUM_VALUE (0) dithertype : UNKNOWN_ENUM_VALUE (0) reserved1 : 0x00000000 (0) reserved2 : 0x00000000 (0) panningwidth : 0x00000000 (0) panningheight : 0x00000000 (0) driverextra_data : DATA_BLOB length=0 sepfile : * sepfile : '' printprocessor : * printprocessor : 'winprint' datatype : * datatype : 'RAW' parameters : * parameters : '' secdesc : * secdesc: struct security_descriptor revision : SECURITY_DESCRIPTOR_REVISION_1 (1) type : 0x8004 (32772) 0: SEC_DESC_OWNER_DEFAULTED 0: SEC_DESC_GROUP_DEFAULTED 1: SEC_DESC_DACL_PRESENT 0: SEC_DESC_DACL_DEFAULTED 0: SEC_DESC_SACL_PRESENT 0: SEC_DESC_SACL_DEFAULTED 0: SEC_DESC_DACL_TRUSTED 0: SEC_DESC_SERVER_SECURITY 0: SEC_DESC_DACL_AUTO_INHERIT_REQ 0: SEC_DESC_SACL_AUTO_INHERIT_REQ 0: SEC_DESC_DACL_AUTO_INHERITED 0: SEC_DESC_SACL_AUTO_INHERITED 0: SEC_DESC_DACL_PROTECTED 0: SEC_DESC_SACL_PROTECTED 0: SEC_DESC_RM_CONTROL_VALID 1: SEC_DESC_SELF_RELATIVE owner_sid : * owner_sid : S-1-5-32-544 group_sid : * group_sid : S-1-5-32-544 sacl : NULL dacl : * dacl: struct security_acl revision : SECURITY_ACL_REVISION_NT4 (2) size : 0x00c4 (196) num_aces : 0x00000007 (7) aces: ARRAY(7) aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0014 (20) access_mask : 0x20020008 (537001992) object : union security_ace_object_ctr(case 0) trustee : S-1-1-0 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x09 (9) 1: SEC_ACE_FLAG_OBJECT_INHERIT 0: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 1: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0024 (36) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-21-1094127309-486540266-3527182606-512 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0024 (36) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-21-1094127309-486540266-3527182606-512 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x09 (9) 1: SEC_ACE_FLAG_OBJECT_INHERIT 0: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 1: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-544 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-544 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x09 (9) 1: SEC_ACE_FLAG_OBJECT_INHERIT 0: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 1: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-550 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-550 attributes : 0x00001048 (4168) 0: PRINTER_ATTRIBUTE_QUEUED 0: PRINTER_ATTRIBUTE_DIRECT 0: PRINTER_ATTRIBUTE_DEFAULT 1: PRINTER_ATTRIBUTE_SHARED 0: PRINTER_ATTRIBUTE_NETWORK 0: PRINTER_ATTRIBUTE_HIDDEN 1: PRINTER_ATTRIBUTE_LOCAL 0: PRINTER_ATTRIBUTE_ENABLE_DEVQ 0: PRINTER_ATTRIBUTE_KEEPPRINTEDJOBS 0: PRINTER_ATTRIBUTE_DO_COMPLETE_FIRST 0: PRINTER_ATTRIBUTE_WORK_OFFLINE 0: PRINTER_ATTRIBUTE_ENABLE_BIDI 1: PRINTER_ATTRIBUTE_RAW_ONLY 0: PRINTER_ATTRIBUTE_PUBLISHED 0: PRINTER_ATTRIBUTE_FAX 0: PRINTER_ATTRIBUTE_TS priority : 0x00000001 (1) defaultpriority : 0x00000001 (1) starttime : 0x00000000 (0) untiltime : 0x00000000 (0) status : 0x00000000 (0) 0: PRINTER_STATUS_PAUSED 0: PRINTER_STATUS_ERROR 0: PRINTER_STATUS_PENDING_DELETION 0: PRINTER_STATUS_PAPER_JAM 0: PRINTER_STATUS_PAPER_OUT 0: PRINTER_STATUS_MANUAL_FEED 0: PRINTER_STATUS_PAPER_PROBLEM 0: PRINTER_STATUS_OFFLINE 0: PRINTER_STATUS_IO_ACTIVE 0: PRINTER_STATUS_BUSY 0: PRINTER_STATUS_PRINTING 0: PRINTER_STATUS_OUTPUT_BIN_FULL 0: PRINTER_STATUS_NOT_AVAILABLE 0: PRINTER_STATUS_WAITING 0: PRINTER_STATUS_PROCESSING 0: PRINTER_STATUS_INITIALIZING 0: PRINTER_STATUS_WARMING_UP 0: PRINTER_STATUS_TONER_LOW 0: PRINTER_STATUS_NO_TONER 0: PRINTER_STATUS_PAGE_PUNT 0: PRINTER_STATUS_USER_INTERVENTION 0: PRINTER_STATUS_OUT_OF_MEMORY 0: PRINTER_STATUS_DOOR_OPEN 0: PRINTER_STATUS_SERVER_UNKNOWN 0: PRINTER_STATUS_POWER_SAVE cjobs : 0x00000000 (0) averageppm : 0x00000000 (0) needed : * needed : 0x000002f0 (752) result : WERR_OK [2013/11/07 14:24:56.575113, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1417(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2013/11/07 14:24:56.575238, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (2016, 5001) - sec_ctx_stack_ndx = 0 [2013/11/07 14:24:56.575327, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 4140 smbd_smb2_request_pending_queue: req->current_idx = 1 req->in.vector[0].iov_len = 0 req->in.vector[1].iov_len = 0 req->in.vector[2].iov_len = 64 req->in.vector[3].iov_len = 56 req->in.vector[4].iov_len = 4156 req->out.vector[0].iov_len = 4 req->out.vector[1].iov_len = 0 req->out.vector[2].iov_len = 64 req->out.vector[3].iov_len = 8 req->out.vector[4].iov_len = 0 [2013/11/07 14:24:56.575829, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:128(smbd_smb2_ioctl_pipe_write_done) smbd_smb2_ioctl_pipe_write_done: received 4156 [2013/11/07 14:24:56.575914, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:149(smbd_smb2_ioctl_pipe_write_done) smbd_smb2_ioctl_pipe_write_done: issuing np_read_send of size 4136 [2013/11/07 14:24:56.575999, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) name: \spoolss len: 4136 [2013/11/07 14:24:56.576097, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:347(read_from_internal_pipe) read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 4112. [2013/11/07 14:24:56.576195, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x1028 (4136) auth_length : 0x0000 (0) call_id : 0x00000014 (20) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00001010 (4112) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=4112 [0000] 04 00 02 00 00 10 00 00 EE 0F 00 00 C8 0F 00 00 ........ ........ [0010] B4 0F 00 00 8E 0F 00 00 8C 0F 00 00 8A 0F 00 00 ........ ........ [0020] 88 0F 00 00 8C 0E 00 00 86 0F 00 00 74 0F 00 00 ........ ....t... [0030] 6C 0F 00 00 6A 0F 00 00 94 0D 00 00 48 10 00 00 l...j... ....H... [0040] 01 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 01 00 04 80 ........ ........ [0DA0] D8 00 00 00 E8 00 00 00 00 00 00 00 14 00 00 00 ........ ........ [0DB0] 02 00 C4 00 07 00 00 00 00 02 14 00 08 00 02 20 ........ ....... [0DC0] 01 01 00 00 00 00 00 01 00 00 00 00 00 09 24 00 ........ ......$. [0DD0] 0C 00 0F 10 01 05 00 00 00 00 00 05 15 00 00 00 ........ ........ [0DE0] CD 0E 37 41 EA 03 00 1D 0E 89 3C D2 00 02 00 00 ..7A.... ..<..... [0DF0] 00 02 24 00 0C 00 0F 10 01 05 00 00 00 00 00 05 ..$..... ........ [0E00] 15 00 00 00 CD 0E 37 41 EA 03 00 1D 0E 89 3C D2 ......7A ......<. [0E10] 00 02 00 00 00 09 18 00 0C 00 0F 10 01 02 00 00 ........ ........ [0E20] 00 00 00 05 20 00 00 00 20 02 00 00 00 02 18 00 .... ... ....... [0E30] 0C 00 0F 10 01 02 00 00 00 00 00 05 20 00 00 00 ........ .... ... [0E40] 20 02 00 00 00 09 18 00 0C 00 0F 10 01 02 00 00 ....... ........ [0E50] 00 00 00 05 20 00 00 00 26 02 00 00 00 02 18 00 .... ... &....... [0E60] 0C 00 0F 10 01 02 00 00 00 00 00 05 20 00 00 00 ........ .... ... [0E70] 26 02 00 00 01 02 00 00 00 00 00 05 20 00 00 00 &....... .... ... [0E80] 20 02 00 00 01 02 00 00 00 00 00 05 20 00 00 00 ....... .... ... [0E90] 20 02 00 00 5C 00 5C 00 53 00 4C 00 41 00 56 00 ...\.\. S.L.A.V. [0EA0] 45 00 52 00 5C 00 73 00 70 00 72 00 69 00 6E 00 E.R.\.s. p.r.i.n. [0EB0] 74 00 65 00 72 00 31 00 00 00 00 00 00 00 00 00 t.e.r.1. ........ [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0ED0] 00 00 00 00 01 04 00 04 DC 00 00 00 13 47 01 00 ........ .....G.. [0EE0] 01 00 01 00 00 00 00 00 64 00 01 00 0F 00 FC FF ........ d....... [0EF0] 01 00 01 00 00 00 03 00 00 00 4C 00 65 00 74 00 ........ ..L.e.t. [0F00] 74 00 65 00 72 00 00 00 00 00 00 00 00 00 00 00 t.e.r... ........ [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F70] 00 00 00 00 52 00 41 00 57 00 00 00 77 00 69 00 ....R.A. W...w.i. [0F80] 6E 00 70 00 72 00 69 00 6E 00 74 00 00 00 00 00 n.p.r.i. n.t..... [0F90] 00 00 00 00 00 00 53 00 61 00 6D 00 62 00 61 00 ......S. a.m.b.a. [0FA0] 20 00 50 00 72 00 69 00 6E 00 74 00 65 00 72 00 .P.r.i. n.t.e.r. [0FB0] 20 00 50 00 6F 00 72 00 74 00 00 00 73 00 70 00 .P.o.r. t...s.p. [0FC0] 72 00 69 00 6E 00 74 00 65 00 72 00 31 00 00 00 r.i.n.t. e.r.1... [0FD0] 5C 00 5C 00 53 00 4C 00 41 00 56 00 45 00 52 00 \.\.S.L. A.V.E.R. [0FE0] 5C 00 73 00 70 00 72 00 69 00 6E 00 74 00 65 00 \.s.p.r. i.n.t.e. [0FF0] 72 00 31 00 00 00 5C 00 5C 00 53 00 4C 00 41 00 r.1...\. \.S.L.A. [1000] 56 00 45 00 52 00 00 00 F0 02 00 00 00 00 00 00 V.E.R... ........ [2013/11/07 14:24:56.594508, 3, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) free_pipe_context: destroying talloc pool of size 1258 [2013/11/07 14:24:56.594626, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 4136 bytes. There is no more data outstanding [2013/11/07 14:24:56.594710, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:178(smbd_smb2_ioctl_pipe_read_done) smbd_smb2_ioctl_pipe_read_done: np_read_recv nread = 4136 is_data_outstanding = 0, status = NT_STATUS_OK [2013/11/07 14:24:56.594801, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl.c:291(smbd_smb2_request_ioctl_done) smbd_smb2_request_ioctl_done: smbd_smb2_ioctl_recv returned 4136 status NT_STATUS_OK [2013/11/07 14:24:56.594884, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[48] dyn[yes:4136] at ../source3/smbd/smb2_ioctl.c:358 [2013/11/07 14:24:56.594972, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/189/127 [2013/11/07 14:24:56.780260, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) smbd_smb2_request_incoming: idx[1] of 5 vectors [2013/11/07 14:24:56.780762, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) smb2_validate_sequence_number: clearing id 189 (position 189) from bitmap [2013/11/07 14:24:56.781009, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) smbd_smb2_request_dispatch: opcode[SMB2_OP_CREATE] mid = 189 [2013/11/07 14:24:56.781257, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2013/11/07 14:24:56.781583, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_create.c:451(smbd_smb2_create_send) smbd_smb2_create: name[spoolss] [2013/11/07 14:24:56.782098, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap.c:187(dbwrap_check_lock_order) check lock order 1 for /var/run/samba/smbXsrv_open_global.tdb [2013/11/07 14:24:56.782303, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) lock order: 1:/var/run/samba/smbXsrv_open_global.tdb 2: 3: [2013/11/07 14:24:56.782571, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) Locking key 5DE11E80 [2013/11/07 14:24:56.782807, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap_tdb.c:143(db_tdb_fetch_locked_internal) Allocated locked data 0x0xb81d7150 [2013/11/07 14:24:56.783113, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smbXsrv_open.c:695(smbXsrv_open_global_store) [2013/11/07 14:24:56.783243, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smbXsrv_open.c:697(smbXsrv_open_global_store) smbXsrv_open_global_store: key '5DE11E80' stored [2013/11/07 14:24:56.783450, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) &global_blob: struct smbXsrv_open_globalB version : SMBXSRV_VERSION_0 (0) seqnum : 0x00000001 (1) info : union smbXsrv_open_globalU(case 0) info0 : * info0: struct smbXsrv_open_global0 db_rec : * server_id: struct server_id pid : 0x0000000000002c7f (11391) task_id : 0x00000000 (0) vnn : 0xffffffff (4294967295) unique_id : 0xf0a57ba60aba1420 (-1106342180374834144) open_global_id : 0x5de11e80 (1575034496) open_persistent_id : 0x000000005de11e80 (1575034496) open_volatile_id : 0x000000009677f4ff (2524443903) open_owner : S-1-5-21-1094127309-486540266-3527182606-1118 open_time : Do Nov 7 14:24:57 2013 CET create_guid : 00000000-0000-0000-0000-000000000000 client_guid : 4a76dfb5-4795-11e3-be7a-5254003f141e app_instance_id : 00000000-0000-0000-0000-000000000000 disconnect_time : NTTIME(0) durable_timeout_msec : 0x00000000 (0) durable : 0x00 (0) backend_cookie : DATA_BLOB length=0 [2013/11/07 14:24:56.786077, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) Unlocking key 5DE11E80 [2013/11/07 14:24:56.786292, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor) release lock order 1 for /var/run/samba/smbXsrv_open_global.tdb [2013/11/07 14:24:56.786495, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) lock order: 1: 2: 3: [2013/11/07 14:24:56.786703, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smbXsrv_open.c:862(smbXsrv_open_create) [2013/11/07 14:24:56.786815, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smbXsrv_open.c:870(smbXsrv_open_create) smbXsrv_open_create: global_id (0x5de11e80) stored [2013/11/07 14:24:56.787015, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) &open_blob: struct smbXsrv_openB version : SMBXSRV_VERSION_0 (0) reserved : 0x00000000 (0) info : union smbXsrv_openU(case 0) info0 : * info0: struct smbXsrv_open table : * db_rec : NULL local_id : 0x9677f4ff (2524443903) global : * global: struct smbXsrv_open_global0 db_rec : NULL server_id: struct server_id pid : 0x0000000000002c7f (11391) task_id : 0x00000000 (0) vnn : 0xffffffff (4294967295) unique_id : 0xf0a57ba60aba1420 (-1106342180374834144) open_global_id : 0x5de11e80 (1575034496) open_persistent_id : 0x000000005de11e80 (1575034496) open_volatile_id : 0x000000009677f4ff (2524443903) open_owner : S-1-5-21-1094127309-486540266-3527182606-1118 open_time : Do Nov 7 14:24:57 2013 CET create_guid : 00000000-0000-0000-0000-000000000000 client_guid : 4a76dfb5-4795-11e3-be7a-5254003f141e app_instance_id : 00000000-0000-0000-0000-000000000000 disconnect_time : NTTIME(0) durable_timeout_msec : 0x00000000 (0) durable : 0x00 (0) backend_cookie : DATA_BLOB length=0 status : NT_STATUS_OK idle_time : Do Nov 7 14:24:57 2013 CET compat : NULL [2013/11/07 14:24:56.790436, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/files.c:125(file_new) allocated file structure fnum 2524443903 (2 used) [2013/11/07 14:24:56.790665, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/files.c:713(file_name_hash) file_name_hash: /tmp/spoolss hash 0x7d4e46e5 [2013/11/07 14:24:56.790932, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) Create pipe requested \spoolss [2013/11/07 14:24:56.791156, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 11 for pipe \spoolss [2013/11/07 14:24:56.791516, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) Created internal pipe \spoolss [2013/11/07 14:24:56.791728, 8, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/dosmode.c:631(dos_mode) dos_mode: spoolss [2013/11/07 14:24:56.791968, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_create.c:1053(smbd_smb2_create_send) smbd_smb2_create_send: spoolss - fnum 2524443903 [2013/11/07 14:24:56.792230, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[88] dyn[yes:0] at ../source3/smbd/smb2_create.c:369 [2013/11/07 14:24:56.792515, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/190/127 [2013/11/07 14:24:56.795144, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) smbd_smb2_request_incoming: idx[1] of 5 vectors [2013/11/07 14:24:56.795484, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) smb2_validate_sequence_number: clearing id 190 (position 190) from bitmap [2013/11/07 14:24:56.795718, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) smbd_smb2_request_dispatch: opcode[SMB2_OP_WRITE] mid = 190 [2013/11/07 14:24:56.795979, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2013/11/07 14:24:56.796199, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) mid 190, CreditCharge: 1, NeededCharge: 1 [2013/11/07 14:24:56.796529, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_write.c:271(smbd_smb2_write_send) smbd_smb2_write: spoolss - fnum 2524443903 [2013/11/07 14:24:56.796752, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 160 [2013/11/07 14:24:56.796958, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 160 [2013/11/07 14:24:56.797159, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 160 [2013/11/07 14:24:56.797392, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) fill_rpc_header: data_to_copy = 160, len_needed_to_complete_hdr = 16, receive_len = 0 [2013/11/07 14:24:56.797598, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 16 [2013/11/07 14:24:56.797797, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 144 [2013/11/07 14:24:56.797995, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 144 [2013/11/07 14:24:56.798202, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 0 [2013/11/07 14:24:56.798459, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 144 [2013/11/07 14:24:56.798679, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 144, incoming data = 144 [2013/11/07 14:24:56.798888, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) PDU is in Little Endian format! [2013/11/07 14:24:56.799159, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_BIND (11) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x00a0 (160) auth_length : 0x0000 (0) call_id : 0x00000002 (2) u : union dcerpc_payload(case 11) bind: struct dcerpc_bind max_xmit_frag : 0x10b8 (4280) max_recv_frag : 0x10b8 (4280) assoc_group_id : 0x00000000 (0) num_contexts : 0x03 (3) ctx_list: ARRAY(3) ctx_list: struct dcerpc_ctx_list context_id : 0x0000 (0) num_transfer_syntaxes : 0x01 (1) abstract_syntax: struct ndr_syntax_id uuid : 12345678-1234-abcd-ef00-0123456789ab if_version : 0x00000001 (1) transfer_syntaxes: ARRAY(1) transfer_syntaxes: struct ndr_syntax_id uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 if_version : 0x00000002 (2) ctx_list: struct dcerpc_ctx_list context_id : 0x0001 (1) num_transfer_syntaxes : 0x01 (1) abstract_syntax: struct ndr_syntax_id uuid : 12345678-1234-abcd-ef00-0123456789ab if_version : 0x00000001 (1) transfer_syntaxes: ARRAY(1) transfer_syntaxes: struct ndr_syntax_id uuid : 71710533-beba-4937-8319-b5dbef9ccc36 if_version : 0x00000001 (1) ctx_list: struct dcerpc_ctx_list context_id : 0x0002 (2) num_transfer_syntaxes : 0x01 (1) abstract_syntax: struct ndr_syntax_id uuid : 12345678-1234-abcd-ef00-0123456789ab if_version : 0x00000001 (1) transfer_syntaxes: ARRAY(1) transfer_syntaxes: struct ndr_syntax_id uuid : 6cb71c2c-9812-4540-0300-000000000000 if_version : 0x00000001 (1) auth_info : DATA_BLOB length=0 [2013/11/07 14:24:56.804349, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) Processing packet type 11 [2013/11/07 14:24:56.804620, 3, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:693(api_pipe_bind_req) api_pipe_bind_req: spoolss -> spoolss rpc service [2013/11/07 14:24:56.804826, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:724(api_pipe_bind_req) api_pipe_bind_req: make response. 724 [2013/11/07 14:24:56.805027, 3, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:342(check_bind_req) check_bind_req for \spoolss [2013/11/07 14:24:56.805238, 3, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:349(check_bind_req) check_bind_req: spoolss -> spoolss rpc service [2013/11/07 14:24:56.805493, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 12 for pipe \spoolss [2013/11/07 14:24:56.805757, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_BIND_ACK (12) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0044 (68) auth_length : 0x0000 (0) call_id : 0x00000002 (2) u : union dcerpc_payload(case 12) bind_ack: struct dcerpc_bind_ack max_xmit_frag : 0x10b8 (4280) max_recv_frag : 0x10b8 (4280) assoc_group_id : 0x000053f0 (21488) secondary_address_size : 0x000e (14) secondary_address : '\PIPE\spoolss' _pad1 : DATA_BLOB length=0 num_results : 0x01 (1) ctx_list: ARRAY(1) ctx_list: struct dcerpc_ack_ctx result : 0x0000 (0) reason : 0x0000 (0) syntax: struct ndr_syntax_id uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 if_version : 0x00000002 (2) auth_info : DATA_BLOB length=0 [2013/11/07 14:24:56.808808, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 144 smbd_smb2_request_pending_queue: req->current_idx = 1 req->in.vector[0].iov_len = 0 req->in.vector[1].iov_len = 0 req->in.vector[2].iov_len = 64 req->in.vector[3].iov_len = 48 req->in.vector[4].iov_len = 160 req->out.vector[0].iov_len = 4 req->out.vector[1].iov_len = 0 req->out.vector[2].iov_len = 64 req->out.vector[3].iov_len = 8 req->out.vector[4].iov_len = 0 [2013/11/07 14:24:56.810049, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[16] dyn[yes:0] at ../source3/smbd/smb2_write.c:150 [2013/11/07 14:24:56.810268, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/191/127 [2013/11/07 14:24:56.812633, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) smbd_smb2_request_incoming: idx[1] of 5 vectors [2013/11/07 14:24:56.812959, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) smb2_validate_sequence_number: clearing id 191 (position 191) from bitmap [2013/11/07 14:24:56.813371, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) smbd_smb2_request_dispatch: opcode[SMB2_OP_READ] mid = 191 [2013/11/07 14:24:56.813617, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2013/11/07 14:24:56.813837, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) mid 191, CreditCharge: 1, NeededCharge: 1 [2013/11/07 14:24:56.814043, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_read.c:400(smbd_smb2_read_send) smbd_smb2_read: spoolss - fnum 2524443903 [2013/11/07 14:24:56.814264, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) name: \spoolss len: 1024 [2013/11/07 14:24:56.814478, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:326(read_from_internal_pipe) read_from_pipe: \spoolss: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. [2013/11/07 14:24:56.814692, 3, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) free_pipe_context: destroying talloc pool of size 25 smbd_smb2_request_pending_queue: req->current_idx = 1 req->in.vector[0].iov_len = 0 req->in.vector[1].iov_len = 0 req->in.vector[2].iov_len = 64 req->in.vector[3].iov_len = 48 req->in.vector[4].iov_len = 1 req->out.vector[0].iov_len = 4 req->out.vector[1].iov_len = 0 req->out.vector[2].iov_len = 64 req->out.vector[3].iov_len = 8 req->out.vector[4].iov_len = 0 [2013/11/07 14:24:56.815896, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 68 bytes. There is no more data outstanding [2013/11/07 14:24:56.816124, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[16] dyn[yes:68] at ../source3/smbd/smb2_read.c:154 [2013/11/07 14:24:56.816383, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/192/127 [2013/11/07 14:24:56.818651, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) smbd_smb2_request_incoming: idx[1] of 5 vectors [2013/11/07 14:24:56.818947, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) smb2_validate_sequence_number: clearing id 192 (position 192) from bitmap [2013/11/07 14:24:56.819207, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) smbd_smb2_request_dispatch: opcode[SMB2_OP_IOCTL] mid = 192 [2013/11/07 14:24:56.819539, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2013/11/07 14:24:56.819758, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) mid 192, CreditCharge: 1, NeededCharge: 1 [2013/11/07 14:24:56.819963, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl.c:394(smbd_smb2_ioctl_send) smbd_smb2_ioctl: ctl_code[0x0011c017] spoolss, fnum 2524443903 [2013/11/07 14:24:56.820180, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:59(smb2_ioctl_named_pipe) smbd_smb2_ioctl_send: np_write_send of size 192 [2013/11/07 14:24:56.820532, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 192 [2013/11/07 14:24:56.820739, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 192 [2013/11/07 14:24:56.820940, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 192 [2013/11/07 14:24:56.821141, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) fill_rpc_header: data_to_copy = 192, len_needed_to_complete_hdr = 16, receive_len = 0 [2013/11/07 14:24:56.821576, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 16 [2013/11/07 14:24:56.821775, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 176 [2013/11/07 14:24:56.821972, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 176 [2013/11/07 14:24:56.822179, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 0 [2013/11/07 14:24:56.822451, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 176 [2013/11/07 14:24:56.822650, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 176, incoming data = 176 [2013/11/07 14:24:56.822857, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) PDU is in Little Endian format! [2013/11/07 14:24:56.823124, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x00c0 (192) auth_length : 0x0000 (0) call_id : 0x00000002 (2) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x000000a8 (168) context_id : 0x0000 (0) opnum : 0x0045 (69) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=168 [0000] 00 00 02 00 13 00 00 00 00 00 00 00 13 00 00 00 ........ ........ [0010] 5C 00 5C 00 53 00 4C 00 41 00 56 00 45 00 52 00 \.\.S.L. A.V.E.R. [0020] 5C 00 73 00 70 00 72 00 69 00 6E 00 74 00 65 00 \.s.p.r. i.n.t.e. [0030] 72 00 31 00 00 00 00 00 00 00 00 00 00 00 00 00 r.1..... ........ [0040] 00 00 00 00 00 00 00 00 01 00 00 00 01 00 00 00 ........ ........ [0050] 04 00 02 00 28 00 00 00 08 00 02 00 0C 00 02 00 ....(... ........ [0060] 80 25 00 00 03 00 00 00 00 00 00 00 09 00 00 00 .%...... ........ [0070] 05 00 00 00 00 00 00 00 05 00 00 00 57 00 49 00 ........ ....W.I. [0080] 4E 00 38 00 00 00 00 00 0A 00 00 00 00 00 00 00 N.8..... ........ [0090] 0A 00 00 00 46 00 46 00 46 00 5C 00 74 00 65 00 ....F.F. F.\.t.e. [00A0] 73 00 74 00 38 00 00 00 s.t.8... [2013/11/07 14:24:56.832501, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) Processing packet type 0 [2013/11/07 14:24:56.832733, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1472(dcesrv_auth_request) Checking request auth. [2013/11/07 14:24:56.832946, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(2016, 5001) : sec_ctx_stack_ndx = 1 [2013/11/07 14:24:56.833177, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (2016, 5001) - sec_ctx_stack_ndx = 1 [2013/11/07 14:24:56.833527, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (7): SID[ 0]: S-1-5-21-1094127309-486540266-3527182606-1118 SID[ 1]: S-1-5-21-1094127309-486540266-3527182606-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-32-545 SID[ 6]: S-1-5-32-554 Privileges (0x 800000): Privilege[ 0]: SeChangeNotifyPrivilege Rights (0x 400): Right[ 0]: SeRemoteInteractiveLogonRight [2013/11/07 14:24:56.834806, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 2016 Primary group is 5001 and contains 6 supplementary groups Group[ 0]: 5001 Group[ 1]: 5012 Group[ 2]: 5032 Group[ 3]: 5010 Group[ 4]: 5067 Group[ 5]: 5052 [2013/11/07 14:24:56.835679, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1324(api_pipe_request) Requested \spoolss rpc service [2013/11/07 14:24:56.835893, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1356(api_rpcTNP) api_rpcTNP: \spoolss op 0x45 - api_rpcTNP: rpc command: SPOOLSS_OPENPRINTEREX [2013/11/07 14:24:56.836156, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1390(api_rpcTNP) api_rpc_cmds[69].fn == 0xb7662e70 [2013/11/07 14:24:56.836520, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) spoolss_OpenPrinterEx: struct spoolss_OpenPrinterEx in: struct spoolss_OpenPrinterEx printername : * printername : '\\SLAVER\sprinter1' datatype : NULL devmode_ctr: struct spoolss_DevmodeContainer _ndr_size : 0x00000000 (0) devmode : NULL access_mask : 0x00000000 (0) 0: SERVER_ACCESS_ADMINISTER 0: SERVER_ACCESS_ENUMERATE 0: PRINTER_ACCESS_ADMINISTER 0: PRINTER_ACCESS_USE 0: JOB_ACCESS_ADMINISTER 0: JOB_ACCESS_READ userlevel_ctr: struct spoolss_UserLevelCtr level : 0x00000001 (1) user_info : union spoolss_UserLevel(case 1) level1 : * level1: struct spoolss_UserLevel1 size : 0x00000028 (40) client : * client : 'WIN8' user : * user : 'FFF\test8' build : 0x00002580 (9600) major : UNKNOWN_ENUM_VALUE (3) minor : SPOOLSS_MINOR_VERSION_0 (0) processor : PROCESSOR_ARCHITECTURE_AMD64 (9) checking name: \\SLAVER\sprinter1 [2013/11/07 14:24:56.839533, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:737(open_printer_hnd) open_printer_hnd: name [\\SLAVER\sprinter1] [2013/11/07 14:24:56.839756, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 5C 01 00 00 00 00 00 00 7B 52 A8 94 ....\... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:56.840133, 3, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:506(set_printer_hnd_printertype) Setting printer type=\\SLAVER\sprinter1 Printer is a printer [2013/11/07 14:24:56.840493, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:566(set_printer_hnd_name) Setting printer name=\\SLAVER\sprinter1 (len=18) searching for [sprinter1] [2013/11/07 14:24:56.840871, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=tdb] ../source3/lib/gencache.c:275(gencache_set_data_blob) Did not store value for PRINTERNAME/sprinter1, we already got it set_printer_hnd_name: Printer found: sprinter1 -> sprinter1 [2013/11/07 14:24:56.841164, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:773(open_printer_hnd) 2 printer handles active [2013/11/07 14:24:56.841383, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 5C 01 00 00 00 00 00 00 7B 52 A8 94 ....\... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:56.841533, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 5C 01 00 00 00 00 00 00 7B 52 A8 94 ....\... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:56.841695, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:489(get_printer_snum) short name:sprinter1 [2013/11/07 14:24:56.841803, 3, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/access.c:338(allow_access) Allowed connection from 10.200.7.61 (10.200.7.61) [2013/11/07 14:24:56.842034, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/share_access.c:237(user_ok_token) user_ok_token: share sprinter1 is ok for unix user test8 [2013/11/07 14:24:56.842196, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) Create pipe requested \winreg [2013/11/07 14:24:56.842289, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:221(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \winreg [2013/11/07 14:24:56.842371, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg [2013/11/07 14:24:56.842508, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) Created internal pipe \winreg [2013/11/07 14:24:56.842618, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:24:56.843123, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2013/11/07 14:24:56.843209, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(2016, 5001) : sec_ctx_stack_ndx = 2 [2013/11/07 14:24:56.843297, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:485(push_conn_ctx) push_conn_ctx(2620291195) : conn_ctx_stack_ndx = 0 [2013/11/07 14:24:56.843378, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/11/07 14:24:56.843458, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/11/07 14:24:56.843538, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/11/07 14:24:56.843780, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (2016, 5001) - sec_ctx_stack_ndx = 1 [2013/11/07 14:24:56.843866, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:866(regdb_open) regdb_open: registry db opened. refcount reset (1) [2013/11/07 14:24:56.843953, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2013/11/07 14:24:56.844050, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2013/11/07 14:24:56.844135, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:56.844215, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM] [2013/11/07 14:24:56.844344, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2013/11/07 14:24:56.844518, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:24:56.844605, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 5D 01 00 00 00 00 00 00 7B 52 A8 94 ....]... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:56.844758, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000015d-0000-0000-7b52-a8947f2c0000 result : WERR_OK [2013/11/07 14:24:56.845118, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000015d-0000-0000-7b52-a8947f2c0000 keyname: struct winreg_String name_len : 0x008c (140) name_size : 0x008c (140) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:24:56.846141, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 5D 01 00 00 00 00 00 00 7B 52 A8 94 ....]... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:56.846293, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2013/11/07 14:24:56.846376, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (1->2) [2013/11/07 14:24:56.846501, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2013/11/07 14:24:56.846597, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2013/11/07 14:24:56.846682, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:56.846761, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE] [2013/11/07 14:24:56.846875, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2013/11/07 14:24:56.846979, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2013/11/07 14:24:56.847061, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (2->3) [2013/11/07 14:24:56.847145, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:56.847225, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:56.847309, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:56.847387, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:56.847493, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:56.847593, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2013/11/07 14:24:56.847675, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (3->4) [2013/11/07 14:24:56.847759, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:56.847838, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:56.847922, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:56.848001, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:56.848103, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:56.848208, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2013/11/07 14:24:56.848289, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (4->5) [2013/11/07 14:24:56.848433, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:56.848518, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:56.848604, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:56.848684, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:56.848811, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2013/11/07 14:24:56.848895, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (5->6) [2013/11/07 14:24:56.848980, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:56.849061, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:56.849150, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:56.849229, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:56.849354, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2013/11/07 14:24:56.849437, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (6->7) [2013/11/07 14:24:56.849525, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:56.849605, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:56.849693, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:56.849773, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:56.849877, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:56.849981, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [sprinter1] [2013/11/07 14:24:56.850063, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (7->8) [2013/11/07 14:24:56.850164, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:56.850245, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:56.850335, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:56.850415, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:56.850545, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:56.850649, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:24:56.850734, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (8->7) [2013/11/07 14:24:56.850819, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (7->6) [2013/11/07 14:24:56.850903, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (6->5) [2013/11/07 14:24:56.850987, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (5->4) [2013/11/07 14:24:56.851069, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (4->3) [2013/11/07 14:24:56.851151, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (3->2) [2013/11/07 14:24:56.851235, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 5E 01 00 00 00 00 00 00 7B 52 A8 94 ....^... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:56.851386, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000015e-0000-0000-7b52-a8947f2c0000 result : WERR_OK [2013/11/07 14:24:56.851742, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000015e-0000-0000-7b52-a8947f2c0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2013/11/07 14:24:56.852588, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 5E 01 00 00 00 00 00 00 7B 52 A8 94 ....^... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:56.852739, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:56.852821, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2013/11/07 14:24:56.852904, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' (ops 0xb6d86bc0) [2013/11/07 14:24:56.852989, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:56.853110, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[0]: name[Attributes] len[4] [2013/11/07 14:24:56.853197, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[1]: name[Description] len[2] [2013/11/07 14:24:56.853310, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[2]: name[Datatype] len[8] [2013/11/07 14:24:56.853397, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[3]: name[Default Priority] len[4] [2013/11/07 14:24:56.853482, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[4]: name[Port] len[38] [2013/11/07 14:24:56.853567, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[5]: name[Name] len[20] [2013/11/07 14:24:56.853652, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[6]: name[Print Processor] len[18] [2013/11/07 14:24:56.853737, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[7]: name[Priority] len[4] [2013/11/07 14:24:56.853822, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[8]: name[Security] len[248] [2013/11/07 14:24:56.853906, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[9]: name[Share Name] len[20] [2013/11/07 14:24:56.854006, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[10]: name[StartTime] len[4] [2013/11/07 14:24:56.854091, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[11]: name[UntilTime] len[4] [2013/11/07 14:24:56.854176, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[12]: name[ChangeID] len[4] [2013/11/07 14:24:56.854263, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : NULL data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x00000000 (0) result : WERR_OK [2013/11/07 14:24:56.854724, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000015e-0000-0000-7b52-a8947f2c0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_BINARY (3) data : * data: ARRAY(0) data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x00000000 (0) [2013/11/07 14:24:56.855535, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 5E 01 00 00 00 00 00 00 7B 52 A8 94 ....^... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:56.855684, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:56.855766, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2013/11/07 14:24:56.855855, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : * data: ARRAY(248) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0xc4 (196) [55] : 0x00 (0) [56] : 0x07 (7) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x24 (36) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x05 (5) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x15 (21) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0xcd (205) [101] : 0x0e (14) [102] : 0x37 (55) [103] : 0x41 (65) [104] : 0xea (234) [105] : 0x03 (3) [106] : 0x00 (0) [107] : 0x1d (29) [108] : 0x0e (14) [109] : 0x89 (137) [110] : 0x3c (60) [111] : 0xd2 (210) [112] : 0x00 (0) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x02 (2) [118] : 0x24 (36) [119] : 0x00 (0) [120] : 0x0c (12) [121] : 0x00 (0) [122] : 0x0f (15) [123] : 0x10 (16) [124] : 0x01 (1) [125] : 0x05 (5) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x05 (5) [132] : 0x15 (21) [133] : 0x00 (0) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0xcd (205) [137] : 0x0e (14) [138] : 0x37 (55) [139] : 0x41 (65) [140] : 0xea (234) [141] : 0x03 (3) [142] : 0x00 (0) [143] : 0x1d (29) [144] : 0x0e (14) [145] : 0x89 (137) [146] : 0x3c (60) [147] : 0xd2 (210) [148] : 0x00 (0) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x09 (9) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x20 (32) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x02 (2) [178] : 0x18 (24) [179] : 0x00 (0) [180] : 0x0c (12) [181] : 0x00 (0) [182] : 0x0f (15) [183] : 0x10 (16) [184] : 0x01 (1) [185] : 0x02 (2) [186] : 0x00 (0) [187] : 0x00 (0) [188] : 0x00 (0) [189] : 0x00 (0) [190] : 0x00 (0) [191] : 0x05 (5) [192] : 0x20 (32) [193] : 0x00 (0) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x20 (32) [197] : 0x02 (2) [198] : 0x00 (0) [199] : 0x00 (0) [200] : 0x00 (0) [201] : 0x09 (9) [202] : 0x18 (24) [203] : 0x00 (0) [204] : 0x0c (12) [205] : 0x00 (0) [206] : 0x0f (15) [207] : 0x10 (16) [208] : 0x01 (1) [209] : 0x02 (2) [210] : 0x00 (0) [211] : 0x00 (0) [212] : 0x00 (0) [213] : 0x00 (0) [214] : 0x00 (0) [215] : 0x05 (5) [216] : 0x20 (32) [217] : 0x00 (0) [218] : 0x00 (0) [219] : 0x00 (0) [220] : 0x26 (38) [221] : 0x02 (2) [222] : 0x00 (0) [223] : 0x00 (0) [224] : 0x00 (0) [225] : 0x02 (2) [226] : 0x18 (24) [227] : 0x00 (0) [228] : 0x0c (12) [229] : 0x00 (0) [230] : 0x0f (15) [231] : 0x10 (16) [232] : 0x01 (1) [233] : 0x02 (2) [234] : 0x00 (0) [235] : 0x00 (0) [236] : 0x00 (0) [237] : 0x00 (0) [238] : 0x00 (0) [239] : 0x05 (5) [240] : 0x20 (32) [241] : 0x00 (0) [242] : 0x00 (0) [243] : 0x00 (0) [244] : 0x26 (38) [245] : 0x02 (2) [246] : 0x00 (0) [247] : 0x00 (0) data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x000000f8 (248) result : WERR_OK [2013/11/07 14:24:56.866360, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000015e-0000-0000-7b52-a8947f2c0000 [2013/11/07 14:24:56.866648, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 5E 01 00 00 00 00 00 00 7B 52 A8 94 ....^... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:56.866798, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 5E 01 00 00 00 00 00 00 7B 52 A8 94 ....^... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:56.866945, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:24:56.867033, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (2->1) [2013/11/07 14:24:56.867117, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:24:56.867468, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000015d-0000-0000-7b52-a8947f2c0000 [2013/11/07 14:24:56.867747, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 5D 01 00 00 00 00 00 00 7B 52 A8 94 ....]... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:56.867895, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 5D 01 00 00 00 00 00 00 7B 52 A8 94 ....]... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:56.868042, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:24:56.868124, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (1->0) [2013/11/07 14:24:56.868227, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:24:56.868615, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:416(close_policy_by_pipe) Deleted handle list for RPC connection \winreg [2013/11/07 14:24:56.868706, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x20020008 to 0x00020008 [2013/11/07 14:24:56.868787, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2013/11/07 14:24:56.868868, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2013/11/07 14:24:56.868948, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2013/11/07 14:24:56.869028, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2013/11/07 14:24:56.869108, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2013/11/07 14:24:56.869188, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2013/11/07 14:24:56.869271, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/printing/nt_printing.c:1844(print_access_check) access check was SUCCESS [2013/11/07 14:24:56.869367, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:1921(_spoolss_OpenPrinterEx) Setting printer access = PRINTER_ACCESS_USE [2013/11/07 14:24:56.869525, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) Create pipe requested \winreg [2013/11/07 14:24:56.869630, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:221(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \winreg [2013/11/07 14:24:56.869715, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg [2013/11/07 14:24:56.869848, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) Created internal pipe \winreg [2013/11/07 14:24:56.869950, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:24:56.870455, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2013/11/07 14:24:56.870540, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(2016, 5001) : sec_ctx_stack_ndx = 2 [2013/11/07 14:24:56.870629, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:485(push_conn_ctx) push_conn_ctx(2620291195) : conn_ctx_stack_ndx = 0 [2013/11/07 14:24:56.870712, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/11/07 14:24:56.870792, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/11/07 14:24:56.870873, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/11/07 14:24:56.871106, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (2016, 5001) - sec_ctx_stack_ndx = 1 [2013/11/07 14:24:56.871190, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:866(regdb_open) regdb_open: registry db opened. refcount reset (1) [2013/11/07 14:24:56.871276, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2013/11/07 14:24:56.871356, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2013/11/07 14:24:56.871438, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:56.871600, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM] [2013/11/07 14:24:56.871725, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2013/11/07 14:24:56.871826, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:24:56.871914, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 5F 01 00 00 00 00 00 00 7B 52 A8 94 ...._... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:56.872087, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000015f-0000-0000-7b52-a8947f2c0000 result : WERR_OK [2013/11/07 14:24:56.872476, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000015f-0000-0000-7b52-a8947f2c0000 keyname: struct winreg_String name_len : 0x008c (140) name_size : 0x008c (140) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:24:56.873501, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 5F 01 00 00 00 00 00 00 7B 52 A8 94 ...._... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:56.873658, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2013/11/07 14:24:56.873741, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (1->2) [2013/11/07 14:24:56.873825, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2013/11/07 14:24:56.873905, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2013/11/07 14:24:56.873988, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:56.874067, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE] [2013/11/07 14:24:56.874177, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2013/11/07 14:24:56.874278, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2013/11/07 14:24:56.874375, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (2->3) [2013/11/07 14:24:56.874460, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:56.874539, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:56.874622, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:56.874702, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:56.874806, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:56.874907, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2013/11/07 14:24:56.874990, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (3->4) [2013/11/07 14:24:56.875076, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:56.875156, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:56.875240, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:56.875318, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:56.875421, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:56.875522, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2013/11/07 14:24:56.875604, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (4->5) [2013/11/07 14:24:56.875690, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:56.875770, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:56.875855, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:56.875934, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:56.876056, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2013/11/07 14:24:56.876154, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (5->6) [2013/11/07 14:24:56.876239, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:56.876319, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:56.876440, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:56.876523, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:56.876632, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2013/11/07 14:24:56.876714, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (6->7) [2013/11/07 14:24:56.876800, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:56.876881, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:56.876970, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:56.877050, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:56.877156, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:56.877258, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [sprinter1] [2013/11/07 14:24:56.877369, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (7->8) [2013/11/07 14:24:56.877455, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:56.877536, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:56.877624, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:56.877704, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:56.877848, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:56.877953, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:24:56.878038, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (8->7) [2013/11/07 14:24:56.878122, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (7->6) [2013/11/07 14:24:56.878206, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (6->5) [2013/11/07 14:24:56.878290, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (5->4) [2013/11/07 14:24:56.878373, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (4->3) [2013/11/07 14:24:56.878456, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (3->2) [2013/11/07 14:24:56.878541, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 60 01 00 00 00 00 00 00 7B 52 A8 94 ....`... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:56.878693, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000160-0000-0000-7b52-a8947f2c0000 result : WERR_OK [2013/11/07 14:24:56.879032, 2, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/rpc_client/cli_winreg_spoolss.c:626(winreg_create_printer) winreg_create_printer: Skipping, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1 already exists [2013/11/07 14:24:56.879130, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000160-0000-0000-7b52-a8947f2c0000 [2013/11/07 14:24:56.879412, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 60 01 00 00 00 00 00 00 7B 52 A8 94 ....`... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:56.879564, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 60 01 00 00 00 00 00 00 7B 52 A8 94 ....`... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:56.879714, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:24:56.879797, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (2->1) [2013/11/07 14:24:56.879894, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:24:56.880232, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000015f-0000-0000-7b52-a8947f2c0000 [2013/11/07 14:24:56.880554, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 5F 01 00 00 00 00 00 00 7B 52 A8 94 ...._... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:56.880708, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 5F 01 00 00 00 00 00 00 7B 52 A8 94 ...._... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:56.880859, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:24:56.880941, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (1->0) [2013/11/07 14:24:56.881040, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:24:56.881389, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:416(close_policy_by_pipe) Deleted handle list for RPC connection \winreg [2013/11/07 14:24:56.881481, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) spoolss_OpenPrinterEx: struct spoolss_OpenPrinterEx out: struct spoolss_OpenPrinterEx handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000015c-0000-0000-7b52-a8947f2c0000 result : WERR_OK [2013/11/07 14:24:56.881811, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1417(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2013/11/07 14:24:56.881910, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (2016, 5001) - sec_ctx_stack_ndx = 0 [2013/11/07 14:24:56.881997, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 176 smbd_smb2_request_pending_queue: req->current_idx = 1 req->in.vector[0].iov_len = 0 req->in.vector[1].iov_len = 0 req->in.vector[2].iov_len = 64 req->in.vector[3].iov_len = 56 req->in.vector[4].iov_len = 192 req->out.vector[0].iov_len = 4 req->out.vector[1].iov_len = 0 req->out.vector[2].iov_len = 64 req->out.vector[3].iov_len = 8 req->out.vector[4].iov_len = 0 [2013/11/07 14:24:56.882509, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:128(smbd_smb2_ioctl_pipe_write_done) smbd_smb2_ioctl_pipe_write_done: received 192 [2013/11/07 14:24:56.882593, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:149(smbd_smb2_ioctl_pipe_write_done) smbd_smb2_ioctl_pipe_write_done: issuing np_read_send of size 1024 [2013/11/07 14:24:56.882678, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) name: \spoolss len: 1024 [2013/11/07 14:24:56.882762, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:347(read_from_internal_pipe) read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 24. [2013/11/07 14:24:56.882859, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0030 (48) auth_length : 0x0000 (0) call_id : 0x00000002 (2) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00000018 (24) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=24 [0000] 00 00 00 00 5C 01 00 00 00 00 00 00 7B 52 A8 94 ....\... ....{R.. [0010] 7F 2C 00 00 00 00 00 00 .,...... [2013/11/07 14:24:56.883794, 3, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) free_pipe_context: destroying talloc pool of size 61 [2013/11/07 14:24:56.883887, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 48 bytes. There is no more data outstanding [2013/11/07 14:24:56.883968, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:178(smbd_smb2_ioctl_pipe_read_done) smbd_smb2_ioctl_pipe_read_done: np_read_recv nread = 48 is_data_outstanding = 0, status = NT_STATUS_OK [2013/11/07 14:24:56.884055, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl.c:291(smbd_smb2_request_ioctl_done) smbd_smb2_request_ioctl_done: smbd_smb2_ioctl_recv returned 48 status NT_STATUS_OK [2013/11/07 14:24:56.884139, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[48] dyn[yes:48] at ../source3/smbd/smb2_ioctl.c:358 [2013/11/07 14:24:56.884226, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/193/127 [2013/11/07 14:24:56.901118, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) smbd_smb2_request_incoming: idx[1] of 5 vectors [2013/11/07 14:24:56.901514, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) smb2_validate_sequence_number: clearing id 193 (position 193) from bitmap [2013/11/07 14:24:56.901738, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) smbd_smb2_request_dispatch: opcode[SMB2_OP_IOCTL] mid = 193 [2013/11/07 14:24:56.901854, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2013/11/07 14:24:56.901991, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) mid 193, CreditCharge: 1, NeededCharge: 1 [2013/11/07 14:24:56.902110, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl.c:394(smbd_smb2_ioctl_send) smbd_smb2_ioctl: ctl_code[0x0011c017] spoolss, fnum 2524443903 [2013/11/07 14:24:56.902240, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:59(smb2_ioctl_named_pipe) smbd_smb2_ioctl_send: np_write_send of size 4156 [2013/11/07 14:24:56.902329, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 4156 [2013/11/07 14:24:56.902504, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 4156 [2013/11/07 14:24:56.902588, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 4156 [2013/11/07 14:24:56.902761, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) fill_rpc_header: data_to_copy = 4156, len_needed_to_complete_hdr = 16, receive_len = 0 [2013/11/07 14:24:56.902845, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 16 [2013/11/07 14:24:56.902954, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 4140 [2013/11/07 14:24:56.903034, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 4140 [2013/11/07 14:24:56.903162, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 0 [2013/11/07 14:24:56.903243, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 4140 [2013/11/07 14:24:56.903323, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 4140, incoming data = 4140 [2013/11/07 14:24:56.903465, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) PDU is in Little Endian format! [2013/11/07 14:24:56.903572, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x103c (4156) auth_length : 0x0000 (0) call_id : 0x00000003 (3) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x00001024 (4132) context_id : 0x0000 (0) opnum : 0x0008 (8) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=4132 [0000] 00 00 00 00 5C 01 00 00 00 00 00 00 7B 52 A8 94 ....\... ....{R.. [0010] 7F 2C 00 00 02 00 00 00 00 00 02 00 00 10 00 00 .,...... ........ [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1020] 00 10 00 00 .... [2013/11/07 14:24:56.924836, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) Processing packet type 0 [2013/11/07 14:24:56.924935, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1472(dcesrv_auth_request) Checking request auth. [2013/11/07 14:24:56.925034, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(2016, 5001) : sec_ctx_stack_ndx = 1 [2013/11/07 14:24:56.925159, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (2016, 5001) - sec_ctx_stack_ndx = 1 [2013/11/07 14:24:56.925245, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (7): SID[ 0]: S-1-5-21-1094127309-486540266-3527182606-1118 SID[ 1]: S-1-5-21-1094127309-486540266-3527182606-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-32-545 SID[ 6]: S-1-5-32-554 Privileges (0x 800000): Privilege[ 0]: SeChangeNotifyPrivilege Rights (0x 400): Right[ 0]: SeRemoteInteractiveLogonRight [2013/11/07 14:24:56.926306, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 2016 Primary group is 5001 and contains 6 supplementary groups Group[ 0]: 5001 Group[ 1]: 5012 Group[ 2]: 5032 Group[ 3]: 5010 Group[ 4]: 5067 Group[ 5]: 5052 [2013/11/07 14:24:56.926711, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1324(api_pipe_request) Requested \spoolss rpc service [2013/11/07 14:24:56.926801, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1356(api_rpcTNP) api_rpcTNP: \spoolss op 0x8 - api_rpcTNP: rpc command: SPOOLSS_GETPRINTER [2013/11/07 14:24:56.926888, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1390(api_rpcTNP) api_rpc_cmds[8].fn == 0xb766e000 [2013/11/07 14:24:56.926980, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) spoolss_GetPrinter: struct spoolss_GetPrinter in: struct spoolss_GetPrinter handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000015c-0000-0000-7b52-a8947f2c0000 level : 0x00000002 (2) buffer : * buffer : DATA_BLOB length=4096 [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ offered : 0x00001000 (4096) [2013/11/07 14:24:56.945777, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 5C 01 00 00 00 00 00 00 7B 52 A8 94 ....\... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:56.945948, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 5C 01 00 00 00 00 00 00 7B 52 A8 94 ....\... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:56.946098, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:489(get_printer_snum) short name:sprinter1 [2013/11/07 14:24:56.946309, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) Create pipe requested \winreg [2013/11/07 14:24:56.946405, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:221(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \winreg [2013/11/07 14:24:56.946489, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg [2013/11/07 14:24:56.946641, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) Created internal pipe \winreg [2013/11/07 14:24:56.946764, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:24:56.947277, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2013/11/07 14:24:56.947365, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(2016, 5001) : sec_ctx_stack_ndx = 2 [2013/11/07 14:24:56.947455, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:485(push_conn_ctx) push_conn_ctx(2620291195) : conn_ctx_stack_ndx = 0 [2013/11/07 14:24:56.947538, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/11/07 14:24:56.947631, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/11/07 14:24:56.947712, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/11/07 14:24:56.947971, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (2016, 5001) - sec_ctx_stack_ndx = 1 [2013/11/07 14:24:56.948058, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:866(regdb_open) regdb_open: registry db opened. refcount reset (1) [2013/11/07 14:24:56.948144, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2013/11/07 14:24:56.948226, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2013/11/07 14:24:56.948319, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:56.948399, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM] [2013/11/07 14:24:56.948596, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2013/11/07 14:24:56.948703, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:24:56.948809, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 61 01 00 00 00 00 00 00 7B 52 A8 94 ....a... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:56.948963, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000161-0000-0000-7b52-a8947f2c0000 result : WERR_OK [2013/11/07 14:24:56.949374, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000161-0000-0000-7b52-a8947f2c0000 keyname: struct winreg_String name_len : 0x008c (140) name_size : 0x008c (140) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:24:56.950378, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 61 01 00 00 00 00 00 00 7B 52 A8 94 ....a... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:56.950534, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2013/11/07 14:24:56.950616, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (1->2) [2013/11/07 14:24:56.950700, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2013/11/07 14:24:56.950780, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2013/11/07 14:24:56.950864, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:56.950943, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE] [2013/11/07 14:24:56.951057, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2013/11/07 14:24:56.951174, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2013/11/07 14:24:56.951256, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (2->3) [2013/11/07 14:24:56.951340, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:56.951420, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:56.951504, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:56.951583, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:56.951688, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:56.951788, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2013/11/07 14:24:56.951869, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (3->4) [2013/11/07 14:24:56.951953, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:56.952032, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:56.952116, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:56.952195, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:56.952297, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:56.952436, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2013/11/07 14:24:56.952522, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (4->5) [2013/11/07 14:24:56.952607, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:56.952686, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:56.952771, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:56.952851, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:56.953001, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2013/11/07 14:24:56.953084, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (5->6) [2013/11/07 14:24:56.953169, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:56.953250, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:56.953355, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:56.953435, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:56.953544, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2013/11/07 14:24:56.953626, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (6->7) [2013/11/07 14:24:56.953712, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:56.953792, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:56.953880, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:56.953959, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:56.954064, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:56.954167, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [sprinter1] [2013/11/07 14:24:56.954249, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (7->8) [2013/11/07 14:24:56.954335, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:56.954415, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:56.954503, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:56.954582, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:56.954724, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:56.954827, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:24:56.954912, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (8->7) [2013/11/07 14:24:56.954996, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (7->6) [2013/11/07 14:24:56.955080, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (6->5) [2013/11/07 14:24:56.955163, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (5->4) [2013/11/07 14:24:56.955246, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (4->3) [2013/11/07 14:24:56.955329, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (3->2) [2013/11/07 14:24:56.955414, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 62 01 00 00 00 00 00 00 7B 52 A8 94 ....b... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:56.955564, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000162-0000-0000-7b52-a8947f2c0000 result : WERR_OK [2013/11/07 14:24:56.955915, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey in: struct winreg_QueryInfoKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000162-0000-0000-7b52-a8947f2c0000 classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL [2013/11/07 14:24:56.956418, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 62 01 00 00 00 00 00 00 7B 52 A8 94 ....b... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:56.956578, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' (ops 0xb6d86bc0) [2013/11/07 14:24:56.956663, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:56.956797, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[0]: name[Attributes] len[4] [2013/11/07 14:24:56.956883, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[1]: name[Description] len[2] [2013/11/07 14:24:56.956966, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[2]: name[Datatype] len[8] [2013/11/07 14:24:56.957050, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[3]: name[Default Priority] len[4] [2013/11/07 14:24:56.957135, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[4]: name[Port] len[38] [2013/11/07 14:24:56.957219, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[5]: name[Name] len[20] [2013/11/07 14:24:56.957315, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[6]: name[Print Processor] len[18] [2013/11/07 14:24:56.957469, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[7]: name[Priority] len[4] [2013/11/07 14:24:56.957558, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[8]: name[Security] len[248] [2013/11/07 14:24:56.957643, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[9]: name[Share Name] len[20] [2013/11/07 14:24:56.957728, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[10]: name[StartTime] len[4] [2013/11/07 14:24:56.957813, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[11]: name[UntilTime] len[4] [2013/11/07 14:24:56.957899, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[12]: name[ChangeID] len[4] [2013/11/07 14:24:56.957988, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:56.958095, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey out: struct winreg_QueryInfoKey classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL num_subkeys : * num_subkeys : 0x00000003 (3) max_subkeylen : * max_subkeylen : 0x00000022 (34) max_classlen : * max_classlen : 0x00000000 (0) num_values : * num_values : 0x0000000d (13) max_valnamelen : * max_valnamelen : 0x00000022 (34) max_valbufsize : * max_valbufsize : 0x000000f8 (248) secdescsize : * secdescsize : 0x00000078 (120) last_changed_time : * last_changed_time : NTTIME(0) result : WERR_OK [2013/11/07 14:24:56.959099, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000162-0000-0000-7b52-a8947f2c0000 enum_index : 0x00000000 (0) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:56.959945, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 62 01 00 00 00 00 00 00 7B 52 A8 94 ....b... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:56.960094, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:56.960182, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0016 (22) size : 0x0024 (36) name : * name : 'Attributes' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x48 (72) [1] : 0x10 (16) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:56.961106, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000162-0000-0000-7b52-a8947f2c0000 enum_index : 0x00000001 (1) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:56.961998, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 62 01 00 00 00 00 00 00 7B 52 A8 94 ....b... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:56.962151, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:56.962242, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0018 (24) size : 0x0024 (36) name : * name : 'Description' type : * type : REG_SZ (1) value : * value: ARRAY(2) [0] : 0x00 (0) [1] : 0x00 (0) size : * size : 0x00000002 (2) length : * length : 0x00000002 (2) result : WERR_OK [2013/11/07 14:24:56.963072, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000162-0000-0000-7b52-a8947f2c0000 enum_index : 0x00000002 (2) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:56.963938, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 62 01 00 00 00 00 00 00 7B 52 A8 94 ....b... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:56.964102, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:56.964193, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Datatype' type : * type : REG_SZ (1) value : * value: ARRAY(8) [0] : 0x52 (82) [1] : 0x00 (0) [2] : 0x41 (65) [3] : 0x00 (0) [4] : 0x57 (87) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) size : * size : 0x00000008 (8) length : * length : 0x00000008 (8) result : WERR_OK [2013/11/07 14:24:56.965256, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000162-0000-0000-7b52-a8947f2c0000 enum_index : 0x00000003 (3) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:56.966116, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 62 01 00 00 00 00 00 00 7B 52 A8 94 ....b... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:56.966267, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:56.966354, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0022 (34) size : 0x0024 (36) name : * name : 'Default Priority' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:56.967233, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000162-0000-0000-7b52-a8947f2c0000 enum_index : 0x00000004 (4) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:56.968080, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 62 01 00 00 00 00 00 00 7B 52 A8 94 ....b... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:56.968228, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:56.968314, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x000a (10) size : 0x0024 (36) name : * name : 'Port' type : * type : REG_SZ (1) value : * value: ARRAY(38) [0] : 0x53 (83) [1] : 0x00 (0) [2] : 0x61 (97) [3] : 0x00 (0) [4] : 0x6d (109) [5] : 0x00 (0) [6] : 0x62 (98) [7] : 0x00 (0) [8] : 0x61 (97) [9] : 0x00 (0) [10] : 0x20 (32) [11] : 0x00 (0) [12] : 0x50 (80) [13] : 0x00 (0) [14] : 0x72 (114) [15] : 0x00 (0) [16] : 0x69 (105) [17] : 0x00 (0) [18] : 0x6e (110) [19] : 0x00 (0) [20] : 0x74 (116) [21] : 0x00 (0) [22] : 0x65 (101) [23] : 0x00 (0) [24] : 0x72 (114) [25] : 0x00 (0) [26] : 0x20 (32) [27] : 0x00 (0) [28] : 0x50 (80) [29] : 0x00 (0) [30] : 0x6f (111) [31] : 0x00 (0) [32] : 0x72 (114) [33] : 0x00 (0) [34] : 0x74 (116) [35] : 0x00 (0) [36] : 0x00 (0) [37] : 0x00 (0) size : * size : 0x00000026 (38) length : * length : 0x00000026 (38) result : WERR_OK [2013/11/07 14:24:56.970569, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000162-0000-0000-7b52-a8947f2c0000 enum_index : 0x00000005 (5) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:56.971425, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 62 01 00 00 00 00 00 00 7B 52 A8 94 ....b... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:56.971573, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:56.971659, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x000a (10) size : 0x0024 (36) name : * name : 'Name' type : * type : REG_SZ (1) value : * value: ARRAY(20) [0] : 0x73 (115) [1] : 0x00 (0) [2] : 0x70 (112) [3] : 0x00 (0) [4] : 0x72 (114) [5] : 0x00 (0) [6] : 0x69 (105) [7] : 0x00 (0) [8] : 0x6e (110) [9] : 0x00 (0) [10] : 0x74 (116) [11] : 0x00 (0) [12] : 0x65 (101) [13] : 0x00 (0) [14] : 0x72 (114) [15] : 0x00 (0) [16] : 0x31 (49) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) size : * size : 0x00000014 (20) length : * length : 0x00000014 (20) result : WERR_OK [2013/11/07 14:24:56.973348, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000162-0000-0000-7b52-a8947f2c0000 enum_index : 0x00000006 (6) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:56.974197, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 62 01 00 00 00 00 00 00 7B 52 A8 94 ....b... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:56.974346, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:56.974434, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0020 (32) size : 0x0024 (36) name : * name : 'Print Processor' type : * type : REG_SZ (1) value : * value: ARRAY(18) [0] : 0x77 (119) [1] : 0x00 (0) [2] : 0x69 (105) [3] : 0x00 (0) [4] : 0x6e (110) [5] : 0x00 (0) [6] : 0x70 (112) [7] : 0x00 (0) [8] : 0x72 (114) [9] : 0x00 (0) [10] : 0x69 (105) [11] : 0x00 (0) [12] : 0x6e (110) [13] : 0x00 (0) [14] : 0x74 (116) [15] : 0x00 (0) [16] : 0x00 (0) [17] : 0x00 (0) size : * size : 0x00000012 (18) length : * length : 0x00000012 (18) result : WERR_OK [2013/11/07 14:24:56.975859, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000162-0000-0000-7b52-a8947f2c0000 enum_index : 0x00000007 (7) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:56.976736, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 62 01 00 00 00 00 00 00 7B 52 A8 94 ....b... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:56.976884, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:56.976971, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Priority' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:56.977867, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000162-0000-0000-7b52-a8947f2c0000 enum_index : 0x00000008 (8) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:56.978711, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 62 01 00 00 00 00 00 00 7B 52 A8 94 ....b... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:56.978864, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:56.978951, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Security' type : * type : REG_BINARY (3) value : * value: ARRAY(248) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0xc4 (196) [55] : 0x00 (0) [56] : 0x07 (7) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x24 (36) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x05 (5) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x15 (21) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0xcd (205) [101] : 0x0e (14) [102] : 0x37 (55) [103] : 0x41 (65) [104] : 0xea (234) [105] : 0x03 (3) [106] : 0x00 (0) [107] : 0x1d (29) [108] : 0x0e (14) [109] : 0x89 (137) [110] : 0x3c (60) [111] : 0xd2 (210) [112] : 0x00 (0) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x02 (2) [118] : 0x24 (36) [119] : 0x00 (0) [120] : 0x0c (12) [121] : 0x00 (0) [122] : 0x0f (15) [123] : 0x10 (16) [124] : 0x01 (1) [125] : 0x05 (5) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x05 (5) [132] : 0x15 (21) [133] : 0x00 (0) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0xcd (205) [137] : 0x0e (14) [138] : 0x37 (55) [139] : 0x41 (65) [140] : 0xea (234) [141] : 0x03 (3) [142] : 0x00 (0) [143] : 0x1d (29) [144] : 0x0e (14) [145] : 0x89 (137) [146] : 0x3c (60) [147] : 0xd2 (210) [148] : 0x00 (0) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x09 (9) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x20 (32) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x02 (2) [178] : 0x18 (24) [179] : 0x00 (0) [180] : 0x0c (12) [181] : 0x00 (0) [182] : 0x0f (15) [183] : 0x10 (16) [184] : 0x01 (1) [185] : 0x02 (2) [186] : 0x00 (0) [187] : 0x00 (0) [188] : 0x00 (0) [189] : 0x00 (0) [190] : 0x00 (0) [191] : 0x05 (5) [192] : 0x20 (32) [193] : 0x00 (0) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x20 (32) [197] : 0x02 (2) [198] : 0x00 (0) [199] : 0x00 (0) [200] : 0x00 (0) [201] : 0x09 (9) [202] : 0x18 (24) [203] : 0x00 (0) [204] : 0x0c (12) [205] : 0x00 (0) [206] : 0x0f (15) [207] : 0x10 (16) [208] : 0x01 (1) [209] : 0x02 (2) [210] : 0x00 (0) [211] : 0x00 (0) [212] : 0x00 (0) [213] : 0x00 (0) [214] : 0x00 (0) [215] : 0x05 (5) [216] : 0x20 (32) [217] : 0x00 (0) [218] : 0x00 (0) [219] : 0x00 (0) [220] : 0x26 (38) [221] : 0x02 (2) [222] : 0x00 (0) [223] : 0x00 (0) [224] : 0x00 (0) [225] : 0x02 (2) [226] : 0x18 (24) [227] : 0x00 (0) [228] : 0x0c (12) [229] : 0x00 (0) [230] : 0x0f (15) [231] : 0x10 (16) [232] : 0x01 (1) [233] : 0x02 (2) [234] : 0x00 (0) [235] : 0x00 (0) [236] : 0x00 (0) [237] : 0x00 (0) [238] : 0x00 (0) [239] : 0x05 (5) [240] : 0x20 (32) [241] : 0x00 (0) [242] : 0x00 (0) [243] : 0x00 (0) [244] : 0x26 (38) [245] : 0x02 (2) [246] : 0x00 (0) [247] : 0x00 (0) size : * size : 0x000000f8 (248) length : * length : 0x000000f8 (248) result : WERR_OK [2013/11/07 14:24:56.990061, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000162-0000-0000-7b52-a8947f2c0000 enum_index : 0x00000009 (9) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:56.990927, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 62 01 00 00 00 00 00 00 7B 52 A8 94 ....b... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:56.991078, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:56.991166, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0016 (22) size : 0x0024 (36) name : * name : 'Share Name' type : * type : REG_SZ (1) value : * value: ARRAY(20) [0] : 0x73 (115) [1] : 0x00 (0) [2] : 0x70 (112) [3] : 0x00 (0) [4] : 0x72 (114) [5] : 0x00 (0) [6] : 0x69 (105) [7] : 0x00 (0) [8] : 0x6e (110) [9] : 0x00 (0) [10] : 0x74 (116) [11] : 0x00 (0) [12] : 0x65 (101) [13] : 0x00 (0) [14] : 0x72 (114) [15] : 0x00 (0) [16] : 0x31 (49) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) size : * size : 0x00000014 (20) length : * length : 0x00000014 (20) result : WERR_OK [2013/11/07 14:24:56.992745, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000162-0000-0000-7b52-a8947f2c0000 enum_index : 0x0000000a (10) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:56.993601, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 62 01 00 00 00 00 00 00 7B 52 A8 94 ....b... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:56.993753, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:56.993840, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0014 (20) size : 0x0024 (36) name : * name : 'StartTime' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:56.994753, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000162-0000-0000-7b52-a8947f2c0000 enum_index : 0x0000000b (11) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:56.995614, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 62 01 00 00 00 00 00 00 7B 52 A8 94 ....b... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:56.995762, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:56.995852, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0014 (20) size : 0x0024 (36) name : * name : 'UntilTime' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:56.996753, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000162-0000-0000-7b52-a8947f2c0000 enum_index : 0x0000000c (12) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:56.997643, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 62 01 00 00 00 00 00 00 7B 52 A8 94 ....b... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:56.997791, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:56.997883, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'ChangeID' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x33 (51) [1] : 0xac (172) [2] : 0x0e (14) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:56.998794, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000162-0000-0000-7b52-a8947f2c0000 value_name : * value_name: struct winreg_String name_len : 0x0020 (32) name_size : 0x0020 (32) name : * name : 'Default DevMode' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2013/11/07 14:24:56.999564, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 62 01 00 00 00 00 00 00 7B 52 A8 94 ....b... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:56.999712, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:56.999794, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2013/11/07 14:24:56.999895, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:316(_winreg_QueryValue) _winreg_QueryValue: reg_queryvalue failed with: WERR_BADFILE [2013/11/07 14:24:56.999977, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) result : WERR_BADFILE [2013/11/07 14:24:57.000463, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:24:57.000973, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2013/11/07 14:24:57.001056, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (2->3) [2013/11/07 14:24:57.001141, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2013/11/07 14:24:57.001222, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2013/11/07 14:24:57.001317, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:57.001398, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM] [2013/11/07 14:24:57.001522, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2013/11/07 14:24:57.001626, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:24:57.001715, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[3] [0000] 00 00 00 00 63 01 00 00 00 00 00 00 7B 52 A9 94 ....c... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.001867, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000163-0000-0000-7b52-a9947f2c0000 result : WERR_OK [2013/11/07 14:24:57.002212, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000163-0000-0000-7b52-a9947f2c0000 keyname: struct winreg_String name_len : 0x008c (140) name_size : 0x008c (140) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:24:57.003224, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 63 01 00 00 00 00 00 00 7B 52 A9 94 ....c... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.003380, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2013/11/07 14:24:57.003462, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (3->4) [2013/11/07 14:24:57.003546, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2013/11/07 14:24:57.003627, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2013/11/07 14:24:57.003711, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:57.003790, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE] [2013/11/07 14:24:57.003899, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2013/11/07 14:24:57.003999, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2013/11/07 14:24:57.004080, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (4->5) [2013/11/07 14:24:57.004165, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:57.004244, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:57.004328, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:57.004437, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:57.004559, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:57.004659, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2013/11/07 14:24:57.004742, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (5->6) [2013/11/07 14:24:57.004827, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:57.004907, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:57.004991, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:57.005070, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:57.005173, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:57.005284, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2013/11/07 14:24:57.005368, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (6->7) [2013/11/07 14:24:57.005454, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:57.005534, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:57.005619, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:57.005698, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:57.005822, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2013/11/07 14:24:57.005906, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (7->8) [2013/11/07 14:24:57.005993, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:57.006074, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:57.006162, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:57.006255, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:57.006364, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2013/11/07 14:24:57.006446, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (8->9) [2013/11/07 14:24:57.006532, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:57.006614, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:57.006703, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:57.006783, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:57.006889, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:57.006991, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [sprinter1] [2013/11/07 14:24:57.007074, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (9->10) [2013/11/07 14:24:57.007160, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:57.007241, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:57.007328, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:57.007407, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:57.007520, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:57.007623, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:24:57.007708, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (10->9) [2013/11/07 14:24:57.007792, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (9->8) [2013/11/07 14:24:57.007889, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (8->7) [2013/11/07 14:24:57.007973, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (7->6) [2013/11/07 14:24:57.008056, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (6->5) [2013/11/07 14:24:57.008139, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (5->4) [2013/11/07 14:24:57.008223, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[4] [0000] 00 00 00 00 64 01 00 00 00 00 00 00 7B 52 A9 94 ....d... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.008373, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000164-0000-0000-7b52-a9947f2c0000 result : WERR_OK [2013/11/07 14:24:57.008749, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000164-0000-0000-7b52-a9947f2c0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2013/11/07 14:24:57.009542, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 64 01 00 00 00 00 00 00 7B 52 A9 94 ....d... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.009691, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:57.009773, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2013/11/07 14:24:57.009855, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' (ops 0xb6d86bc0) [2013/11/07 14:24:57.009939, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:57.010064, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[0]: name[Attributes] len[4] [2013/11/07 14:24:57.010149, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[1]: name[Description] len[2] [2013/11/07 14:24:57.010233, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[2]: name[Datatype] len[8] [2013/11/07 14:24:57.010318, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[3]: name[Default Priority] len[4] [2013/11/07 14:24:57.010402, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[4]: name[Port] len[38] [2013/11/07 14:24:57.010487, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[5]: name[Name] len[20] [2013/11/07 14:24:57.010571, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[6]: name[Print Processor] len[18] [2013/11/07 14:24:57.010656, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[7]: name[Priority] len[4] [2013/11/07 14:24:57.010742, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[8]: name[Security] len[248] [2013/11/07 14:24:57.010827, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[9]: name[Share Name] len[20] [2013/11/07 14:24:57.010912, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[10]: name[StartTime] len[4] [2013/11/07 14:24:57.010997, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[11]: name[UntilTime] len[4] [2013/11/07 14:24:57.011082, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[12]: name[ChangeID] len[4] [2013/11/07 14:24:57.011169, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : NULL data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x00000000 (0) result : WERR_OK [2013/11/07 14:24:57.011619, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000164-0000-0000-7b52-a9947f2c0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_BINARY (3) data : * data: ARRAY(0) data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x00000000 (0) [2013/11/07 14:24:57.012473, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 64 01 00 00 00 00 00 00 7B 52 A9 94 ....d... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.012622, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:57.012704, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2013/11/07 14:24:57.012793, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : * data: ARRAY(248) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0xc4 (196) [55] : 0x00 (0) [56] : 0x07 (7) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x24 (36) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x05 (5) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x15 (21) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0xcd (205) [101] : 0x0e (14) [102] : 0x37 (55) [103] : 0x41 (65) [104] : 0xea (234) [105] : 0x03 (3) [106] : 0x00 (0) [107] : 0x1d (29) [108] : 0x0e (14) [109] : 0x89 (137) [110] : 0x3c (60) [111] : 0xd2 (210) [112] : 0x00 (0) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x02 (2) [118] : 0x24 (36) [119] : 0x00 (0) [120] : 0x0c (12) [121] : 0x00 (0) [122] : 0x0f (15) [123] : 0x10 (16) [124] : 0x01 (1) [125] : 0x05 (5) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x05 (5) [132] : 0x15 (21) [133] : 0x00 (0) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0xcd (205) [137] : 0x0e (14) [138] : 0x37 (55) [139] : 0x41 (65) [140] : 0xea (234) [141] : 0x03 (3) [142] : 0x00 (0) [143] : 0x1d (29) [144] : 0x0e (14) [145] : 0x89 (137) [146] : 0x3c (60) [147] : 0xd2 (210) [148] : 0x00 (0) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x09 (9) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x20 (32) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x02 (2) [178] : 0x18 (24) [179] : 0x00 (0) [180] : 0x0c (12) [181] : 0x00 (0) [182] : 0x0f (15) [183] : 0x10 (16) [184] : 0x01 (1) [185] : 0x02 (2) [186] : 0x00 (0) [187] : 0x00 (0) [188] : 0x00 (0) [189] : 0x00 (0) [190] : 0x00 (0) [191] : 0x05 (5) [192] : 0x20 (32) [193] : 0x00 (0) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x20 (32) [197] : 0x02 (2) [198] : 0x00 (0) [199] : 0x00 (0) [200] : 0x00 (0) [201] : 0x09 (9) [202] : 0x18 (24) [203] : 0x00 (0) [204] : 0x0c (12) [205] : 0x00 (0) [206] : 0x0f (15) [207] : 0x10 (16) [208] : 0x01 (1) [209] : 0x02 (2) [210] : 0x00 (0) [211] : 0x00 (0) [212] : 0x00 (0) [213] : 0x00 (0) [214] : 0x00 (0) [215] : 0x05 (5) [216] : 0x20 (32) [217] : 0x00 (0) [218] : 0x00 (0) [219] : 0x00 (0) [220] : 0x26 (38) [221] : 0x02 (2) [222] : 0x00 (0) [223] : 0x00 (0) [224] : 0x00 (0) [225] : 0x02 (2) [226] : 0x18 (24) [227] : 0x00 (0) [228] : 0x0c (12) [229] : 0x00 (0) [230] : 0x0f (15) [231] : 0x10 (16) [232] : 0x01 (1) [233] : 0x02 (2) [234] : 0x00 (0) [235] : 0x00 (0) [236] : 0x00 (0) [237] : 0x00 (0) [238] : 0x00 (0) [239] : 0x05 (5) [240] : 0x20 (32) [241] : 0x00 (0) [242] : 0x00 (0) [243] : 0x00 (0) [244] : 0x26 (38) [245] : 0x02 (2) [246] : 0x00 (0) [247] : 0x00 (0) data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x000000f8 (248) result : WERR_OK [2013/11/07 14:24:57.023205, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000164-0000-0000-7b52-a9947f2c0000 [2013/11/07 14:24:57.023491, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 64 01 00 00 00 00 00 00 7B 52 A9 94 ....d... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.023641, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 64 01 00 00 00 00 00 00 7B 52 A9 94 ....d... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.023789, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:24:57.023875, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (4->3) [2013/11/07 14:24:57.023958, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:24:57.024297, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000163-0000-0000-7b52-a9947f2c0000 [2013/11/07 14:24:57.024608, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 63 01 00 00 00 00 00 00 7B 52 A9 94 ....c... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.024758, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 63 01 00 00 00 00 00 00 7B 52 A9 94 ....c... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.024907, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:24:57.024990, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (3->2) [2013/11/07 14:24:57.025072, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:24:57.025444, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000162-0000-0000-7b52-a8947f2c0000 [2013/11/07 14:24:57.025724, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 62 01 00 00 00 00 00 00 7B 52 A8 94 ....b... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.025875, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 62 01 00 00 00 00 00 00 7B 52 A8 94 ....b... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.026024, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:24:57.026113, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (2->1) [2013/11/07 14:24:57.026196, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:24:57.026532, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000161-0000-0000-7b52-a8947f2c0000 [2013/11/07 14:24:57.026811, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 61 01 00 00 00 00 00 00 7B 52 A8 94 ....a... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.026961, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 61 01 00 00 00 00 00 00 7B 52 A8 94 ....a... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.027110, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:24:57.027192, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (1->0) [2013/11/07 14:24:57.027298, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:24:57.027634, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:416(close_policy_by_pipe) Deleted handle list for RPC connection \winreg [2013/11/07 14:24:57.027860, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) spoolss_GetPrinter: struct spoolss_GetPrinter out: struct spoolss_GetPrinter info : * info : union spoolss_PrinterInfo(case 2) info2: struct spoolss_PrinterInfo2 servername : * servername : '\\SLAVER' printername : * printername : '\\SLAVER\sprinter1' sharename : * sharename : 'sprinter1' portname : * portname : 'Samba Printer Port' drivername : * drivername : '' comment : * comment : '' location : * location : '' devmode : * devmode: struct spoolss_DeviceMode devicename : '\\SLAVER\sprinter1' specversion : DMSPEC_NT4_AND_ABOVE (1025) driverversion : 0x0400 (1024) size : 0x00dc (220) __driverextra_length : 0x0000 (0) fields : 0x00014713 (83731) 1: DEVMODE_ORIENTATION 1: DEVMODE_PAPERSIZE 0: DEVMODE_PAPERLENGTH 0: DEVMODE_PAPERWIDTH 1: DEVMODE_SCALE 0: DEVMODE_POSITION 0: DEVMODE_NUP 1: DEVMODE_COPIES 1: DEVMODE_DEFAULTSOURCE 1: DEVMODE_PRINTQUALITY 0: DEVMODE_COLOR 0: DEVMODE_DUPLEX 0: DEVMODE_YRESOLUTION 1: DEVMODE_TTOPTION 0: DEVMODE_COLLATE 1: DEVMODE_FORMNAME 0: DEVMODE_LOGPIXELS 0: DEVMODE_BITSPERPEL 0: DEVMODE_PELSWIDTH 0: DEVMODE_PELSHEIGHT 0: DEVMODE_DISPLAYFLAGS 0: DEVMODE_DISPLAYFREQUENCY 0: DEVMODE_ICMMETHOD 0: DEVMODE_ICMINTENT 0: DEVMODE_MEDIATYPE 0: DEVMODE_DITHERTYPE 0: DEVMODE_PANNINGWIDTH 0: DEVMODE_PANNINGHEIGHT orientation : DMORIENT_PORTRAIT (1) papersize : DMPAPER_LETTER (1) paperlength : 0x0000 (0) paperwidth : 0x0000 (0) scale : 0x0064 (100) copies : 0x0001 (1) defaultsource : DMBIN_FORMSOURCE (15) printquality : DMRES_HIGH (65532) color : DMRES_MONOCHROME (1) duplex : DMDUP_SIMPLEX (1) yresolution : 0x0000 (0) ttoption : DMTT_SUBDEV (3) collate : DMCOLLATE_FALSE (0) formname : 'Letter' logpixels : 0x0000 (0) bitsperpel : 0x00000000 (0) pelswidth : 0x00000000 (0) pelsheight : 0x00000000 (0) displayflags : UNKNOWN_ENUM_VALUE (0) displayfrequency : 0x00000000 (0) icmmethod : UNKNOWN_ENUM_VALUE (0) icmintent : UNKNOWN_ENUM_VALUE (0) mediatype : UNKNOWN_ENUM_VALUE (0) dithertype : UNKNOWN_ENUM_VALUE (0) reserved1 : 0x00000000 (0) reserved2 : 0x00000000 (0) panningwidth : 0x00000000 (0) panningheight : 0x00000000 (0) driverextra_data : DATA_BLOB length=0 sepfile : * sepfile : '' printprocessor : * printprocessor : 'winprint' datatype : * datatype : 'RAW' parameters : * parameters : '' secdesc : * secdesc: struct security_descriptor revision : SECURITY_DESCRIPTOR_REVISION_1 (1) type : 0x8004 (32772) 0: SEC_DESC_OWNER_DEFAULTED 0: SEC_DESC_GROUP_DEFAULTED 1: SEC_DESC_DACL_PRESENT 0: SEC_DESC_DACL_DEFAULTED 0: SEC_DESC_SACL_PRESENT 0: SEC_DESC_SACL_DEFAULTED 0: SEC_DESC_DACL_TRUSTED 0: SEC_DESC_SERVER_SECURITY 0: SEC_DESC_DACL_AUTO_INHERIT_REQ 0: SEC_DESC_SACL_AUTO_INHERIT_REQ 0: SEC_DESC_DACL_AUTO_INHERITED 0: SEC_DESC_SACL_AUTO_INHERITED 0: SEC_DESC_DACL_PROTECTED 0: SEC_DESC_SACL_PROTECTED 0: SEC_DESC_RM_CONTROL_VALID 1: SEC_DESC_SELF_RELATIVE owner_sid : * owner_sid : S-1-5-32-544 group_sid : * group_sid : S-1-5-32-544 sacl : NULL dacl : * dacl: struct security_acl revision : SECURITY_ACL_REVISION_NT4 (2) size : 0x00c4 (196) num_aces : 0x00000007 (7) aces: ARRAY(7) aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0014 (20) access_mask : 0x20020008 (537001992) object : union security_ace_object_ctr(case 0) trustee : S-1-1-0 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x09 (9) 1: SEC_ACE_FLAG_OBJECT_INHERIT 0: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 1: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0024 (36) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-21-1094127309-486540266-3527182606-512 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0024 (36) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-21-1094127309-486540266-3527182606-512 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x09 (9) 1: SEC_ACE_FLAG_OBJECT_INHERIT 0: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 1: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-544 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-544 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x09 (9) 1: SEC_ACE_FLAG_OBJECT_INHERIT 0: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 1: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-550 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-550 attributes : 0x00001048 (4168) 0: PRINTER_ATTRIBUTE_QUEUED 0: PRINTER_ATTRIBUTE_DIRECT 0: PRINTER_ATTRIBUTE_DEFAULT 1: PRINTER_ATTRIBUTE_SHARED 0: PRINTER_ATTRIBUTE_NETWORK 0: PRINTER_ATTRIBUTE_HIDDEN 1: PRINTER_ATTRIBUTE_LOCAL 0: PRINTER_ATTRIBUTE_ENABLE_DEVQ 0: PRINTER_ATTRIBUTE_KEEPPRINTEDJOBS 0: PRINTER_ATTRIBUTE_DO_COMPLETE_FIRST 0: PRINTER_ATTRIBUTE_WORK_OFFLINE 0: PRINTER_ATTRIBUTE_ENABLE_BIDI 1: PRINTER_ATTRIBUTE_RAW_ONLY 0: PRINTER_ATTRIBUTE_PUBLISHED 0: PRINTER_ATTRIBUTE_FAX 0: PRINTER_ATTRIBUTE_TS priority : 0x00000001 (1) defaultpriority : 0x00000001 (1) starttime : 0x00000000 (0) untiltime : 0x00000000 (0) status : 0x00000000 (0) 0: PRINTER_STATUS_PAUSED 0: PRINTER_STATUS_ERROR 0: PRINTER_STATUS_PENDING_DELETION 0: PRINTER_STATUS_PAPER_JAM 0: PRINTER_STATUS_PAPER_OUT 0: PRINTER_STATUS_MANUAL_FEED 0: PRINTER_STATUS_PAPER_PROBLEM 0: PRINTER_STATUS_OFFLINE 0: PRINTER_STATUS_IO_ACTIVE 0: PRINTER_STATUS_BUSY 0: PRINTER_STATUS_PRINTING 0: PRINTER_STATUS_OUTPUT_BIN_FULL 0: PRINTER_STATUS_NOT_AVAILABLE 0: PRINTER_STATUS_WAITING 0: PRINTER_STATUS_PROCESSING 0: PRINTER_STATUS_INITIALIZING 0: PRINTER_STATUS_WARMING_UP 0: PRINTER_STATUS_TONER_LOW 0: PRINTER_STATUS_NO_TONER 0: PRINTER_STATUS_PAGE_PUNT 0: PRINTER_STATUS_USER_INTERVENTION 0: PRINTER_STATUS_OUT_OF_MEMORY 0: PRINTER_STATUS_DOOR_OPEN 0: PRINTER_STATUS_SERVER_UNKNOWN 0: PRINTER_STATUS_POWER_SAVE cjobs : 0x00000000 (0) averageppm : 0x00000000 (0) needed : * needed : 0x000002f0 (752) result : WERR_OK [2013/11/07 14:24:57.039503, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1417(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2013/11/07 14:24:57.039769, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (2016, 5001) - sec_ctx_stack_ndx = 0 [2013/11/07 14:24:57.039860, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 4140 smbd_smb2_request_pending_queue: req->current_idx = 1 req->in.vector[0].iov_len = 0 req->in.vector[1].iov_len = 0 req->in.vector[2].iov_len = 64 req->in.vector[3].iov_len = 56 req->in.vector[4].iov_len = 4156 req->out.vector[0].iov_len = 4 req->out.vector[1].iov_len = 0 req->out.vector[2].iov_len = 64 req->out.vector[3].iov_len = 8 req->out.vector[4].iov_len = 0 [2013/11/07 14:24:57.040364, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:128(smbd_smb2_ioctl_pipe_write_done) smbd_smb2_ioctl_pipe_write_done: received 4156 [2013/11/07 14:24:57.040508, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:149(smbd_smb2_ioctl_pipe_write_done) smbd_smb2_ioctl_pipe_write_done: issuing np_read_send of size 1024 [2013/11/07 14:24:57.040594, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) name: \spoolss len: 1024 [2013/11/07 14:24:57.040679, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:347(read_from_internal_pipe) read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 4112. [2013/11/07 14:24:57.040779, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x1028 (4136) auth_length : 0x0000 (0) call_id : 0x00000003 (3) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00001010 (4112) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=4112 [0000] 04 00 02 00 00 10 00 00 EE 0F 00 00 C8 0F 00 00 ........ ........ [0010] B4 0F 00 00 8E 0F 00 00 8C 0F 00 00 8A 0F 00 00 ........ ........ [0020] 88 0F 00 00 8C 0E 00 00 86 0F 00 00 74 0F 00 00 ........ ....t... [0030] 6C 0F 00 00 6A 0F 00 00 94 0D 00 00 48 10 00 00 l...j... ....H... [0040] 01 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 01 00 04 80 ........ ........ [0DA0] D8 00 00 00 E8 00 00 00 00 00 00 00 14 00 00 00 ........ ........ [0DB0] 02 00 C4 00 07 00 00 00 00 02 14 00 08 00 02 20 ........ ....... [0DC0] 01 01 00 00 00 00 00 01 00 00 00 00 00 09 24 00 ........ ......$. [0DD0] 0C 00 0F 10 01 05 00 00 00 00 00 05 15 00 00 00 ........ ........ [0DE0] CD 0E 37 41 EA 03 00 1D 0E 89 3C D2 00 02 00 00 ..7A.... ..<..... [0DF0] 00 02 24 00 0C 00 0F 10 01 05 00 00 00 00 00 05 ..$..... ........ [0E00] 15 00 00 00 CD 0E 37 41 EA 03 00 1D 0E 89 3C D2 ......7A ......<. [0E10] 00 02 00 00 00 09 18 00 0C 00 0F 10 01 02 00 00 ........ ........ [0E20] 00 00 00 05 20 00 00 00 20 02 00 00 00 02 18 00 .... ... ....... [0E30] 0C 00 0F 10 01 02 00 00 00 00 00 05 20 00 00 00 ........ .... ... [0E40] 20 02 00 00 00 09 18 00 0C 00 0F 10 01 02 00 00 ....... ........ [0E50] 00 00 00 05 20 00 00 00 26 02 00 00 00 02 18 00 .... ... &....... [0E60] 0C 00 0F 10 01 02 00 00 00 00 00 05 20 00 00 00 ........ .... ... [0E70] 26 02 00 00 01 02 00 00 00 00 00 05 20 00 00 00 &....... .... ... [0E80] 20 02 00 00 01 02 00 00 00 00 00 05 20 00 00 00 ....... .... ... [0E90] 20 02 00 00 5C 00 5C 00 53 00 4C 00 41 00 56 00 ...\.\. S.L.A.V. [0EA0] 45 00 52 00 5C 00 73 00 70 00 72 00 69 00 6E 00 E.R.\.s. p.r.i.n. [0EB0] 74 00 65 00 72 00 31 00 00 00 00 00 00 00 00 00 t.e.r.1. ........ [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0ED0] 00 00 00 00 01 04 00 04 DC 00 00 00 13 47 01 00 ........ .....G.. [0EE0] 01 00 01 00 00 00 00 00 64 00 01 00 0F 00 FC FF ........ d....... [0EF0] 01 00 01 00 00 00 03 00 00 00 4C 00 65 00 74 00 ........ ..L.e.t. [0F00] 74 00 65 00 72 00 00 00 00 00 00 00 00 00 00 00 t.e.r... ........ [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F70] 00 00 00 00 52 00 41 00 57 00 00 00 77 00 69 00 ....R.A. W...w.i. [0F80] 6E 00 70 00 72 00 69 00 6E 00 74 00 00 00 00 00 n.p.r.i. n.t..... [0F90] 00 00 00 00 00 00 53 00 61 00 6D 00 62 00 61 00 ......S. a.m.b.a. [0FA0] 20 00 50 00 72 00 69 00 6E 00 74 00 65 00 72 00 .P.r.i. n.t.e.r. [0FB0] 20 00 50 00 6F 00 72 00 74 00 00 00 73 00 70 00 .P.o.r. t...s.p. [0FC0] 72 00 69 00 6E 00 74 00 65 00 72 00 31 00 00 00 r.i.n.t. e.r.1... [0FD0] 5C 00 5C 00 53 00 4C 00 41 00 56 00 45 00 52 00 \.\.S.L. A.V.E.R. [0FE0] 5C 00 73 00 70 00 72 00 69 00 6E 00 74 00 65 00 \.s.p.r. i.n.t.e. [0FF0] 72 00 31 00 00 00 5C 00 5C 00 53 00 4C 00 41 00 r.1...\. \.S.L.A. [1000] 56 00 45 00 52 00 00 00 F0 02 00 00 00 00 00 00 V.E.R... ........ [2013/11/07 14:24:57.059178, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 1024 bytes. There is more data outstanding [2013/11/07 14:24:57.059262, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:178(smbd_smb2_ioctl_pipe_read_done) smbd_smb2_ioctl_pipe_read_done: np_read_recv nread = 1024 is_data_outstanding = 1, status = NT_STATUS_OK [2013/11/07 14:24:57.059352, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl.c:291(smbd_smb2_request_ioctl_done) smbd_smb2_request_ioctl_done: smbd_smb2_ioctl_recv returned 1024 status STATUS_BUFFER_OVERFLOW [2013/11/07 14:24:57.059437, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) smbd_smb2_request_done_ex: idx[1] status[STATUS_BUFFER_OVERFLOW] body[48] dyn[yes:1024] at ../source3/smbd/smb2_ioctl.c:358 [2013/11/07 14:24:57.059539, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/194/127 [2013/11/07 14:24:57.059760, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) smbd_smb2_request_incoming: idx[1] of 5 vectors [2013/11/07 14:24:57.059850, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) smb2_validate_sequence_number: clearing id 194 (position 194) from bitmap [2013/11/07 14:24:57.059936, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) smbd_smb2_request_dispatch: opcode[SMB2_OP_CREATE] mid = 194 [2013/11/07 14:24:57.060043, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2013/11/07 14:24:57.060138, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_create.c:451(smbd_smb2_create_send) smbd_smb2_create: name[spoolss] [2013/11/07 14:24:57.060233, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap.c:187(dbwrap_check_lock_order) check lock order 1 for /var/run/samba/smbXsrv_open_global.tdb [2013/11/07 14:24:57.060315, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) lock order: 1:/var/run/samba/smbXsrv_open_global.tdb 2: 3: [2013/11/07 14:24:57.060430, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) Locking key 9892B4AC [2013/11/07 14:24:57.060529, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap_tdb.c:143(db_tdb_fetch_locked_internal) Allocated locked data 0x0xb8765618 [2013/11/07 14:24:57.060651, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smbXsrv_open.c:695(smbXsrv_open_global_store) [2013/11/07 14:24:57.060698, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smbXsrv_open.c:697(smbXsrv_open_global_store) smbXsrv_open_global_store: key '9892B4AC' stored [2013/11/07 14:24:57.060781, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) &global_blob: struct smbXsrv_open_globalB version : SMBXSRV_VERSION_0 (0) seqnum : 0x00000001 (1) info : union smbXsrv_open_globalU(case 0) info0 : * info0: struct smbXsrv_open_global0 db_rec : * server_id: struct server_id pid : 0x0000000000002c7f (11391) task_id : 0x00000000 (0) vnn : 0xffffffff (4294967295) unique_id : 0xf0a57ba60aba1420 (-1106342180374834144) open_global_id : 0x9892b4ac (2559751340) open_persistent_id : 0x000000009892b4ac (2559751340) open_volatile_id : 0x000000003452efdc (877850588) open_owner : S-1-5-21-1094127309-486540266-3527182606-1118 open_time : Do Nov 7 14:24:57 2013 CET create_guid : 00000000-0000-0000-0000-000000000000 client_guid : 4a76dfb5-4795-11e3-be7a-5254003f141e app_instance_id : 00000000-0000-0000-0000-000000000000 disconnect_time : NTTIME(0) durable_timeout_msec : 0x00000000 (0) durable : 0x00 (0) backend_cookie : DATA_BLOB length=0 [2013/11/07 14:24:57.061805, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) Unlocking key 9892B4AC [2013/11/07 14:24:57.061907, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor) release lock order 1 for /var/run/samba/smbXsrv_open_global.tdb [2013/11/07 14:24:57.061988, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) lock order: 1: 2: 3: [2013/11/07 14:24:57.062073, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smbXsrv_open.c:862(smbXsrv_open_create) [2013/11/07 14:24:57.062118, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smbXsrv_open.c:870(smbXsrv_open_create) smbXsrv_open_create: global_id (0x9892b4ac) stored [2013/11/07 14:24:57.062198, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) &open_blob: struct smbXsrv_openB version : SMBXSRV_VERSION_0 (0) reserved : 0x00000000 (0) info : union smbXsrv_openU(case 0) info0 : * info0: struct smbXsrv_open table : * db_rec : NULL local_id : 0x3452efdc (877850588) global : * global: struct smbXsrv_open_global0 db_rec : NULL server_id: struct server_id pid : 0x0000000000002c7f (11391) task_id : 0x00000000 (0) vnn : 0xffffffff (4294967295) unique_id : 0xf0a57ba60aba1420 (-1106342180374834144) open_global_id : 0x9892b4ac (2559751340) open_persistent_id : 0x000000009892b4ac (2559751340) open_volatile_id : 0x000000003452efdc (877850588) open_owner : S-1-5-21-1094127309-486540266-3527182606-1118 open_time : Do Nov 7 14:24:57 2013 CET create_guid : 00000000-0000-0000-0000-000000000000 client_guid : 4a76dfb5-4795-11e3-be7a-5254003f141e app_instance_id : 00000000-0000-0000-0000-000000000000 disconnect_time : NTTIME(0) durable_timeout_msec : 0x00000000 (0) durable : 0x00 (0) backend_cookie : DATA_BLOB length=0 status : NT_STATUS_OK idle_time : Do Nov 7 14:24:57 2013 CET compat : NULL [2013/11/07 14:24:57.063522, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/files.c:125(file_new) allocated file structure fnum 877850588 (3 used) [2013/11/07 14:24:57.063615, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/files.c:713(file_name_hash) file_name_hash: /tmp/spoolss hash 0x7d4e46e5 [2013/11/07 14:24:57.063725, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) Create pipe requested \spoolss [2013/11/07 14:24:57.063817, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 13 for pipe \spoolss [2013/11/07 14:24:57.063969, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) Created internal pipe \spoolss [2013/11/07 14:24:57.064054, 8, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/dosmode.c:631(dos_mode) dos_mode: spoolss [2013/11/07 14:24:57.064169, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_create.c:1053(smbd_smb2_create_send) smbd_smb2_create_send: spoolss - fnum 877850588 [2013/11/07 14:24:57.064273, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[88] dyn[yes:0] at ../source3/smbd/smb2_create.c:369 [2013/11/07 14:24:57.064360, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/195/127 [2013/11/07 14:24:57.066175, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) smbd_smb2_request_incoming: idx[1] of 5 vectors [2013/11/07 14:24:57.066303, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) smb2_validate_sequence_number: clearing id 195 (position 195) from bitmap [2013/11/07 14:24:57.066389, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) smbd_smb2_request_dispatch: opcode[SMB2_OP_READ] mid = 195 [2013/11/07 14:24:57.066571, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2013/11/07 14:24:57.066677, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) mid 195, CreditCharge: 1, NeededCharge: 1 [2013/11/07 14:24:57.066768, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_read.c:400(smbd_smb2_read_send) smbd_smb2_read: spoolss - fnum 2524443903 [2013/11/07 14:24:57.066895, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) name: \spoolss len: 3112 [2013/11/07 14:24:57.066981, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:326(read_from_internal_pipe) read_from_pipe: \spoolss: current_pdu_len = 4136, current_pdu_sent = 1024 returning 3112 bytes. [2013/11/07 14:24:57.067106, 3, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) free_pipe_context: destroying talloc pool of size 1258 smbd_smb2_request_pending_queue: req->current_idx = 1 req->in.vector[0].iov_len = 0 req->in.vector[1].iov_len = 0 req->in.vector[2].iov_len = 64 req->in.vector[3].iov_len = 48 req->in.vector[4].iov_len = 1 req->out.vector[0].iov_len = 4 req->out.vector[1].iov_len = 0 req->out.vector[2].iov_len = 64 req->out.vector[3].iov_len = 8 req->out.vector[4].iov_len = 0 [2013/11/07 14:24:57.067669, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 3112 bytes. There is more data outstanding [2013/11/07 14:24:57.067754, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[16] dyn[yes:3112] at ../source3/smbd/smb2_read.c:154 [2013/11/07 14:24:57.067839, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/196/127 [2013/11/07 14:24:57.068058, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) smbd_smb2_request_incoming: idx[1] of 5 vectors [2013/11/07 14:24:57.068149, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) smb2_validate_sequence_number: clearing id 196 (position 196) from bitmap [2013/11/07 14:24:57.068253, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) smbd_smb2_request_dispatch: opcode[SMB2_OP_WRITE] mid = 196 [2013/11/07 14:24:57.068348, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2013/11/07 14:24:57.068542, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) mid 196, CreditCharge: 1, NeededCharge: 1 [2013/11/07 14:24:57.068628, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_write.c:271(smbd_smb2_write_send) smbd_smb2_write: spoolss - fnum 877850588 [2013/11/07 14:24:57.068720, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 160 [2013/11/07 14:24:57.068802, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 160 [2013/11/07 14:24:57.068884, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 160 [2013/11/07 14:24:57.068966, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) fill_rpc_header: data_to_copy = 160, len_needed_to_complete_hdr = 16, receive_len = 0 [2013/11/07 14:24:57.069057, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 16 [2013/11/07 14:24:57.069137, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 144 [2013/11/07 14:24:57.069216, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 144 [2013/11/07 14:24:57.069334, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 0 [2013/11/07 14:24:57.069452, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 144 [2013/11/07 14:24:57.069534, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 144, incoming data = 144 [2013/11/07 14:24:57.069649, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) PDU is in Little Endian format! [2013/11/07 14:24:57.069743, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_BIND (11) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x00a0 (160) auth_length : 0x0000 (0) call_id : 0x00000002 (2) u : union dcerpc_payload(case 11) bind: struct dcerpc_bind max_xmit_frag : 0x10b8 (4280) max_recv_frag : 0x10b8 (4280) assoc_group_id : 0x00000000 (0) num_contexts : 0x03 (3) ctx_list: ARRAY(3) ctx_list: struct dcerpc_ctx_list context_id : 0x0000 (0) num_transfer_syntaxes : 0x01 (1) abstract_syntax: struct ndr_syntax_id uuid : 12345678-1234-abcd-ef00-0123456789ab if_version : 0x00000001 (1) transfer_syntaxes: ARRAY(1) transfer_syntaxes: struct ndr_syntax_id uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 if_version : 0x00000002 (2) ctx_list: struct dcerpc_ctx_list context_id : 0x0001 (1) num_transfer_syntaxes : 0x01 (1) abstract_syntax: struct ndr_syntax_id uuid : 12345678-1234-abcd-ef00-0123456789ab if_version : 0x00000001 (1) transfer_syntaxes: ARRAY(1) transfer_syntaxes: struct ndr_syntax_id uuid : 71710533-beba-4937-8319-b5dbef9ccc36 if_version : 0x00000001 (1) ctx_list: struct dcerpc_ctx_list context_id : 0x0002 (2) num_transfer_syntaxes : 0x01 (1) abstract_syntax: struct ndr_syntax_id uuid : 12345678-1234-abcd-ef00-0123456789ab if_version : 0x00000001 (1) transfer_syntaxes: ARRAY(1) transfer_syntaxes: struct ndr_syntax_id uuid : 6cb71c2c-9812-4540-0300-000000000000 if_version : 0x00000001 (1) auth_info : DATA_BLOB length=0 [2013/11/07 14:24:57.071884, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) Processing packet type 11 [2013/11/07 14:24:57.072051, 3, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:693(api_pipe_bind_req) api_pipe_bind_req: spoolss -> spoolss rpc service [2013/11/07 14:24:57.072136, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:724(api_pipe_bind_req) api_pipe_bind_req: make response. 724 [2013/11/07 14:24:57.072218, 3, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:342(check_bind_req) check_bind_req for \spoolss [2013/11/07 14:24:57.072303, 3, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:349(check_bind_req) check_bind_req: spoolss -> spoolss rpc service [2013/11/07 14:24:57.072410, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 14 for pipe \spoolss [2013/11/07 14:24:57.072517, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_BIND_ACK (12) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0044 (68) auth_length : 0x0000 (0) call_id : 0x00000002 (2) u : union dcerpc_payload(case 12) bind_ack: struct dcerpc_bind_ack max_xmit_frag : 0x10b8 (4280) max_recv_frag : 0x10b8 (4280) assoc_group_id : 0x000053f0 (21488) secondary_address_size : 0x000e (14) secondary_address : '\PIPE\spoolss' _pad1 : DATA_BLOB length=0 num_results : 0x01 (1) ctx_list: ARRAY(1) ctx_list: struct dcerpc_ack_ctx result : 0x0000 (0) reason : 0x0000 (0) syntax: struct ndr_syntax_id uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 if_version : 0x00000002 (2) auth_info : DATA_BLOB length=0 [2013/11/07 14:24:57.073731, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 144 smbd_smb2_request_pending_queue: req->current_idx = 1 req->in.vector[0].iov_len = 0 req->in.vector[1].iov_len = 0 req->in.vector[2].iov_len = 64 req->in.vector[3].iov_len = 48 req->in.vector[4].iov_len = 160 req->out.vector[0].iov_len = 4 req->out.vector[1].iov_len = 0 req->out.vector[2].iov_len = 64 req->out.vector[3].iov_len = 8 req->out.vector[4].iov_len = 0 [2013/11/07 14:24:57.074218, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[16] dyn[yes:0] at ../source3/smbd/smb2_write.c:150 [2013/11/07 14:24:57.074305, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/197/127 [2013/11/07 14:24:57.074474, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) smbd_smb2_request_incoming: idx[1] of 5 vectors [2013/11/07 14:24:57.074567, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) smb2_validate_sequence_number: clearing id 197 (position 197) from bitmap [2013/11/07 14:24:57.074650, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) smbd_smb2_request_dispatch: opcode[SMB2_OP_IOCTL] mid = 197 [2013/11/07 14:24:57.074746, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2013/11/07 14:24:57.074834, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) mid 197, CreditCharge: 1, NeededCharge: 1 [2013/11/07 14:24:57.074917, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl.c:394(smbd_smb2_ioctl_send) smbd_smb2_ioctl: ctl_code[0x0011c017] spoolss, fnum 2524443903 [2013/11/07 14:24:57.075004, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:59(smb2_ioctl_named_pipe) smbd_smb2_ioctl_send: np_write_send of size 4156 [2013/11/07 14:24:57.075086, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 4156 [2013/11/07 14:24:57.075167, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 4156 [2013/11/07 14:24:57.075280, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 4156 [2013/11/07 14:24:57.075380, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) fill_rpc_header: data_to_copy = 4156, len_needed_to_complete_hdr = 16, receive_len = 0 [2013/11/07 14:24:57.075462, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 16 [2013/11/07 14:24:57.075542, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 4140 [2013/11/07 14:24:57.075622, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 4140 [2013/11/07 14:24:57.075707, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 0 [2013/11/07 14:24:57.075787, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 4140 [2013/11/07 14:24:57.075866, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 4140, incoming data = 4140 [2013/11/07 14:24:57.075951, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) PDU is in Little Endian format! [2013/11/07 14:24:57.076040, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x103c (4156) auth_length : 0x0000 (0) call_id : 0x00000004 (4) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x00001024 (4132) context_id : 0x0000 (0) opnum : 0x0008 (8) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=4132 [0000] 00 00 00 00 5C 01 00 00 00 00 00 00 7B 52 A8 94 ....\... ....{R.. [0010] 7F 2C 00 00 02 00 00 00 00 00 02 00 00 10 00 00 .,...... ........ [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1020] 00 10 00 00 .... [2013/11/07 14:24:57.094352, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) Processing packet type 0 [2013/11/07 14:24:57.094435, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1472(dcesrv_auth_request) Checking request auth. [2013/11/07 14:24:57.094527, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(2016, 5001) : sec_ctx_stack_ndx = 1 [2013/11/07 14:24:57.094617, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (2016, 5001) - sec_ctx_stack_ndx = 1 [2013/11/07 14:24:57.094702, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (7): SID[ 0]: S-1-5-21-1094127309-486540266-3527182606-1118 SID[ 1]: S-1-5-21-1094127309-486540266-3527182606-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-32-545 SID[ 6]: S-1-5-32-554 Privileges (0x 800000): Privilege[ 0]: SeChangeNotifyPrivilege Rights (0x 400): Right[ 0]: SeRemoteInteractiveLogonRight [2013/11/07 14:24:57.095200, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 2016 Primary group is 5001 and contains 6 supplementary groups Group[ 0]: 5001 Group[ 1]: 5012 Group[ 2]: 5032 Group[ 3]: 5010 Group[ 4]: 5067 Group[ 5]: 5052 [2013/11/07 14:24:57.095547, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1324(api_pipe_request) Requested \spoolss rpc service [2013/11/07 14:24:57.095633, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1356(api_rpcTNP) api_rpcTNP: \spoolss op 0x8 - api_rpcTNP: rpc command: SPOOLSS_GETPRINTER [2013/11/07 14:24:57.095719, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1390(api_rpcTNP) api_rpc_cmds[8].fn == 0xb766e000 [2013/11/07 14:24:57.095807, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) spoolss_GetPrinter: struct spoolss_GetPrinter in: struct spoolss_GetPrinter handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000015c-0000-0000-7b52-a8947f2c0000 level : 0x00000002 (2) buffer : * buffer : DATA_BLOB length=4096 [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ offered : 0x00001000 (4096) [2013/11/07 14:24:57.113239, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 5C 01 00 00 00 00 00 00 7B 52 A8 94 ....\... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.113409, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 5C 01 00 00 00 00 00 00 7B 52 A8 94 ....\... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.113558, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:489(get_printer_snum) short name:sprinter1 [2013/11/07 14:24:57.113739, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) Create pipe requested \winreg [2013/11/07 14:24:57.113896, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:221(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \winreg [2013/11/07 14:24:57.113981, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg [2013/11/07 14:24:57.114119, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) Created internal pipe \winreg [2013/11/07 14:24:57.114236, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:24:57.114746, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2013/11/07 14:24:57.114849, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(2016, 5001) : sec_ctx_stack_ndx = 2 [2013/11/07 14:24:57.114938, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:485(push_conn_ctx) push_conn_ctx(2620291195) : conn_ctx_stack_ndx = 0 [2013/11/07 14:24:57.115020, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/11/07 14:24:57.115100, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/11/07 14:24:57.115180, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/11/07 14:24:57.115428, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (2016, 5001) - sec_ctx_stack_ndx = 1 [2013/11/07 14:24:57.115514, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:866(regdb_open) regdb_open: registry db opened. refcount reset (1) [2013/11/07 14:24:57.115600, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2013/11/07 14:24:57.115681, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2013/11/07 14:24:57.115766, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:57.115845, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM] [2013/11/07 14:24:57.115974, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2013/11/07 14:24:57.116077, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:24:57.116165, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 65 01 00 00 00 00 00 00 7B 52 A9 94 ....e... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.116318, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000165-0000-0000-7b52-a9947f2c0000 result : WERR_OK [2013/11/07 14:24:57.116742, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000165-0000-0000-7b52-a9947f2c0000 keyname: struct winreg_String name_len : 0x008c (140) name_size : 0x008c (140) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:24:57.117887, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 65 01 00 00 00 00 00 00 7B 52 A9 94 ....e... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.118048, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2013/11/07 14:24:57.118131, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (1->2) [2013/11/07 14:24:57.118215, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2013/11/07 14:24:57.118295, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2013/11/07 14:24:57.118378, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:57.118458, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE] [2013/11/07 14:24:57.118571, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2013/11/07 14:24:57.118673, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2013/11/07 14:24:57.118755, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (2->3) [2013/11/07 14:24:57.118839, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:57.118919, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:57.119003, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:57.119081, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:57.119187, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:57.119287, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2013/11/07 14:24:57.119385, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (3->4) [2013/11/07 14:24:57.119470, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:57.119549, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:57.119633, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:57.119712, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:57.119816, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:57.119917, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2013/11/07 14:24:57.119999, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (4->5) [2013/11/07 14:24:57.120083, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:57.120163, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:57.120248, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:57.120327, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:57.120486, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2013/11/07 14:24:57.120569, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (5->6) [2013/11/07 14:24:57.120654, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:57.120735, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:57.120824, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:57.120903, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:57.121009, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2013/11/07 14:24:57.121092, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (6->7) [2013/11/07 14:24:57.121200, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:57.121294, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:57.121383, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:57.121462, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:57.121565, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:57.121668, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [sprinter1] [2013/11/07 14:24:57.121750, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (7->8) [2013/11/07 14:24:57.121836, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:57.121916, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:57.122004, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:57.122146, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:57.122276, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:57.122380, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:24:57.122465, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (8->7) [2013/11/07 14:24:57.122550, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (7->6) [2013/11/07 14:24:57.122634, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (6->5) [2013/11/07 14:24:57.122716, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (5->4) [2013/11/07 14:24:57.122799, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (4->3) [2013/11/07 14:24:57.122896, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (3->2) [2013/11/07 14:24:57.122982, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 66 01 00 00 00 00 00 00 7B 52 A9 94 ....f... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.123131, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000166-0000-0000-7b52-a9947f2c0000 result : WERR_OK [2013/11/07 14:24:57.123483, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey in: struct winreg_QueryInfoKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000166-0000-0000-7b52-a9947f2c0000 classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL [2013/11/07 14:24:57.123954, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 66 01 00 00 00 00 00 00 7B 52 A9 94 ....f... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.124110, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' (ops 0xb6d86bc0) [2013/11/07 14:24:57.124194, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:57.124312, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[0]: name[Attributes] len[4] [2013/11/07 14:24:57.124429, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[1]: name[Description] len[2] [2013/11/07 14:24:57.124518, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[2]: name[Datatype] len[8] [2013/11/07 14:24:57.124603, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[3]: name[Default Priority] len[4] [2013/11/07 14:24:57.124687, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[4]: name[Port] len[38] [2013/11/07 14:24:57.124772, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[5]: name[Name] len[20] [2013/11/07 14:24:57.124856, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[6]: name[Print Processor] len[18] [2013/11/07 14:24:57.124955, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[7]: name[Priority] len[4] [2013/11/07 14:24:57.125041, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[8]: name[Security] len[248] [2013/11/07 14:24:57.125126, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[9]: name[Share Name] len[20] [2013/11/07 14:24:57.125212, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[10]: name[StartTime] len[4] [2013/11/07 14:24:57.125311, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[11]: name[UntilTime] len[4] [2013/11/07 14:24:57.125397, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[12]: name[ChangeID] len[4] [2013/11/07 14:24:57.125483, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:57.125590, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey out: struct winreg_QueryInfoKey classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL num_subkeys : * num_subkeys : 0x00000003 (3) max_subkeylen : * max_subkeylen : 0x00000022 (34) max_classlen : * max_classlen : 0x00000000 (0) num_values : * num_values : 0x0000000d (13) max_valnamelen : * max_valnamelen : 0x00000022 (34) max_valbufsize : * max_valbufsize : 0x000000f8 (248) secdescsize : * secdescsize : 0x00000078 (120) last_changed_time : * last_changed_time : NTTIME(0) result : WERR_OK [2013/11/07 14:24:57.126580, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000166-0000-0000-7b52-a9947f2c0000 enum_index : 0x00000000 (0) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:57.127446, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 66 01 00 00 00 00 00 00 7B 52 A9 94 ....f... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.127599, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:57.127687, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0016 (22) size : 0x0024 (36) name : * name : 'Attributes' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x48 (72) [1] : 0x10 (16) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:57.128621, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000166-0000-0000-7b52-a9947f2c0000 enum_index : 0x00000001 (1) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:57.129532, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 66 01 00 00 00 00 00 00 7B 52 A9 94 ....f... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.129682, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:57.129774, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0018 (24) size : 0x0024 (36) name : * name : 'Description' type : * type : REG_SZ (1) value : * value: ARRAY(2) [0] : 0x00 (0) [1] : 0x00 (0) size : * size : 0x00000002 (2) length : * length : 0x00000002 (2) result : WERR_OK [2013/11/07 14:24:57.130740, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000166-0000-0000-7b52-a9947f2c0000 enum_index : 0x00000002 (2) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:57.131600, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 66 01 00 00 00 00 00 00 7B 52 A9 94 ....f... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.131753, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:57.131840, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Datatype' type : * type : REG_SZ (1) value : * value: ARRAY(8) [0] : 0x52 (82) [1] : 0x00 (0) [2] : 0x41 (65) [3] : 0x00 (0) [4] : 0x57 (87) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) size : * size : 0x00000008 (8) length : * length : 0x00000008 (8) result : WERR_OK [2013/11/07 14:24:57.132928, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000166-0000-0000-7b52-a9947f2c0000 enum_index : 0x00000003 (3) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:57.133789, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 66 01 00 00 00 00 00 00 7B 52 A9 94 ....f... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.133941, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:57.134028, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0022 (34) size : 0x0024 (36) name : * name : 'Default Priority' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:57.134897, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000166-0000-0000-7b52-a9947f2c0000 enum_index : 0x00000004 (4) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:57.135756, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 66 01 00 00 00 00 00 00 7B 52 A9 94 ....f... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.135909, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:57.135996, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x000a (10) size : 0x0024 (36) name : * name : 'Port' type : * type : REG_SZ (1) value : * value: ARRAY(38) [0] : 0x53 (83) [1] : 0x00 (0) [2] : 0x61 (97) [3] : 0x00 (0) [4] : 0x6d (109) [5] : 0x00 (0) [6] : 0x62 (98) [7] : 0x00 (0) [8] : 0x61 (97) [9] : 0x00 (0) [10] : 0x20 (32) [11] : 0x00 (0) [12] : 0x50 (80) [13] : 0x00 (0) [14] : 0x72 (114) [15] : 0x00 (0) [16] : 0x69 (105) [17] : 0x00 (0) [18] : 0x6e (110) [19] : 0x00 (0) [20] : 0x74 (116) [21] : 0x00 (0) [22] : 0x65 (101) [23] : 0x00 (0) [24] : 0x72 (114) [25] : 0x00 (0) [26] : 0x20 (32) [27] : 0x00 (0) [28] : 0x50 (80) [29] : 0x00 (0) [30] : 0x6f (111) [31] : 0x00 (0) [32] : 0x72 (114) [33] : 0x00 (0) [34] : 0x74 (116) [35] : 0x00 (0) [36] : 0x00 (0) [37] : 0x00 (0) size : * size : 0x00000026 (38) length : * length : 0x00000026 (38) result : WERR_OK [2013/11/07 14:24:57.138241, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000166-0000-0000-7b52-a9947f2c0000 enum_index : 0x00000005 (5) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:57.139104, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 66 01 00 00 00 00 00 00 7B 52 A9 94 ....f... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.139253, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:57.139341, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x000a (10) size : 0x0024 (36) name : * name : 'Name' type : * type : REG_SZ (1) value : * value: ARRAY(20) [0] : 0x73 (115) [1] : 0x00 (0) [2] : 0x70 (112) [3] : 0x00 (0) [4] : 0x72 (114) [5] : 0x00 (0) [6] : 0x69 (105) [7] : 0x00 (0) [8] : 0x6e (110) [9] : 0x00 (0) [10] : 0x74 (116) [11] : 0x00 (0) [12] : 0x65 (101) [13] : 0x00 (0) [14] : 0x72 (114) [15] : 0x00 (0) [16] : 0x31 (49) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) size : * size : 0x00000014 (20) length : * length : 0x00000014 (20) result : WERR_OK [2013/11/07 14:24:57.140861, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000166-0000-0000-7b52-a9947f2c0000 enum_index : 0x00000006 (6) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:57.141761, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 66 01 00 00 00 00 00 00 7B 52 A9 94 ....f... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.141911, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:57.142001, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0020 (32) size : 0x0024 (36) name : * name : 'Print Processor' type : * type : REG_SZ (1) value : * value: ARRAY(18) [0] : 0x77 (119) [1] : 0x00 (0) [2] : 0x69 (105) [3] : 0x00 (0) [4] : 0x6e (110) [5] : 0x00 (0) [6] : 0x70 (112) [7] : 0x00 (0) [8] : 0x72 (114) [9] : 0x00 (0) [10] : 0x69 (105) [11] : 0x00 (0) [12] : 0x6e (110) [13] : 0x00 (0) [14] : 0x74 (116) [15] : 0x00 (0) [16] : 0x00 (0) [17] : 0x00 (0) size : * size : 0x00000012 (18) length : * length : 0x00000012 (18) result : WERR_OK [2013/11/07 14:24:57.143412, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000166-0000-0000-7b52-a9947f2c0000 enum_index : 0x00000007 (7) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:57.144277, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 66 01 00 00 00 00 00 00 7B 52 A9 94 ....f... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.144458, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:57.144545, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Priority' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:57.145430, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000166-0000-0000-7b52-a9947f2c0000 enum_index : 0x00000008 (8) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:57.146275, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 66 01 00 00 00 00 00 00 7B 52 A9 94 ....f... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.146438, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:57.146525, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Security' type : * type : REG_BINARY (3) value : * value: ARRAY(248) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0xc4 (196) [55] : 0x00 (0) [56] : 0x07 (7) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x24 (36) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x05 (5) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x15 (21) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0xcd (205) [101] : 0x0e (14) [102] : 0x37 (55) [103] : 0x41 (65) [104] : 0xea (234) [105] : 0x03 (3) [106] : 0x00 (0) [107] : 0x1d (29) [108] : 0x0e (14) [109] : 0x89 (137) [110] : 0x3c (60) [111] : 0xd2 (210) [112] : 0x00 (0) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x02 (2) [118] : 0x24 (36) [119] : 0x00 (0) [120] : 0x0c (12) [121] : 0x00 (0) [122] : 0x0f (15) [123] : 0x10 (16) [124] : 0x01 (1) [125] : 0x05 (5) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x05 (5) [132] : 0x15 (21) [133] : 0x00 (0) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0xcd (205) [137] : 0x0e (14) [138] : 0x37 (55) [139] : 0x41 (65) [140] : 0xea (234) [141] : 0x03 (3) [142] : 0x00 (0) [143] : 0x1d (29) [144] : 0x0e (14) [145] : 0x89 (137) [146] : 0x3c (60) [147] : 0xd2 (210) [148] : 0x00 (0) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x09 (9) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x20 (32) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x02 (2) [178] : 0x18 (24) [179] : 0x00 (0) [180] : 0x0c (12) [181] : 0x00 (0) [182] : 0x0f (15) [183] : 0x10 (16) [184] : 0x01 (1) [185] : 0x02 (2) [186] : 0x00 (0) [187] : 0x00 (0) [188] : 0x00 (0) [189] : 0x00 (0) [190] : 0x00 (0) [191] : 0x05 (5) [192] : 0x20 (32) [193] : 0x00 (0) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x20 (32) [197] : 0x02 (2) [198] : 0x00 (0) [199] : 0x00 (0) [200] : 0x00 (0) [201] : 0x09 (9) [202] : 0x18 (24) [203] : 0x00 (0) [204] : 0x0c (12) [205] : 0x00 (0) [206] : 0x0f (15) [207] : 0x10 (16) [208] : 0x01 (1) [209] : 0x02 (2) [210] : 0x00 (0) [211] : 0x00 (0) [212] : 0x00 (0) [213] : 0x00 (0) [214] : 0x00 (0) [215] : 0x05 (5) [216] : 0x20 (32) [217] : 0x00 (0) [218] : 0x00 (0) [219] : 0x00 (0) [220] : 0x26 (38) [221] : 0x02 (2) [222] : 0x00 (0) [223] : 0x00 (0) [224] : 0x00 (0) [225] : 0x02 (2) [226] : 0x18 (24) [227] : 0x00 (0) [228] : 0x0c (12) [229] : 0x00 (0) [230] : 0x0f (15) [231] : 0x10 (16) [232] : 0x01 (1) [233] : 0x02 (2) [234] : 0x00 (0) [235] : 0x00 (0) [236] : 0x00 (0) [237] : 0x00 (0) [238] : 0x00 (0) [239] : 0x05 (5) [240] : 0x20 (32) [241] : 0x00 (0) [242] : 0x00 (0) [243] : 0x00 (0) [244] : 0x26 (38) [245] : 0x02 (2) [246] : 0x00 (0) [247] : 0x00 (0) size : * size : 0x000000f8 (248) length : * length : 0x000000f8 (248) result : WERR_OK [2013/11/07 14:24:57.157127, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000166-0000-0000-7b52-a9947f2c0000 enum_index : 0x00000009 (9) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:57.158007, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 66 01 00 00 00 00 00 00 7B 52 A9 94 ....f... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.158156, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:57.158243, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0016 (22) size : 0x0024 (36) name : * name : 'Share Name' type : * type : REG_SZ (1) value : * value: ARRAY(20) [0] : 0x73 (115) [1] : 0x00 (0) [2] : 0x70 (112) [3] : 0x00 (0) [4] : 0x72 (114) [5] : 0x00 (0) [6] : 0x69 (105) [7] : 0x00 (0) [8] : 0x6e (110) [9] : 0x00 (0) [10] : 0x74 (116) [11] : 0x00 (0) [12] : 0x65 (101) [13] : 0x00 (0) [14] : 0x72 (114) [15] : 0x00 (0) [16] : 0x31 (49) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) size : * size : 0x00000014 (20) length : * length : 0x00000014 (20) result : WERR_OK [2013/11/07 14:24:57.159737, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000166-0000-0000-7b52-a9947f2c0000 enum_index : 0x0000000a (10) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:57.160634, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 66 01 00 00 00 00 00 00 7B 52 A9 94 ....f... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.160783, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:57.160868, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0014 (20) size : 0x0024 (36) name : * name : 'StartTime' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:57.161752, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000166-0000-0000-7b52-a9947f2c0000 enum_index : 0x0000000b (11) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:57.162611, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 66 01 00 00 00 00 00 00 7B 52 A9 94 ....f... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.162759, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:57.162859, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0014 (20) size : 0x0024 (36) name : * name : 'UntilTime' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:57.163733, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000166-0000-0000-7b52-a9947f2c0000 enum_index : 0x0000000c (12) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:57.164602, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 66 01 00 00 00 00 00 00 7B 52 A9 94 ....f... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.164754, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:57.164841, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'ChangeID' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x33 (51) [1] : 0xac (172) [2] : 0x0e (14) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:57.165797, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000166-0000-0000-7b52-a9947f2c0000 value_name : * value_name: struct winreg_String name_len : 0x0020 (32) name_size : 0x0020 (32) name : * name : 'Default DevMode' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2013/11/07 14:24:57.166568, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 66 01 00 00 00 00 00 00 7B 52 A9 94 ....f... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.166718, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:57.166800, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2013/11/07 14:24:57.166889, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:316(_winreg_QueryValue) _winreg_QueryValue: reg_queryvalue failed with: WERR_BADFILE [2013/11/07 14:24:57.166970, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) result : WERR_BADFILE [2013/11/07 14:24:57.167430, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:24:57.167938, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2013/11/07 14:24:57.168036, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (2->3) [2013/11/07 14:24:57.168121, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2013/11/07 14:24:57.168202, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2013/11/07 14:24:57.168286, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:57.168366, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM] [2013/11/07 14:24:57.168519, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2013/11/07 14:24:57.168623, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:24:57.168711, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[3] [0000] 00 00 00 00 67 01 00 00 00 00 00 00 7B 52 A9 94 ....g... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.168864, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000167-0000-0000-7b52-a9947f2c0000 result : WERR_OK [2013/11/07 14:24:57.169209, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000167-0000-0000-7b52-a9947f2c0000 keyname: struct winreg_String name_len : 0x008c (140) name_size : 0x008c (140) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:24:57.170226, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 67 01 00 00 00 00 00 00 7B 52 A9 94 ....g... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.170397, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2013/11/07 14:24:57.170479, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (3->4) [2013/11/07 14:24:57.170563, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2013/11/07 14:24:57.170643, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2013/11/07 14:24:57.170727, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:57.170806, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE] [2013/11/07 14:24:57.170916, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2013/11/07 14:24:57.171015, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2013/11/07 14:24:57.171097, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (4->5) [2013/11/07 14:24:57.171182, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:57.171261, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:57.171344, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:57.171423, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:57.171528, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:57.171627, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2013/11/07 14:24:57.171709, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (5->6) [2013/11/07 14:24:57.171794, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:57.171874, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:57.171958, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:57.172037, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:57.172139, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:57.172330, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2013/11/07 14:24:57.172440, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (6->7) [2013/11/07 14:24:57.172526, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:57.172605, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:57.172691, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:57.172770, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:57.172894, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2013/11/07 14:24:57.172976, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (7->8) [2013/11/07 14:24:57.173062, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:57.173142, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:57.173230, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:57.173336, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:57.173445, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2013/11/07 14:24:57.173527, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (8->9) [2013/11/07 14:24:57.173612, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:57.173694, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:57.173784, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:57.173864, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:57.173969, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:57.174087, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [sprinter1] [2013/11/07 14:24:57.174169, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (9->10) [2013/11/07 14:24:57.174255, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:57.174336, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:57.174423, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:57.174502, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:57.174615, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:57.174718, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:24:57.174803, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (10->9) [2013/11/07 14:24:57.174887, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (9->8) [2013/11/07 14:24:57.174971, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (8->7) [2013/11/07 14:24:57.175055, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (7->6) [2013/11/07 14:24:57.175138, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (6->5) [2013/11/07 14:24:57.175221, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (5->4) [2013/11/07 14:24:57.175305, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[4] [0000] 00 00 00 00 68 01 00 00 00 00 00 00 7B 52 A9 94 ....h... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.175457, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000168-0000-0000-7b52-a9947f2c0000 result : WERR_OK [2013/11/07 14:24:57.175810, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000168-0000-0000-7b52-a9947f2c0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2013/11/07 14:24:57.176626, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 68 01 00 00 00 00 00 00 7B 52 A9 94 ....h... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.176778, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:57.176860, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2013/11/07 14:24:57.176942, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' (ops 0xb6d86bc0) [2013/11/07 14:24:57.177025, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:57.177134, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[0]: name[Attributes] len[4] [2013/11/07 14:24:57.177218, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[1]: name[Description] len[2] [2013/11/07 14:24:57.177332, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[2]: name[Datatype] len[8] [2013/11/07 14:24:57.177417, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[3]: name[Default Priority] len[4] [2013/11/07 14:24:57.177501, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[4]: name[Port] len[38] [2013/11/07 14:24:57.177586, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[5]: name[Name] len[20] [2013/11/07 14:24:57.177670, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[6]: name[Print Processor] len[18] [2013/11/07 14:24:57.177755, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[7]: name[Priority] len[4] [2013/11/07 14:24:57.177855, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[8]: name[Security] len[248] [2013/11/07 14:24:57.177940, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[9]: name[Share Name] len[20] [2013/11/07 14:24:57.178025, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[10]: name[StartTime] len[4] [2013/11/07 14:24:57.178110, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[11]: name[UntilTime] len[4] [2013/11/07 14:24:57.178195, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[12]: name[ChangeID] len[4] [2013/11/07 14:24:57.178282, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : NULL data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x00000000 (0) result : WERR_OK [2013/11/07 14:24:57.178740, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000168-0000-0000-7b52-a9947f2c0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_BINARY (3) data : * data: ARRAY(0) data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x00000000 (0) [2013/11/07 14:24:57.179551, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 68 01 00 00 00 00 00 00 7B 52 A9 94 ....h... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.179700, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:57.179782, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2013/11/07 14:24:57.179870, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : * data: ARRAY(248) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0xc4 (196) [55] : 0x00 (0) [56] : 0x07 (7) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x24 (36) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x05 (5) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x15 (21) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0xcd (205) [101] : 0x0e (14) [102] : 0x37 (55) [103] : 0x41 (65) [104] : 0xea (234) [105] : 0x03 (3) [106] : 0x00 (0) [107] : 0x1d (29) [108] : 0x0e (14) [109] : 0x89 (137) [110] : 0x3c (60) [111] : 0xd2 (210) [112] : 0x00 (0) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x02 (2) [118] : 0x24 (36) [119] : 0x00 (0) [120] : 0x0c (12) [121] : 0x00 (0) [122] : 0x0f (15) [123] : 0x10 (16) [124] : 0x01 (1) [125] : 0x05 (5) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x05 (5) [132] : 0x15 (21) [133] : 0x00 (0) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0xcd (205) [137] : 0x0e (14) [138] : 0x37 (55) [139] : 0x41 (65) [140] : 0xea (234) [141] : 0x03 (3) [142] : 0x00 (0) [143] : 0x1d (29) [144] : 0x0e (14) [145] : 0x89 (137) [146] : 0x3c (60) [147] : 0xd2 (210) [148] : 0x00 (0) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x09 (9) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x20 (32) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x02 (2) [178] : 0x18 (24) [179] : 0x00 (0) [180] : 0x0c (12) [181] : 0x00 (0) [182] : 0x0f (15) [183] : 0x10 (16) [184] : 0x01 (1) [185] : 0x02 (2) [186] : 0x00 (0) [187] : 0x00 (0) [188] : 0x00 (0) [189] : 0x00 (0) [190] : 0x00 (0) [191] : 0x05 (5) [192] : 0x20 (32) [193] : 0x00 (0) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x20 (32) [197] : 0x02 (2) [198] : 0x00 (0) [199] : 0x00 (0) [200] : 0x00 (0) [201] : 0x09 (9) [202] : 0x18 (24) [203] : 0x00 (0) [204] : 0x0c (12) [205] : 0x00 (0) [206] : 0x0f (15) [207] : 0x10 (16) [208] : 0x01 (1) [209] : 0x02 (2) [210] : 0x00 (0) [211] : 0x00 (0) [212] : 0x00 (0) [213] : 0x00 (0) [214] : 0x00 (0) [215] : 0x05 (5) [216] : 0x20 (32) [217] : 0x00 (0) [218] : 0x00 (0) [219] : 0x00 (0) [220] : 0x26 (38) [221] : 0x02 (2) [222] : 0x00 (0) [223] : 0x00 (0) [224] : 0x00 (0) [225] : 0x02 (2) [226] : 0x18 (24) [227] : 0x00 (0) [228] : 0x0c (12) [229] : 0x00 (0) [230] : 0x0f (15) [231] : 0x10 (16) [232] : 0x01 (1) [233] : 0x02 (2) [234] : 0x00 (0) [235] : 0x00 (0) [236] : 0x00 (0) [237] : 0x00 (0) [238] : 0x00 (0) [239] : 0x05 (5) [240] : 0x20 (32) [241] : 0x00 (0) [242] : 0x00 (0) [243] : 0x00 (0) [244] : 0x26 (38) [245] : 0x02 (2) [246] : 0x00 (0) [247] : 0x00 (0) data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x000000f8 (248) result : WERR_OK [2013/11/07 14:24:57.190216, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000168-0000-0000-7b52-a9947f2c0000 [2013/11/07 14:24:57.190501, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 68 01 00 00 00 00 00 00 7B 52 A9 94 ....h... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.190651, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 68 01 00 00 00 00 00 00 7B 52 A9 94 ....h... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.190799, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:24:57.190885, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (4->3) [2013/11/07 14:24:57.190982, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:24:57.191318, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000167-0000-0000-7b52-a9947f2c0000 [2013/11/07 14:24:57.191596, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 67 01 00 00 00 00 00 00 7B 52 A9 94 ....g... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.191744, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 67 01 00 00 00 00 00 00 7B 52 A9 94 ....g... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.191891, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:24:57.191973, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (3->2) [2013/11/07 14:24:57.192055, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:24:57.192415, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000166-0000-0000-7b52-a9947f2c0000 [2013/11/07 14:24:57.192696, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 66 01 00 00 00 00 00 00 7B 52 A9 94 ....f... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.192844, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 66 01 00 00 00 00 00 00 7B 52 A9 94 ....f... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.192990, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:24:57.193078, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (2->1) [2013/11/07 14:24:57.193161, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:24:57.193524, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000165-0000-0000-7b52-a9947f2c0000 [2013/11/07 14:24:57.193803, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 65 01 00 00 00 00 00 00 7B 52 A9 94 ....e... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.193955, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 65 01 00 00 00 00 00 00 7B 52 A9 94 ....e... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.194105, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:24:57.194188, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (1->0) [2013/11/07 14:24:57.194294, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:24:57.194631, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:416(close_policy_by_pipe) Deleted handle list for RPC connection \winreg [2013/11/07 14:24:57.194845, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) spoolss_GetPrinter: struct spoolss_GetPrinter out: struct spoolss_GetPrinter info : * info : union spoolss_PrinterInfo(case 2) info2: struct spoolss_PrinterInfo2 servername : * servername : '\\SLAVER' printername : * printername : '\\SLAVER\sprinter1' sharename : * sharename : 'sprinter1' portname : * portname : 'Samba Printer Port' drivername : * drivername : '' comment : * comment : '' location : * location : '' devmode : * devmode: struct spoolss_DeviceMode devicename : '\\SLAVER\sprinter1' specversion : DMSPEC_NT4_AND_ABOVE (1025) driverversion : 0x0400 (1024) size : 0x00dc (220) __driverextra_length : 0x0000 (0) fields : 0x00014713 (83731) 1: DEVMODE_ORIENTATION 1: DEVMODE_PAPERSIZE 0: DEVMODE_PAPERLENGTH 0: DEVMODE_PAPERWIDTH 1: DEVMODE_SCALE 0: DEVMODE_POSITION 0: DEVMODE_NUP 1: DEVMODE_COPIES 1: DEVMODE_DEFAULTSOURCE 1: DEVMODE_PRINTQUALITY 0: DEVMODE_COLOR 0: DEVMODE_DUPLEX 0: DEVMODE_YRESOLUTION 1: DEVMODE_TTOPTION 0: DEVMODE_COLLATE 1: DEVMODE_FORMNAME 0: DEVMODE_LOGPIXELS 0: DEVMODE_BITSPERPEL 0: DEVMODE_PELSWIDTH 0: DEVMODE_PELSHEIGHT 0: DEVMODE_DISPLAYFLAGS 0: DEVMODE_DISPLAYFREQUENCY 0: DEVMODE_ICMMETHOD 0: DEVMODE_ICMINTENT 0: DEVMODE_MEDIATYPE 0: DEVMODE_DITHERTYPE 0: DEVMODE_PANNINGWIDTH 0: DEVMODE_PANNINGHEIGHT orientation : DMORIENT_PORTRAIT (1) papersize : DMPAPER_LETTER (1) paperlength : 0x0000 (0) paperwidth : 0x0000 (0) scale : 0x0064 (100) copies : 0x0001 (1) defaultsource : DMBIN_FORMSOURCE (15) printquality : DMRES_HIGH (65532) color : DMRES_MONOCHROME (1) duplex : DMDUP_SIMPLEX (1) yresolution : 0x0000 (0) ttoption : DMTT_SUBDEV (3) collate : DMCOLLATE_FALSE (0) formname : 'Letter' logpixels : 0x0000 (0) bitsperpel : 0x00000000 (0) pelswidth : 0x00000000 (0) pelsheight : 0x00000000 (0) displayflags : UNKNOWN_ENUM_VALUE (0) displayfrequency : 0x00000000 (0) icmmethod : UNKNOWN_ENUM_VALUE (0) icmintent : UNKNOWN_ENUM_VALUE (0) mediatype : UNKNOWN_ENUM_VALUE (0) dithertype : UNKNOWN_ENUM_VALUE (0) reserved1 : 0x00000000 (0) reserved2 : 0x00000000 (0) panningwidth : 0x00000000 (0) panningheight : 0x00000000 (0) driverextra_data : DATA_BLOB length=0 sepfile : * sepfile : '' printprocessor : * printprocessor : 'winprint' datatype : * datatype : 'RAW' parameters : * parameters : '' secdesc : * secdesc: struct security_descriptor revision : SECURITY_DESCRIPTOR_REVISION_1 (1) type : 0x8004 (32772) 0: SEC_DESC_OWNER_DEFAULTED 0: SEC_DESC_GROUP_DEFAULTED 1: SEC_DESC_DACL_PRESENT 0: SEC_DESC_DACL_DEFAULTED 0: SEC_DESC_SACL_PRESENT 0: SEC_DESC_SACL_DEFAULTED 0: SEC_DESC_DACL_TRUSTED 0: SEC_DESC_SERVER_SECURITY 0: SEC_DESC_DACL_AUTO_INHERIT_REQ 0: SEC_DESC_SACL_AUTO_INHERIT_REQ 0: SEC_DESC_DACL_AUTO_INHERITED 0: SEC_DESC_SACL_AUTO_INHERITED 0: SEC_DESC_DACL_PROTECTED 0: SEC_DESC_SACL_PROTECTED 0: SEC_DESC_RM_CONTROL_VALID 1: SEC_DESC_SELF_RELATIVE owner_sid : * owner_sid : S-1-5-32-544 group_sid : * group_sid : S-1-5-32-544 sacl : NULL dacl : * dacl: struct security_acl revision : SECURITY_ACL_REVISION_NT4 (2) size : 0x00c4 (196) num_aces : 0x00000007 (7) aces: ARRAY(7) aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0014 (20) access_mask : 0x20020008 (537001992) object : union security_ace_object_ctr(case 0) trustee : S-1-1-0 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x09 (9) 1: SEC_ACE_FLAG_OBJECT_INHERIT 0: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 1: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0024 (36) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-21-1094127309-486540266-3527182606-512 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0024 (36) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-21-1094127309-486540266-3527182606-512 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x09 (9) 1: SEC_ACE_FLAG_OBJECT_INHERIT 0: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 1: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-544 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-544 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x09 (9) 1: SEC_ACE_FLAG_OBJECT_INHERIT 0: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 1: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-550 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-550 attributes : 0x00001048 (4168) 0: PRINTER_ATTRIBUTE_QUEUED 0: PRINTER_ATTRIBUTE_DIRECT 0: PRINTER_ATTRIBUTE_DEFAULT 1: PRINTER_ATTRIBUTE_SHARED 0: PRINTER_ATTRIBUTE_NETWORK 0: PRINTER_ATTRIBUTE_HIDDEN 1: PRINTER_ATTRIBUTE_LOCAL 0: PRINTER_ATTRIBUTE_ENABLE_DEVQ 0: PRINTER_ATTRIBUTE_KEEPPRINTEDJOBS 0: PRINTER_ATTRIBUTE_DO_COMPLETE_FIRST 0: PRINTER_ATTRIBUTE_WORK_OFFLINE 0: PRINTER_ATTRIBUTE_ENABLE_BIDI 1: PRINTER_ATTRIBUTE_RAW_ONLY 0: PRINTER_ATTRIBUTE_PUBLISHED 0: PRINTER_ATTRIBUTE_FAX 0: PRINTER_ATTRIBUTE_TS priority : 0x00000001 (1) defaultpriority : 0x00000001 (1) starttime : 0x00000000 (0) untiltime : 0x00000000 (0) status : 0x00000000 (0) 0: PRINTER_STATUS_PAUSED 0: PRINTER_STATUS_ERROR 0: PRINTER_STATUS_PENDING_DELETION 0: PRINTER_STATUS_PAPER_JAM 0: PRINTER_STATUS_PAPER_OUT 0: PRINTER_STATUS_MANUAL_FEED 0: PRINTER_STATUS_PAPER_PROBLEM 0: PRINTER_STATUS_OFFLINE 0: PRINTER_STATUS_IO_ACTIVE 0: PRINTER_STATUS_BUSY 0: PRINTER_STATUS_PRINTING 0: PRINTER_STATUS_OUTPUT_BIN_FULL 0: PRINTER_STATUS_NOT_AVAILABLE 0: PRINTER_STATUS_WAITING 0: PRINTER_STATUS_PROCESSING 0: PRINTER_STATUS_INITIALIZING 0: PRINTER_STATUS_WARMING_UP 0: PRINTER_STATUS_TONER_LOW 0: PRINTER_STATUS_NO_TONER 0: PRINTER_STATUS_PAGE_PUNT 0: PRINTER_STATUS_USER_INTERVENTION 0: PRINTER_STATUS_OUT_OF_MEMORY 0: PRINTER_STATUS_DOOR_OPEN 0: PRINTER_STATUS_SERVER_UNKNOWN 0: PRINTER_STATUS_POWER_SAVE cjobs : 0x00000000 (0) averageppm : 0x00000000 (0) needed : * needed : 0x000002f0 (752) result : WERR_OK [2013/11/07 14:24:57.206307, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1417(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2013/11/07 14:24:57.206431, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (2016, 5001) - sec_ctx_stack_ndx = 0 [2013/11/07 14:24:57.206519, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 4140 smbd_smb2_request_pending_queue: req->current_idx = 1 req->in.vector[0].iov_len = 0 req->in.vector[1].iov_len = 0 req->in.vector[2].iov_len = 64 req->in.vector[3].iov_len = 56 req->in.vector[4].iov_len = 4156 req->out.vector[0].iov_len = 4 req->out.vector[1].iov_len = 0 req->out.vector[2].iov_len = 64 req->out.vector[3].iov_len = 8 req->out.vector[4].iov_len = 0 [2013/11/07 14:24:57.207021, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:128(smbd_smb2_ioctl_pipe_write_done) smbd_smb2_ioctl_pipe_write_done: received 4156 [2013/11/07 14:24:57.207106, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:149(smbd_smb2_ioctl_pipe_write_done) smbd_smb2_ioctl_pipe_write_done: issuing np_read_send of size 4136 [2013/11/07 14:24:57.207206, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) name: \spoolss len: 4136 [2013/11/07 14:24:57.207290, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:347(read_from_internal_pipe) read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 4112. [2013/11/07 14:24:57.207387, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x1028 (4136) auth_length : 0x0000 (0) call_id : 0x00000004 (4) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00001010 (4112) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=4112 [0000] 04 00 02 00 00 10 00 00 EE 0F 00 00 C8 0F 00 00 ........ ........ [0010] B4 0F 00 00 8E 0F 00 00 8C 0F 00 00 8A 0F 00 00 ........ ........ [0020] 88 0F 00 00 8C 0E 00 00 86 0F 00 00 74 0F 00 00 ........ ....t... [0030] 6C 0F 00 00 6A 0F 00 00 94 0D 00 00 48 10 00 00 l...j... ....H... [0040] 01 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 01 00 04 80 ........ ........ [0DA0] D8 00 00 00 E8 00 00 00 00 00 00 00 14 00 00 00 ........ ........ [0DB0] 02 00 C4 00 07 00 00 00 00 02 14 00 08 00 02 20 ........ ....... [0DC0] 01 01 00 00 00 00 00 01 00 00 00 00 00 09 24 00 ........ ......$. [0DD0] 0C 00 0F 10 01 05 00 00 00 00 00 05 15 00 00 00 ........ ........ [0DE0] CD 0E 37 41 EA 03 00 1D 0E 89 3C D2 00 02 00 00 ..7A.... ..<..... [0DF0] 00 02 24 00 0C 00 0F 10 01 05 00 00 00 00 00 05 ..$..... ........ [0E00] 15 00 00 00 CD 0E 37 41 EA 03 00 1D 0E 89 3C D2 ......7A ......<. [0E10] 00 02 00 00 00 09 18 00 0C 00 0F 10 01 02 00 00 ........ ........ [0E20] 00 00 00 05 20 00 00 00 20 02 00 00 00 02 18 00 .... ... ....... [0E30] 0C 00 0F 10 01 02 00 00 00 00 00 05 20 00 00 00 ........ .... ... [0E40] 20 02 00 00 00 09 18 00 0C 00 0F 10 01 02 00 00 ....... ........ [0E50] 00 00 00 05 20 00 00 00 26 02 00 00 00 02 18 00 .... ... &....... [0E60] 0C 00 0F 10 01 02 00 00 00 00 00 05 20 00 00 00 ........ .... ... [0E70] 26 02 00 00 01 02 00 00 00 00 00 05 20 00 00 00 &....... .... ... [0E80] 20 02 00 00 01 02 00 00 00 00 00 05 20 00 00 00 ....... .... ... [0E90] 20 02 00 00 5C 00 5C 00 53 00 4C 00 41 00 56 00 ...\.\. S.L.A.V. [0EA0] 45 00 52 00 5C 00 73 00 70 00 72 00 69 00 6E 00 E.R.\.s. p.r.i.n. [0EB0] 74 00 65 00 72 00 31 00 00 00 00 00 00 00 00 00 t.e.r.1. ........ [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0ED0] 00 00 00 00 01 04 00 04 DC 00 00 00 13 47 01 00 ........ .....G.. [0EE0] 01 00 01 00 00 00 00 00 64 00 01 00 0F 00 FC FF ........ d....... [0EF0] 01 00 01 00 00 00 03 00 00 00 4C 00 65 00 74 00 ........ ..L.e.t. [0F00] 74 00 65 00 72 00 00 00 00 00 00 00 00 00 00 00 t.e.r... ........ [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F70] 00 00 00 00 52 00 41 00 57 00 00 00 77 00 69 00 ....R.A. W...w.i. [0F80] 6E 00 70 00 72 00 69 00 6E 00 74 00 00 00 00 00 n.p.r.i. n.t..... [0F90] 00 00 00 00 00 00 53 00 61 00 6D 00 62 00 61 00 ......S. a.m.b.a. [0FA0] 20 00 50 00 72 00 69 00 6E 00 74 00 65 00 72 00 .P.r.i. n.t.e.r. [0FB0] 20 00 50 00 6F 00 72 00 74 00 00 00 73 00 70 00 .P.o.r. t...s.p. [0FC0] 72 00 69 00 6E 00 74 00 65 00 72 00 31 00 00 00 r.i.n.t. e.r.1... [0FD0] 5C 00 5C 00 53 00 4C 00 41 00 56 00 45 00 52 00 \.\.S.L. A.V.E.R. [0FE0] 5C 00 73 00 70 00 72 00 69 00 6E 00 74 00 65 00 \.s.p.r. i.n.t.e. [0FF0] 72 00 31 00 00 00 5C 00 5C 00 53 00 4C 00 41 00 r.1...\. \.S.L.A. [1000] 56 00 45 00 52 00 00 00 F0 02 00 00 00 00 00 00 V.E.R... ........ [2013/11/07 14:24:57.226225, 3, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) free_pipe_context: destroying talloc pool of size 1258 [2013/11/07 14:24:57.226351, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 4136 bytes. There is no more data outstanding [2013/11/07 14:24:57.226434, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:178(smbd_smb2_ioctl_pipe_read_done) smbd_smb2_ioctl_pipe_read_done: np_read_recv nread = 4136 is_data_outstanding = 0, status = NT_STATUS_OK [2013/11/07 14:24:57.226525, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl.c:291(smbd_smb2_request_ioctl_done) smbd_smb2_request_ioctl_done: smbd_smb2_ioctl_recv returned 4136 status NT_STATUS_OK [2013/11/07 14:24:57.226609, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[48] dyn[yes:4136] at ../source3/smbd/smb2_ioctl.c:358 [2013/11/07 14:24:57.226696, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/198/127 [2013/11/07 14:24:57.226976, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) smbd_smb2_request_incoming: idx[1] of 5 vectors [2013/11/07 14:24:57.227067, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) smb2_validate_sequence_number: clearing id 198 (position 198) from bitmap [2013/11/07 14:24:57.227152, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) smbd_smb2_request_dispatch: opcode[SMB2_OP_READ] mid = 198 [2013/11/07 14:24:57.227257, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2013/11/07 14:24:57.227350, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) mid 198, CreditCharge: 1, NeededCharge: 1 [2013/11/07 14:24:57.227434, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_read.c:400(smbd_smb2_read_send) smbd_smb2_read: spoolss - fnum 877850588 [2013/11/07 14:24:57.227540, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) name: \spoolss len: 1024 [2013/11/07 14:24:57.227627, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:326(read_from_internal_pipe) read_from_pipe: \spoolss: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. [2013/11/07 14:24:57.227713, 3, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) free_pipe_context: destroying talloc pool of size 25 smbd_smb2_request_pending_queue: req->current_idx = 1 req->in.vector[0].iov_len = 0 req->in.vector[1].iov_len = 0 req->in.vector[2].iov_len = 64 req->in.vector[3].iov_len = 48 req->in.vector[4].iov_len = 1 req->out.vector[0].iov_len = 4 req->out.vector[1].iov_len = 0 req->out.vector[2].iov_len = 64 req->out.vector[3].iov_len = 8 req->out.vector[4].iov_len = 0 [2013/11/07 14:24:57.228253, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 68 bytes. There is no more data outstanding [2013/11/07 14:24:57.228337, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[16] dyn[yes:68] at ../source3/smbd/smb2_read.c:154 [2013/11/07 14:24:57.228456, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/199/127 [2013/11/07 14:24:57.232345, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) smbd_smb2_request_incoming: idx[1] of 5 vectors [2013/11/07 14:24:57.232517, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) smb2_validate_sequence_number: clearing id 199 (position 199) from bitmap [2013/11/07 14:24:57.232610, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) smbd_smb2_request_dispatch: opcode[SMB2_OP_IOCTL] mid = 199 [2013/11/07 14:24:57.232715, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2013/11/07 14:24:57.232805, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) mid 199, CreditCharge: 1, NeededCharge: 1 [2013/11/07 14:24:57.232895, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl.c:394(smbd_smb2_ioctl_send) smbd_smb2_ioctl: ctl_code[0x0011c017] spoolss, fnum 877850588 [2013/11/07 14:24:57.232983, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:59(smb2_ioctl_named_pipe) smbd_smb2_ioctl_send: np_write_send of size 192 [2013/11/07 14:24:57.233073, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 192 [2013/11/07 14:24:57.233155, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 192 [2013/11/07 14:24:57.233235, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 192 [2013/11/07 14:24:57.233332, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) fill_rpc_header: data_to_copy = 192, len_needed_to_complete_hdr = 16, receive_len = 0 [2013/11/07 14:24:57.233415, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 16 [2013/11/07 14:24:57.233515, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 176 [2013/11/07 14:24:57.233595, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 176 [2013/11/07 14:24:57.233678, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 0 [2013/11/07 14:24:57.233757, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 176 [2013/11/07 14:24:57.233836, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 176, incoming data = 176 [2013/11/07 14:24:57.233920, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) PDU is in Little Endian format! [2013/11/07 14:24:57.234011, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x00c0 (192) auth_length : 0x0000 (0) call_id : 0x00000002 (2) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x000000a8 (168) context_id : 0x0000 (0) opnum : 0x0045 (69) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=168 [0000] 00 00 02 00 13 00 00 00 00 00 00 00 13 00 00 00 ........ ........ [0010] 5C 00 5C 00 53 00 4C 00 41 00 56 00 45 00 52 00 \.\.S.L. A.V.E.R. [0020] 5C 00 73 00 70 00 72 00 69 00 6E 00 74 00 65 00 \.s.p.r. i.n.t.e. [0030] 72 00 31 00 00 00 00 00 00 00 00 00 00 00 00 00 r.1..... ........ [0040] 00 00 00 00 00 00 00 00 01 00 00 00 01 00 00 00 ........ ........ [0050] 04 00 02 00 28 00 00 00 08 00 02 00 0C 00 02 00 ....(... ........ [0060] 80 25 00 00 03 00 00 00 00 00 00 00 09 00 00 00 .%...... ........ [0070] 05 00 00 00 00 00 00 00 05 00 00 00 57 00 49 00 ........ ....W.I. [0080] 4E 00 38 00 00 00 00 00 0A 00 00 00 00 00 00 00 N.8..... ........ [0090] 0A 00 00 00 46 00 46 00 46 00 5C 00 74 00 65 00 ....F.F. F.\.t.e. [00A0] 73 00 74 00 38 00 00 00 s.t.8... [2013/11/07 14:24:57.235650, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) Processing packet type 0 [2013/11/07 14:24:57.235733, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1472(dcesrv_auth_request) Checking request auth. [2013/11/07 14:24:57.235819, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(2016, 5001) : sec_ctx_stack_ndx = 1 [2013/11/07 14:24:57.235911, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (2016, 5001) - sec_ctx_stack_ndx = 1 [2013/11/07 14:24:57.236010, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (7): SID[ 0]: S-1-5-21-1094127309-486540266-3527182606-1118 SID[ 1]: S-1-5-21-1094127309-486540266-3527182606-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-32-545 SID[ 6]: S-1-5-32-554 Privileges (0x 800000): Privilege[ 0]: SeChangeNotifyPrivilege Rights (0x 400): Right[ 0]: SeRemoteInteractiveLogonRight [2013/11/07 14:24:57.236523, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 2016 Primary group is 5001 and contains 6 supplementary groups Group[ 0]: 5001 Group[ 1]: 5012 Group[ 2]: 5032 Group[ 3]: 5010 Group[ 4]: 5067 Group[ 5]: 5052 [2013/11/07 14:24:57.236867, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1324(api_pipe_request) Requested \spoolss rpc service [2013/11/07 14:24:57.236953, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1356(api_rpcTNP) api_rpcTNP: \spoolss op 0x45 - api_rpcTNP: rpc command: SPOOLSS_OPENPRINTEREX [2013/11/07 14:24:57.237040, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1390(api_rpcTNP) api_rpc_cmds[69].fn == 0xb7662e70 [2013/11/07 14:24:57.237136, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) spoolss_OpenPrinterEx: struct spoolss_OpenPrinterEx in: struct spoolss_OpenPrinterEx printername : * printername : '\\SLAVER\sprinter1' datatype : NULL devmode_ctr: struct spoolss_DevmodeContainer _ndr_size : 0x00000000 (0) devmode : NULL access_mask : 0x00000000 (0) 0: SERVER_ACCESS_ADMINISTER 0: SERVER_ACCESS_ENUMERATE 0: PRINTER_ACCESS_ADMINISTER 0: PRINTER_ACCESS_USE 0: JOB_ACCESS_ADMINISTER 0: JOB_ACCESS_READ userlevel_ctr: struct spoolss_UserLevelCtr level : 0x00000001 (1) user_info : union spoolss_UserLevel(case 1) level1 : * level1: struct spoolss_UserLevel1 size : 0x00000028 (40) client : * client : 'WIN8' user : * user : 'FFF\test8' build : 0x00002580 (9600) major : UNKNOWN_ENUM_VALUE (3) minor : SPOOLSS_MINOR_VERSION_0 (0) processor : PROCESSOR_ARCHITECTURE_AMD64 (9) checking name: \\SLAVER\sprinter1 [2013/11/07 14:24:57.238373, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:737(open_printer_hnd) open_printer_hnd: name [\\SLAVER\sprinter1] [2013/11/07 14:24:57.238464, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[3] [0000] 00 00 00 00 69 01 00 00 00 00 00 00 7B 52 A9 94 ....i... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.238616, 3, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:506(set_printer_hnd_printertype) Setting printer type=\\SLAVER\sprinter1 Printer is a printer [2013/11/07 14:24:57.238749, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:566(set_printer_hnd_name) Setting printer name=\\SLAVER\sprinter1 (len=18) searching for [sprinter1] [2013/11/07 14:24:57.238909, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=tdb] ../source3/lib/gencache.c:275(gencache_set_data_blob) Did not store value for PRINTERNAME/sprinter1, we already got it set_printer_hnd_name: Printer found: sprinter1 -> sprinter1 [2013/11/07 14:24:57.239026, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:773(open_printer_hnd) 3 printer handles active [2013/11/07 14:24:57.239108, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 69 01 00 00 00 00 00 00 7B 52 A9 94 ....i... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.239260, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 69 01 00 00 00 00 00 00 7B 52 A9 94 ....i... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.239409, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:489(get_printer_snum) short name:sprinter1 [2013/11/07 14:24:57.239511, 3, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/access.c:338(allow_access) Allowed connection from 10.200.7.61 (10.200.7.61) [2013/11/07 14:24:57.239729, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/share_access.c:237(user_ok_token) user_ok_token: share sprinter1 is ok for unix user test8 [2013/11/07 14:24:57.239887, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) Create pipe requested \winreg [2013/11/07 14:24:57.239979, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:221(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \winreg [2013/11/07 14:24:57.240061, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg [2013/11/07 14:24:57.240195, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) Created internal pipe \winreg [2013/11/07 14:24:57.240304, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:24:57.240924, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2013/11/07 14:24:57.241010, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(2016, 5001) : sec_ctx_stack_ndx = 2 [2013/11/07 14:24:57.241098, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:485(push_conn_ctx) push_conn_ctx(2620291195) : conn_ctx_stack_ndx = 0 [2013/11/07 14:24:57.241197, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/11/07 14:24:57.241300, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/11/07 14:24:57.241382, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/11/07 14:24:57.241623, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (2016, 5001) - sec_ctx_stack_ndx = 1 [2013/11/07 14:24:57.241708, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:866(regdb_open) regdb_open: registry db opened. refcount reset (1) [2013/11/07 14:24:57.241794, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2013/11/07 14:24:57.241875, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2013/11/07 14:24:57.241958, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:57.242037, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM] [2013/11/07 14:24:57.242164, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2013/11/07 14:24:57.242267, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:24:57.242354, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 6A 01 00 00 00 00 00 00 7B 52 A9 94 ....j... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.242507, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000016a-0000-0000-7b52-a9947f2c0000 result : WERR_OK [2013/11/07 14:24:57.242863, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000016a-0000-0000-7b52-a9947f2c0000 keyname: struct winreg_String name_len : 0x008c (140) name_size : 0x008c (140) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:24:57.243876, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 6A 01 00 00 00 00 00 00 7B 52 A9 94 ....j... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.244028, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2013/11/07 14:24:57.244109, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (1->2) [2013/11/07 14:24:57.244193, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2013/11/07 14:24:57.244272, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2013/11/07 14:24:57.244355, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:57.244478, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE] [2013/11/07 14:24:57.244593, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2013/11/07 14:24:57.244694, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2013/11/07 14:24:57.244775, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (2->3) [2013/11/07 14:24:57.244859, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:57.244938, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:57.245022, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:57.245101, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:57.245208, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:57.245324, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2013/11/07 14:24:57.245409, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (3->4) [2013/11/07 14:24:57.245493, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:57.245587, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:57.245671, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:57.245750, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:57.245852, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:57.245955, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2013/11/07 14:24:57.246037, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (4->5) [2013/11/07 14:24:57.246122, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:57.246201, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:57.246286, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:57.246365, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:57.246489, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2013/11/07 14:24:57.246571, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (5->6) [2013/11/07 14:24:57.246655, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:57.246736, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:57.246824, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:57.246903, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:57.247010, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2013/11/07 14:24:57.247092, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (6->7) [2013/11/07 14:24:57.247179, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:57.247273, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:57.247362, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:57.247441, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:57.247544, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:57.247646, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [sprinter1] [2013/11/07 14:24:57.247728, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (7->8) [2013/11/07 14:24:57.247813, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:57.247894, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:57.247983, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:57.248063, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:57.248189, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:57.248294, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:24:57.248379, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (8->7) [2013/11/07 14:24:57.248513, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (7->6) [2013/11/07 14:24:57.248597, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (6->5) [2013/11/07 14:24:57.248679, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (5->4) [2013/11/07 14:24:57.248762, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (4->3) [2013/11/07 14:24:57.248844, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (3->2) [2013/11/07 14:24:57.248929, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 6B 01 00 00 00 00 00 00 7B 52 A9 94 ....k... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.249095, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000016b-0000-0000-7b52-a9947f2c0000 result : WERR_OK [2013/11/07 14:24:57.249491, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000016b-0000-0000-7b52-a9947f2c0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2013/11/07 14:24:57.250263, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 6B 01 00 00 00 00 00 00 7B 52 A9 94 ....k... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.250416, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:57.250498, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2013/11/07 14:24:57.250581, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' (ops 0xb6d86bc0) [2013/11/07 14:24:57.250665, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:57.250787, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[0]: name[Attributes] len[4] [2013/11/07 14:24:57.250872, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[1]: name[Description] len[2] [2013/11/07 14:24:57.250955, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[2]: name[Datatype] len[8] [2013/11/07 14:24:57.251039, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[3]: name[Default Priority] len[4] [2013/11/07 14:24:57.251139, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[4]: name[Port] len[38] [2013/11/07 14:24:57.251224, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[5]: name[Name] len[20] [2013/11/07 14:24:57.251309, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[6]: name[Print Processor] len[18] [2013/11/07 14:24:57.251394, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[7]: name[Priority] len[4] [2013/11/07 14:24:57.251479, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[8]: name[Security] len[248] [2013/11/07 14:24:57.251565, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[9]: name[Share Name] len[20] [2013/11/07 14:24:57.251650, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[10]: name[StartTime] len[4] [2013/11/07 14:24:57.251736, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[11]: name[UntilTime] len[4] [2013/11/07 14:24:57.251822, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[12]: name[ChangeID] len[4] [2013/11/07 14:24:57.251910, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : NULL data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x00000000 (0) result : WERR_OK [2013/11/07 14:24:57.252365, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000016b-0000-0000-7b52-a9947f2c0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_BINARY (3) data : * data: ARRAY(0) data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x00000000 (0) [2013/11/07 14:24:57.253208, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 6B 01 00 00 00 00 00 00 7B 52 A9 94 ....k... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.253385, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:57.253468, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2013/11/07 14:24:57.253556, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : * data: ARRAY(248) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0xc4 (196) [55] : 0x00 (0) [56] : 0x07 (7) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x24 (36) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x05 (5) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x15 (21) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0xcd (205) [101] : 0x0e (14) [102] : 0x37 (55) [103] : 0x41 (65) [104] : 0xea (234) [105] : 0x03 (3) [106] : 0x00 (0) [107] : 0x1d (29) [108] : 0x0e (14) [109] : 0x89 (137) [110] : 0x3c (60) [111] : 0xd2 (210) [112] : 0x00 (0) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x02 (2) [118] : 0x24 (36) [119] : 0x00 (0) [120] : 0x0c (12) [121] : 0x00 (0) [122] : 0x0f (15) [123] : 0x10 (16) [124] : 0x01 (1) [125] : 0x05 (5) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x05 (5) [132] : 0x15 (21) [133] : 0x00 (0) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0xcd (205) [137] : 0x0e (14) [138] : 0x37 (55) [139] : 0x41 (65) [140] : 0xea (234) [141] : 0x03 (3) [142] : 0x00 (0) [143] : 0x1d (29) [144] : 0x0e (14) [145] : 0x89 (137) [146] : 0x3c (60) [147] : 0xd2 (210) [148] : 0x00 (0) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x09 (9) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x20 (32) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x02 (2) [178] : 0x18 (24) [179] : 0x00 (0) [180] : 0x0c (12) [181] : 0x00 (0) [182] : 0x0f (15) [183] : 0x10 (16) [184] : 0x01 (1) [185] : 0x02 (2) [186] : 0x00 (0) [187] : 0x00 (0) [188] : 0x00 (0) [189] : 0x00 (0) [190] : 0x00 (0) [191] : 0x05 (5) [192] : 0x20 (32) [193] : 0x00 (0) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x20 (32) [197] : 0x02 (2) [198] : 0x00 (0) [199] : 0x00 (0) [200] : 0x00 (0) [201] : 0x09 (9) [202] : 0x18 (24) [203] : 0x00 (0) [204] : 0x0c (12) [205] : 0x00 (0) [206] : 0x0f (15) [207] : 0x10 (16) [208] : 0x01 (1) [209] : 0x02 (2) [210] : 0x00 (0) [211] : 0x00 (0) [212] : 0x00 (0) [213] : 0x00 (0) [214] : 0x00 (0) [215] : 0x05 (5) [216] : 0x20 (32) [217] : 0x00 (0) [218] : 0x00 (0) [219] : 0x00 (0) [220] : 0x26 (38) [221] : 0x02 (2) [222] : 0x00 (0) [223] : 0x00 (0) [224] : 0x00 (0) [225] : 0x02 (2) [226] : 0x18 (24) [227] : 0x00 (0) [228] : 0x0c (12) [229] : 0x00 (0) [230] : 0x0f (15) [231] : 0x10 (16) [232] : 0x01 (1) [233] : 0x02 (2) [234] : 0x00 (0) [235] : 0x00 (0) [236] : 0x00 (0) [237] : 0x00 (0) [238] : 0x00 (0) [239] : 0x05 (5) [240] : 0x20 (32) [241] : 0x00 (0) [242] : 0x00 (0) [243] : 0x00 (0) [244] : 0x26 (38) [245] : 0x02 (2) [246] : 0x00 (0) [247] : 0x00 (0) data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x000000f8 (248) result : WERR_OK [2013/11/07 14:24:57.263897, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000016b-0000-0000-7b52-a9947f2c0000 [2013/11/07 14:24:57.264182, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 6B 01 00 00 00 00 00 00 7B 52 A9 94 ....k... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.264347, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 6B 01 00 00 00 00 00 00 7B 52 A9 94 ....k... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.264522, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:24:57.264610, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (2->1) [2013/11/07 14:24:57.264694, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:24:57.265034, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000016a-0000-0000-7b52-a9947f2c0000 [2013/11/07 14:24:57.265324, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 6A 01 00 00 00 00 00 00 7B 52 A9 94 ....j... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.265473, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 6A 01 00 00 00 00 00 00 7B 52 A9 94 ....j... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.265619, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:24:57.265702, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (1->0) [2013/11/07 14:24:57.265806, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:24:57.266138, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:416(close_policy_by_pipe) Deleted handle list for RPC connection \winreg [2013/11/07 14:24:57.266231, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x20020008 to 0x00020008 [2013/11/07 14:24:57.266312, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2013/11/07 14:24:57.266393, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2013/11/07 14:24:57.266473, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2013/11/07 14:24:57.266567, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2013/11/07 14:24:57.266647, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2013/11/07 14:24:57.266726, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2013/11/07 14:24:57.266810, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/printing/nt_printing.c:1844(print_access_check) access check was SUCCESS [2013/11/07 14:24:57.266894, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:1921(_spoolss_OpenPrinterEx) Setting printer access = PRINTER_ACCESS_USE [2013/11/07 14:24:57.267058, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) Create pipe requested \winreg [2013/11/07 14:24:57.267151, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:221(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \winreg [2013/11/07 14:24:57.267234, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg [2013/11/07 14:24:57.267375, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) Created internal pipe \winreg [2013/11/07 14:24:57.267477, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:24:57.267982, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2013/11/07 14:24:57.268067, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(2016, 5001) : sec_ctx_stack_ndx = 2 [2013/11/07 14:24:57.268156, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:485(push_conn_ctx) push_conn_ctx(2620291195) : conn_ctx_stack_ndx = 0 [2013/11/07 14:24:57.268238, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/11/07 14:24:57.268319, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/11/07 14:24:57.268456, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/11/07 14:24:57.268701, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (2016, 5001) - sec_ctx_stack_ndx = 1 [2013/11/07 14:24:57.268785, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:866(regdb_open) regdb_open: registry db opened. refcount reset (1) [2013/11/07 14:24:57.268888, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2013/11/07 14:24:57.268968, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2013/11/07 14:24:57.269051, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:57.269130, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM] [2013/11/07 14:24:57.269254, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2013/11/07 14:24:57.269367, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:24:57.269454, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 6C 01 00 00 00 00 00 00 7B 52 A9 94 ....l... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.269610, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000016c-0000-0000-7b52-a9947f2c0000 result : WERR_OK [2013/11/07 14:24:57.269960, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000016c-0000-0000-7b52-a9947f2c0000 keyname: struct winreg_String name_len : 0x008c (140) name_size : 0x008c (140) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:24:57.270958, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 6C 01 00 00 00 00 00 00 7B 52 A9 94 ....l... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.271113, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2013/11/07 14:24:57.271209, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (1->2) [2013/11/07 14:24:57.271294, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2013/11/07 14:24:57.271373, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2013/11/07 14:24:57.271455, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:57.271534, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE] [2013/11/07 14:24:57.271643, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2013/11/07 14:24:57.271743, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2013/11/07 14:24:57.271826, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (2->3) [2013/11/07 14:24:57.271910, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:57.271990, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:57.272073, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:57.272152, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:57.272256, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:57.272355, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2013/11/07 14:24:57.272540, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (3->4) [2013/11/07 14:24:57.272628, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:57.272708, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:57.272792, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:57.272870, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:57.272974, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:57.273075, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2013/11/07 14:24:57.273172, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (4->5) [2013/11/07 14:24:57.273258, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:57.273367, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:57.273452, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:57.273531, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:57.273658, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2013/11/07 14:24:57.273741, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (5->6) [2013/11/07 14:24:57.273827, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:57.273908, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:57.273995, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:57.274074, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:57.274182, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2013/11/07 14:24:57.274264, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (6->7) [2013/11/07 14:24:57.274349, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:57.274430, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:57.274519, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:57.274598, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:57.274702, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:57.274804, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [sprinter1] [2013/11/07 14:24:57.274900, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (7->8) [2013/11/07 14:24:57.274986, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:57.275067, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:57.275154, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:57.275233, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:57.275360, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:57.275465, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:24:57.275550, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (8->7) [2013/11/07 14:24:57.275634, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (7->6) [2013/11/07 14:24:57.275717, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (6->5) [2013/11/07 14:24:57.275800, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (5->4) [2013/11/07 14:24:57.275882, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (4->3) [2013/11/07 14:24:57.275965, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (3->2) [2013/11/07 14:24:57.276049, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 6D 01 00 00 00 00 00 00 7B 52 A9 94 ....m... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.276200, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000016d-0000-0000-7b52-a9947f2c0000 result : WERR_OK [2013/11/07 14:24:57.276581, 2, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/rpc_client/cli_winreg_spoolss.c:626(winreg_create_printer) winreg_create_printer: Skipping, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1 already exists [2013/11/07 14:24:57.276693, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000016d-0000-0000-7b52-a9947f2c0000 [2013/11/07 14:24:57.276976, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 6D 01 00 00 00 00 00 00 7B 52 A9 94 ....m... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.277129, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 6D 01 00 00 00 00 00 00 7B 52 A9 94 ....m... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.277292, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:24:57.277375, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (2->1) [2013/11/07 14:24:57.277457, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:24:57.277795, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000016c-0000-0000-7b52-a9947f2c0000 [2013/11/07 14:24:57.278075, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 6C 01 00 00 00 00 00 00 7B 52 A9 94 ....l... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.278227, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 6C 01 00 00 00 00 00 00 7B 52 A9 94 ....l... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.278378, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:24:57.278460, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (1->0) [2013/11/07 14:24:57.278556, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:24:57.278887, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:416(close_policy_by_pipe) Deleted handle list for RPC connection \winreg [2013/11/07 14:24:57.279002, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) spoolss_OpenPrinterEx: struct spoolss_OpenPrinterEx out: struct spoolss_OpenPrinterEx handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000169-0000-0000-7b52-a9947f2c0000 result : WERR_OK [2013/11/07 14:24:57.279332, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1417(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2013/11/07 14:24:57.279432, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (2016, 5001) - sec_ctx_stack_ndx = 0 [2013/11/07 14:24:57.279519, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 176 smbd_smb2_request_pending_queue: req->current_idx = 1 req->in.vector[0].iov_len = 0 req->in.vector[1].iov_len = 0 req->in.vector[2].iov_len = 64 req->in.vector[3].iov_len = 56 req->in.vector[4].iov_len = 192 req->out.vector[0].iov_len = 4 req->out.vector[1].iov_len = 0 req->out.vector[2].iov_len = 64 req->out.vector[3].iov_len = 8 req->out.vector[4].iov_len = 0 [2013/11/07 14:24:57.280017, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:128(smbd_smb2_ioctl_pipe_write_done) smbd_smb2_ioctl_pipe_write_done: received 192 [2013/11/07 14:24:57.280101, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:149(smbd_smb2_ioctl_pipe_write_done) smbd_smb2_ioctl_pipe_write_done: issuing np_read_send of size 1024 [2013/11/07 14:24:57.280186, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) name: \spoolss len: 1024 [2013/11/07 14:24:57.280270, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:347(read_from_internal_pipe) read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 24. [2013/11/07 14:24:57.280366, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0030 (48) auth_length : 0x0000 (0) call_id : 0x00000002 (2) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00000018 (24) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=24 [0000] 00 00 00 00 69 01 00 00 00 00 00 00 7B 52 A9 94 ....i... ....{R.. [0010] 7F 2C 00 00 00 00 00 00 .,...... [2013/11/07 14:24:57.281356, 3, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) free_pipe_context: destroying talloc pool of size 61 [2013/11/07 14:24:57.281449, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 48 bytes. There is no more data outstanding [2013/11/07 14:24:57.281545, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:178(smbd_smb2_ioctl_pipe_read_done) smbd_smb2_ioctl_pipe_read_done: np_read_recv nread = 48 is_data_outstanding = 0, status = NT_STATUS_OK [2013/11/07 14:24:57.281632, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl.c:291(smbd_smb2_request_ioctl_done) smbd_smb2_request_ioctl_done: smbd_smb2_ioctl_recv returned 48 status NT_STATUS_OK [2013/11/07 14:24:57.281716, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[48] dyn[yes:48] at ../source3/smbd/smb2_ioctl.c:358 [2013/11/07 14:24:57.281802, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/200/127 [2013/11/07 14:24:57.282037, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) smbd_smb2_request_incoming: idx[1] of 5 vectors [2013/11/07 14:24:57.282127, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) smb2_validate_sequence_number: clearing id 200 (position 200) from bitmap [2013/11/07 14:24:57.282212, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) smbd_smb2_request_dispatch: opcode[SMB2_OP_IOCTL] mid = 200 [2013/11/07 14:24:57.282315, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2013/11/07 14:24:57.282408, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) mid 200, CreditCharge: 1, NeededCharge: 1 [2013/11/07 14:24:57.282491, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl.c:394(smbd_smb2_ioctl_send) smbd_smb2_ioctl: ctl_code[0x0011c017] spoolss, fnum 2524443903 [2013/11/07 14:24:57.282580, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:59(smb2_ioctl_named_pipe) smbd_smb2_ioctl_send: np_write_send of size 44 [2013/11/07 14:24:57.282661, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 44 [2013/11/07 14:24:57.282743, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 44 [2013/11/07 14:24:57.282824, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 44 [2013/11/07 14:24:57.282905, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 [2013/11/07 14:24:57.282988, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 16 [2013/11/07 14:24:57.283067, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 28 [2013/11/07 14:24:57.283147, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 28 [2013/11/07 14:24:57.283230, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 0 [2013/11/07 14:24:57.283325, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 28 [2013/11/07 14:24:57.283404, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 28, incoming data = 28 [2013/11/07 14:24:57.283488, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) PDU is in Little Endian format! [2013/11/07 14:24:57.283576, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x002c (44) auth_length : 0x0000 (0) call_id : 0x00000005 (5) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x00000014 (20) context_id : 0x0000 (0) opnum : 0x001d (29) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=20 [0000] 00 00 00 00 5C 01 00 00 00 00 00 00 7B 52 A8 94 ....\... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.284621, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) Processing packet type 0 [2013/11/07 14:24:57.284704, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1472(dcesrv_auth_request) Checking request auth. [2013/11/07 14:24:57.284788, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(2016, 5001) : sec_ctx_stack_ndx = 1 [2013/11/07 14:24:57.284877, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (2016, 5001) - sec_ctx_stack_ndx = 1 [2013/11/07 14:24:57.284960, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (7): SID[ 0]: S-1-5-21-1094127309-486540266-3527182606-1118 SID[ 1]: S-1-5-21-1094127309-486540266-3527182606-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-32-545 SID[ 6]: S-1-5-32-554 Privileges (0x 800000): Privilege[ 0]: SeChangeNotifyPrivilege Rights (0x 400): Right[ 0]: SeRemoteInteractiveLogonRight [2013/11/07 14:24:57.285472, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 2016 Primary group is 5001 and contains 6 supplementary groups Group[ 0]: 5001 Group[ 1]: 5012 Group[ 2]: 5032 Group[ 3]: 5010 Group[ 4]: 5067 Group[ 5]: 5052 [2013/11/07 14:24:57.285811, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1324(api_pipe_request) Requested \spoolss rpc service [2013/11/07 14:24:57.285896, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1356(api_rpcTNP) api_rpcTNP: \spoolss op 0x1d - api_rpcTNP: rpc command: SPOOLSS_CLOSEPRINTER [2013/11/07 14:24:57.285995, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1390(api_rpcTNP) api_rpc_cmds[29].fn == 0xb766a170 [2013/11/07 14:24:57.286081, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) spoolss_ClosePrinter: struct spoolss_ClosePrinter in: struct spoolss_ClosePrinter handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000015c-0000-0000-7b52-a8947f2c0000 [2013/11/07 14:24:57.286361, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[1] [0000] 00 00 00 00 5C 01 00 00 00 00 00 00 7B 52 A8 94 ....\... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.286513, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[1] [0000] 00 00 00 00 5C 01 00 00 00 00 00 00 7B 52 A8 94 ....\... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.286663, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[1] [0000] 00 00 00 00 5C 01 00 00 00 00 00 00 7B 52 A8 94 ....\... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.286812, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:24:57.286895, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) spoolss_ClosePrinter: struct spoolss_ClosePrinter out: struct spoolss_ClosePrinter handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:24:57.287216, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1417(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2013/11/07 14:24:57.287310, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (2016, 5001) - sec_ctx_stack_ndx = 0 [2013/11/07 14:24:57.287393, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 28 smbd_smb2_request_pending_queue: req->current_idx = 1 req->in.vector[0].iov_len = 0 req->in.vector[1].iov_len = 0 req->in.vector[2].iov_len = 64 req->in.vector[3].iov_len = 56 req->in.vector[4].iov_len = 44 req->out.vector[0].iov_len = 4 req->out.vector[1].iov_len = 0 req->out.vector[2].iov_len = 64 req->out.vector[3].iov_len = 8 req->out.vector[4].iov_len = 0 [2013/11/07 14:24:57.287875, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:128(smbd_smb2_ioctl_pipe_write_done) smbd_smb2_ioctl_pipe_write_done: received 44 [2013/11/07 14:24:57.287958, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:149(smbd_smb2_ioctl_pipe_write_done) smbd_smb2_ioctl_pipe_write_done: issuing np_read_send of size 4136 [2013/11/07 14:24:57.288041, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) name: \spoolss len: 4136 [2013/11/07 14:24:57.288125, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:347(read_from_internal_pipe) read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 24. [2013/11/07 14:24:57.288230, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0030 (48) auth_length : 0x0000 (0) call_id : 0x00000005 (5) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00000018 (24) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=24 [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0010] 00 00 00 00 00 00 00 00 ........ [2013/11/07 14:24:57.289217, 3, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) free_pipe_context: destroying talloc pool of size 25 [2013/11/07 14:24:57.289331, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 48 bytes. There is no more data outstanding [2013/11/07 14:24:57.289412, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:178(smbd_smb2_ioctl_pipe_read_done) smbd_smb2_ioctl_pipe_read_done: np_read_recv nread = 48 is_data_outstanding = 0, status = NT_STATUS_OK [2013/11/07 14:24:57.289497, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl.c:291(smbd_smb2_request_ioctl_done) smbd_smb2_request_ioctl_done: smbd_smb2_ioctl_recv returned 48 status NT_STATUS_OK [2013/11/07 14:24:57.289580, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[48] dyn[yes:48] at ../source3/smbd/smb2_ioctl.c:358 [2013/11/07 14:24:57.289666, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/201/127 [2013/11/07 14:24:57.292633, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) smbd_smb2_request_incoming: idx[1] of 5 vectors [2013/11/07 14:24:57.293308, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) smb2_validate_sequence_number: clearing id 201 (position 201) from bitmap [2013/11/07 14:24:57.293792, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) smbd_smb2_request_dispatch: opcode[SMB2_OP_IOCTL] mid = 201 [2013/11/07 14:24:57.294086, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2013/11/07 14:24:57.294311, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) mid 201, CreditCharge: 1, NeededCharge: 1 [2013/11/07 14:24:57.294575, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl.c:394(smbd_smb2_ioctl_send) smbd_smb2_ioctl: ctl_code[0x0011c017] spoolss, fnum 877850588 [2013/11/07 14:24:57.294862, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:59(smb2_ioctl_named_pipe) smbd_smb2_ioctl_send: np_write_send of size 4156 [2013/11/07 14:24:57.295116, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 4156 [2013/11/07 14:24:57.295370, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 4156 [2013/11/07 14:24:57.295616, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 4156 [2013/11/07 14:24:57.296119, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) fill_rpc_header: data_to_copy = 4156, len_needed_to_complete_hdr = 16, receive_len = 0 [2013/11/07 14:24:57.296330, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 16 [2013/11/07 14:24:57.296643, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 4140 [2013/11/07 14:24:57.296942, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 4140 [2013/11/07 14:24:57.297165, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 0 [2013/11/07 14:24:57.297415, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 4140 [2013/11/07 14:24:57.297615, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 4140, incoming data = 4140 [2013/11/07 14:24:57.297827, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) PDU is in Little Endian format! [2013/11/07 14:24:57.298055, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x103c (4156) auth_length : 0x0000 (0) call_id : 0x00000003 (3) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x00001024 (4132) context_id : 0x0000 (0) opnum : 0x0008 (8) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=4132 [0000] 00 00 00 00 69 01 00 00 00 00 00 00 7B 52 A9 94 ....i... ....{R.. [0010] 7F 2C 00 00 02 00 00 00 00 00 02 00 00 10 00 00 .,...... ........ [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1020] 00 10 00 00 .... [2013/11/07 14:24:57.323634, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) Processing packet type 0 [2013/11/07 14:24:57.323728, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1472(dcesrv_auth_request) Checking request auth. [2013/11/07 14:24:57.323827, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(2016, 5001) : sec_ctx_stack_ndx = 1 [2013/11/07 14:24:57.323935, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (2016, 5001) - sec_ctx_stack_ndx = 1 [2013/11/07 14:24:57.324020, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (7): SID[ 0]: S-1-5-21-1094127309-486540266-3527182606-1118 SID[ 1]: S-1-5-21-1094127309-486540266-3527182606-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-32-545 SID[ 6]: S-1-5-32-554 Privileges (0x 800000): Privilege[ 0]: SeChangeNotifyPrivilege Rights (0x 400): Right[ 0]: SeRemoteInteractiveLogonRight [2013/11/07 14:24:57.324538, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 2016 Primary group is 5001 and contains 6 supplementary groups Group[ 0]: 5001 Group[ 1]: 5012 Group[ 2]: 5032 Group[ 3]: 5010 Group[ 4]: 5067 Group[ 5]: 5052 [2013/11/07 14:24:57.324891, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1324(api_pipe_request) Requested \spoolss rpc service [2013/11/07 14:24:57.324979, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1356(api_rpcTNP) api_rpcTNP: \spoolss op 0x8 - api_rpcTNP: rpc command: SPOOLSS_GETPRINTER [2013/11/07 14:24:57.325065, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1390(api_rpcTNP) api_rpc_cmds[8].fn == 0xb766e000 [2013/11/07 14:24:57.325156, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) spoolss_GetPrinter: struct spoolss_GetPrinter in: struct spoolss_GetPrinter handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000169-0000-0000-7b52-a9947f2c0000 level : 0x00000002 (2) buffer : * buffer : DATA_BLOB length=4096 [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ offered : 0x00001000 (4096) [2013/11/07 14:24:57.343042, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 69 01 00 00 00 00 00 00 7B 52 A9 94 ....i... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.343207, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 69 01 00 00 00 00 00 00 7B 52 A9 94 ....i... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.343357, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:489(get_printer_snum) short name:sprinter1 [2013/11/07 14:24:57.343547, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) Create pipe requested \winreg [2013/11/07 14:24:57.343642, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:221(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \winreg [2013/11/07 14:24:57.343726, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg [2013/11/07 14:24:57.343871, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) Created internal pipe \winreg [2013/11/07 14:24:57.343991, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:24:57.344588, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2013/11/07 14:24:57.344675, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(2016, 5001) : sec_ctx_stack_ndx = 2 [2013/11/07 14:24:57.344765, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:485(push_conn_ctx) push_conn_ctx(2620291195) : conn_ctx_stack_ndx = 0 [2013/11/07 14:24:57.344847, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/11/07 14:24:57.344927, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/11/07 14:24:57.345007, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/11/07 14:24:57.345265, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (2016, 5001) - sec_ctx_stack_ndx = 1 [2013/11/07 14:24:57.345383, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:866(regdb_open) regdb_open: registry db opened. refcount reset (1) [2013/11/07 14:24:57.345470, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2013/11/07 14:24:57.345551, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2013/11/07 14:24:57.345636, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:57.345715, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM] [2013/11/07 14:24:57.345850, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2013/11/07 14:24:57.345955, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:24:57.346043, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 6E 01 00 00 00 00 00 00 7B 52 A9 94 ....n... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.346197, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000016e-0000-0000-7b52-a9947f2c0000 result : WERR_OK [2013/11/07 14:24:57.346566, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000016e-0000-0000-7b52-a9947f2c0000 keyname: struct winreg_String name_len : 0x008c (140) name_size : 0x008c (140) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:24:57.347588, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 6E 01 00 00 00 00 00 00 7B 52 A9 94 ....n... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.347744, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2013/11/07 14:24:57.347827, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (1->2) [2013/11/07 14:24:57.347911, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2013/11/07 14:24:57.347990, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2013/11/07 14:24:57.348074, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:57.348154, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE] [2013/11/07 14:24:57.348266, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2013/11/07 14:24:57.348368, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2013/11/07 14:24:57.348497, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (2->3) [2013/11/07 14:24:57.348581, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:57.348661, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:57.348745, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:57.348823, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:57.348947, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:57.349048, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2013/11/07 14:24:57.349133, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (3->4) [2013/11/07 14:24:57.349217, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:57.349340, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:57.349453, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:57.349533, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:57.349642, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:57.349745, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2013/11/07 14:24:57.349827, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (4->5) [2013/11/07 14:24:57.349912, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:57.349991, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:57.350077, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:57.350155, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:57.350423, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2013/11/07 14:24:57.350509, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (5->6) [2013/11/07 14:24:57.350635, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:57.350748, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:57.350838, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:57.350933, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:57.351047, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2013/11/07 14:24:57.351130, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (6->7) [2013/11/07 14:24:57.351215, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:57.351296, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:57.351384, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:57.351463, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:57.351567, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:57.351670, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [sprinter1] [2013/11/07 14:24:57.351752, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (7->8) [2013/11/07 14:24:57.351837, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:57.351918, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:57.352033, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:57.352112, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:57.352243, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:57.352452, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:24:57.352549, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (8->7) [2013/11/07 14:24:57.352635, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (7->6) [2013/11/07 14:24:57.352734, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (6->5) [2013/11/07 14:24:57.352844, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (5->4) [2013/11/07 14:24:57.352929, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (4->3) [2013/11/07 14:24:57.353012, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (3->2) [2013/11/07 14:24:57.353198, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 6F 01 00 00 00 00 00 00 7B 52 A9 94 ....o... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.353367, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000016f-0000-0000-7b52-a9947f2c0000 result : WERR_OK [2013/11/07 14:24:57.353756, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey in: struct winreg_QueryInfoKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000016f-0000-0000-7b52-a9947f2c0000 classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL [2013/11/07 14:24:57.354258, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 6F 01 00 00 00 00 00 00 7B 52 A9 94 ....o... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.354415, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' (ops 0xb6d86bc0) [2013/11/07 14:24:57.354499, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:57.354651, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[0]: name[Attributes] len[4] [2013/11/07 14:24:57.354738, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[1]: name[Description] len[2] [2013/11/07 14:24:57.354822, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[2]: name[Datatype] len[8] [2013/11/07 14:24:57.354905, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[3]: name[Default Priority] len[4] [2013/11/07 14:24:57.355005, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[4]: name[Port] len[38] [2013/11/07 14:24:57.355112, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[5]: name[Name] len[20] [2013/11/07 14:24:57.355199, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[6]: name[Print Processor] len[18] [2013/11/07 14:24:57.355284, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[7]: name[Priority] len[4] [2013/11/07 14:24:57.355369, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[8]: name[Security] len[248] [2013/11/07 14:24:57.355454, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[9]: name[Share Name] len[20] [2013/11/07 14:24:57.355539, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[10]: name[StartTime] len[4] [2013/11/07 14:24:57.355625, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[11]: name[UntilTime] len[4] [2013/11/07 14:24:57.355709, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[12]: name[ChangeID] len[4] [2013/11/07 14:24:57.355798, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:57.355904, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey out: struct winreg_QueryInfoKey classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL num_subkeys : * num_subkeys : 0x00000003 (3) max_subkeylen : * max_subkeylen : 0x00000022 (34) max_classlen : * max_classlen : 0x00000000 (0) num_values : * num_values : 0x0000000d (13) max_valnamelen : * max_valnamelen : 0x00000022 (34) max_valbufsize : * max_valbufsize : 0x000000f8 (248) secdescsize : * secdescsize : 0x00000078 (120) last_changed_time : * last_changed_time : NTTIME(0) result : WERR_OK [2013/11/07 14:24:57.356943, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000016f-0000-0000-7b52-a9947f2c0000 enum_index : 0x00000000 (0) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:57.357867, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 6F 01 00 00 00 00 00 00 7B 52 A9 94 ....o... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.358021, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:57.358114, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0016 (22) size : 0x0024 (36) name : * name : 'Attributes' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x48 (72) [1] : 0x10 (16) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:57.359047, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000016f-0000-0000-7b52-a9947f2c0000 enum_index : 0x00000001 (1) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:57.359891, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 6F 01 00 00 00 00 00 00 7B 52 A9 94 ....o... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.360081, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:57.360173, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0018 (24) size : 0x0024 (36) name : * name : 'Description' type : * type : REG_SZ (1) value : * value: ARRAY(2) [0] : 0x00 (0) [1] : 0x00 (0) size : * size : 0x00000002 (2) length : * length : 0x00000002 (2) result : WERR_OK [2013/11/07 14:24:57.361099, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000016f-0000-0000-7b52-a9947f2c0000 enum_index : 0x00000002 (2) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:57.361992, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 6F 01 00 00 00 00 00 00 7B 52 A9 94 ....o... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.362145, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:57.362237, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Datatype' type : * type : REG_SZ (1) value : * value: ARRAY(8) [0] : 0x52 (82) [1] : 0x00 (0) [2] : 0x41 (65) [3] : 0x00 (0) [4] : 0x57 (87) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) size : * size : 0x00000008 (8) length : * length : 0x00000008 (8) result : WERR_OK [2013/11/07 14:24:57.363360, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000016f-0000-0000-7b52-a9947f2c0000 enum_index : 0x00000003 (3) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:57.364300, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 6F 01 00 00 00 00 00 00 7B 52 A9 94 ....o... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.364552, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:57.364646, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0022 (34) size : 0x0024 (36) name : * name : 'Default Priority' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:57.365566, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000016f-0000-0000-7b52-a9947f2c0000 enum_index : 0x00000004 (4) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:57.366450, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 6F 01 00 00 00 00 00 00 7B 52 A9 94 ....o... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.366602, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:57.366707, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x000a (10) size : 0x0024 (36) name : * name : 'Port' type : * type : REG_SZ (1) value : * value: ARRAY(38) [0] : 0x53 (83) [1] : 0x00 (0) [2] : 0x61 (97) [3] : 0x00 (0) [4] : 0x6d (109) [5] : 0x00 (0) [6] : 0x62 (98) [7] : 0x00 (0) [8] : 0x61 (97) [9] : 0x00 (0) [10] : 0x20 (32) [11] : 0x00 (0) [12] : 0x50 (80) [13] : 0x00 (0) [14] : 0x72 (114) [15] : 0x00 (0) [16] : 0x69 (105) [17] : 0x00 (0) [18] : 0x6e (110) [19] : 0x00 (0) [20] : 0x74 (116) [21] : 0x00 (0) [22] : 0x65 (101) [23] : 0x00 (0) [24] : 0x72 (114) [25] : 0x00 (0) [26] : 0x20 (32) [27] : 0x00 (0) [28] : 0x50 (80) [29] : 0x00 (0) [30] : 0x6f (111) [31] : 0x00 (0) [32] : 0x72 (114) [33] : 0x00 (0) [34] : 0x74 (116) [35] : 0x00 (0) [36] : 0x00 (0) [37] : 0x00 (0) size : * size : 0x00000026 (38) length : * length : 0x00000026 (38) result : WERR_OK [2013/11/07 14:24:57.369036, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000016f-0000-0000-7b52-a9947f2c0000 enum_index : 0x00000005 (5) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:57.369957, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 6F 01 00 00 00 00 00 00 7B 52 A9 94 ....o... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.370107, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:57.370199, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x000a (10) size : 0x0024 (36) name : * name : 'Name' type : * type : REG_SZ (1) value : * value: ARRAY(20) [0] : 0x73 (115) [1] : 0x00 (0) [2] : 0x70 (112) [3] : 0x00 (0) [4] : 0x72 (114) [5] : 0x00 (0) [6] : 0x69 (105) [7] : 0x00 (0) [8] : 0x6e (110) [9] : 0x00 (0) [10] : 0x74 (116) [11] : 0x00 (0) [12] : 0x65 (101) [13] : 0x00 (0) [14] : 0x72 (114) [15] : 0x00 (0) [16] : 0x31 (49) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) size : * size : 0x00000014 (20) length : * length : 0x00000014 (20) result : WERR_OK [2013/11/07 14:24:57.371811, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000016f-0000-0000-7b52-a9947f2c0000 enum_index : 0x00000006 (6) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:57.372814, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 6F 01 00 00 00 00 00 00 7B 52 A9 94 ....o... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.372990, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:57.373082, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0020 (32) size : 0x0024 (36) name : * name : 'Print Processor' type : * type : REG_SZ (1) value : * value: ARRAY(18) [0] : 0x77 (119) [1] : 0x00 (0) [2] : 0x69 (105) [3] : 0x00 (0) [4] : 0x6e (110) [5] : 0x00 (0) [6] : 0x70 (112) [7] : 0x00 (0) [8] : 0x72 (114) [9] : 0x00 (0) [10] : 0x69 (105) [11] : 0x00 (0) [12] : 0x6e (110) [13] : 0x00 (0) [14] : 0x74 (116) [15] : 0x00 (0) [16] : 0x00 (0) [17] : 0x00 (0) size : * size : 0x00000012 (18) length : * length : 0x00000012 (18) result : WERR_OK [2013/11/07 14:24:57.374579, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000016f-0000-0000-7b52-a9947f2c0000 enum_index : 0x00000007 (7) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:57.375510, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 6F 01 00 00 00 00 00 00 7B 52 A9 94 ....o... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.375664, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:57.375756, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Priority' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:57.376688, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000016f-0000-0000-7b52-a9947f2c0000 enum_index : 0x00000008 (8) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:57.377586, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 6F 01 00 00 00 00 00 00 7B 52 A9 94 ....o... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.377758, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:57.377850, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Security' type : * type : REG_BINARY (3) value : * value: ARRAY(248) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0xc4 (196) [55] : 0x00 (0) [56] : 0x07 (7) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x24 (36) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x05 (5) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x15 (21) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0xcd (205) [101] : 0x0e (14) [102] : 0x37 (55) [103] : 0x41 (65) [104] : 0xea (234) [105] : 0x03 (3) [106] : 0x00 (0) [107] : 0x1d (29) [108] : 0x0e (14) [109] : 0x89 (137) [110] : 0x3c (60) [111] : 0xd2 (210) [112] : 0x00 (0) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x02 (2) [118] : 0x24 (36) [119] : 0x00 (0) [120] : 0x0c (12) [121] : 0x00 (0) [122] : 0x0f (15) [123] : 0x10 (16) [124] : 0x01 (1) [125] : 0x05 (5) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x05 (5) [132] : 0x15 (21) [133] : 0x00 (0) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0xcd (205) [137] : 0x0e (14) [138] : 0x37 (55) [139] : 0x41 (65) [140] : 0xea (234) [141] : 0x03 (3) [142] : 0x00 (0) [143] : 0x1d (29) [144] : 0x0e (14) [145] : 0x89 (137) [146] : 0x3c (60) [147] : 0xd2 (210) [148] : 0x00 (0) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x09 (9) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x20 (32) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x02 (2) [178] : 0x18 (24) [179] : 0x00 (0) [180] : 0x0c (12) [181] : 0x00 (0) [182] : 0x0f (15) [183] : 0x10 (16) [184] : 0x01 (1) [185] : 0x02 (2) [186] : 0x00 (0) [187] : 0x00 (0) [188] : 0x00 (0) [189] : 0x00 (0) [190] : 0x00 (0) [191] : 0x05 (5) [192] : 0x20 (32) [193] : 0x00 (0) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x20 (32) [197] : 0x02 (2) [198] : 0x00 (0) [199] : 0x00 (0) [200] : 0x00 (0) [201] : 0x09 (9) [202] : 0x18 (24) [203] : 0x00 (0) [204] : 0x0c (12) [205] : 0x00 (0) [206] : 0x0f (15) [207] : 0x10 (16) [208] : 0x01 (1) [209] : 0x02 (2) [210] : 0x00 (0) [211] : 0x00 (0) [212] : 0x00 (0) [213] : 0x00 (0) [214] : 0x00 (0) [215] : 0x05 (5) [216] : 0x20 (32) [217] : 0x00 (0) [218] : 0x00 (0) [219] : 0x00 (0) [220] : 0x26 (38) [221] : 0x02 (2) [222] : 0x00 (0) [223] : 0x00 (0) [224] : 0x00 (0) [225] : 0x02 (2) [226] : 0x18 (24) [227] : 0x00 (0) [228] : 0x0c (12) [229] : 0x00 (0) [230] : 0x0f (15) [231] : 0x10 (16) [232] : 0x01 (1) [233] : 0x02 (2) [234] : 0x00 (0) [235] : 0x00 (0) [236] : 0x00 (0) [237] : 0x00 (0) [238] : 0x00 (0) [239] : 0x05 (5) [240] : 0x20 (32) [241] : 0x00 (0) [242] : 0x00 (0) [243] : 0x00 (0) [244] : 0x26 (38) [245] : 0x02 (2) [246] : 0x00 (0) [247] : 0x00 (0) size : * size : 0x000000f8 (248) length : * length : 0x000000f8 (248) result : WERR_OK [2013/11/07 14:24:57.388863, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000016f-0000-0000-7b52-a9947f2c0000 enum_index : 0x00000009 (9) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:57.389761, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 6F 01 00 00 00 00 00 00 7B 52 A9 94 ....o... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.389910, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:57.390003, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0016 (22) size : 0x0024 (36) name : * name : 'Share Name' type : * type : REG_SZ (1) value : * value: ARRAY(20) [0] : 0x73 (115) [1] : 0x00 (0) [2] : 0x70 (112) [3] : 0x00 (0) [4] : 0x72 (114) [5] : 0x00 (0) [6] : 0x69 (105) [7] : 0x00 (0) [8] : 0x6e (110) [9] : 0x00 (0) [10] : 0x74 (116) [11] : 0x00 (0) [12] : 0x65 (101) [13] : 0x00 (0) [14] : 0x72 (114) [15] : 0x00 (0) [16] : 0x31 (49) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) size : * size : 0x00000014 (20) length : * length : 0x00000014 (20) result : WERR_OK [2013/11/07 14:24:57.391566, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000016f-0000-0000-7b52-a9947f2c0000 enum_index : 0x0000000a (10) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:57.392503, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 6F 01 00 00 00 00 00 00 7B 52 A9 94 ....o... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.392653, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:57.392743, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0014 (20) size : 0x0024 (36) name : * name : 'StartTime' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:57.393667, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000016f-0000-0000-7b52-a9947f2c0000 enum_index : 0x0000000b (11) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:57.394567, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 6F 01 00 00 00 00 00 00 7B 52 A9 94 ....o... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.394715, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:57.394805, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0014 (20) size : 0x0024 (36) name : * name : 'UntilTime' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:57.395707, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000016f-0000-0000-7b52-a9947f2c0000 enum_index : 0x0000000c (12) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:57.396655, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 6F 01 00 00 00 00 00 00 7B 52 A9 94 ....o... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.396807, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:57.396897, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'ChangeID' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x33 (51) [1] : 0xac (172) [2] : 0x0e (14) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:57.397874, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000016f-0000-0000-7b52-a9947f2c0000 value_name : * value_name: struct winreg_String name_len : 0x0020 (32) name_size : 0x0020 (32) name : * name : 'Default DevMode' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2013/11/07 14:24:57.398648, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 6F 01 00 00 00 00 00 00 7B 52 A9 94 ....o... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.398797, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:57.398880, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2013/11/07 14:24:57.398968, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:316(_winreg_QueryValue) _winreg_QueryValue: reg_queryvalue failed with: WERR_BADFILE [2013/11/07 14:24:57.399049, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) result : WERR_BADFILE [2013/11/07 14:24:57.399510, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:24:57.400031, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2013/11/07 14:24:57.400114, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (2->3) [2013/11/07 14:24:57.400200, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2013/11/07 14:24:57.400281, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2013/11/07 14:24:57.400366, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:57.400476, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM] [2013/11/07 14:24:57.400601, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2013/11/07 14:24:57.400705, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:24:57.400794, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[3] [0000] 00 00 00 00 70 01 00 00 00 00 00 00 7B 52 A9 94 ....p... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.400945, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000170-0000-0000-7b52-a9947f2c0000 result : WERR_OK [2013/11/07 14:24:57.401311, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000170-0000-0000-7b52-a9947f2c0000 keyname: struct winreg_String name_len : 0x008c (140) name_size : 0x008c (140) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:24:57.402326, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 70 01 00 00 00 00 00 00 7B 52 A9 94 ....p... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.402481, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2013/11/07 14:24:57.402563, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (3->4) [2013/11/07 14:24:57.402647, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2013/11/07 14:24:57.402727, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2013/11/07 14:24:57.402811, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:57.402890, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE] [2013/11/07 14:24:57.403000, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2013/11/07 14:24:57.403100, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2013/11/07 14:24:57.403182, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (4->5) [2013/11/07 14:24:57.403265, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:57.403345, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:57.403428, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:57.403507, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:57.403612, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:57.403711, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2013/11/07 14:24:57.403794, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (5->6) [2013/11/07 14:24:57.403878, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:57.403958, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:57.404056, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:57.404135, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:57.404237, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:57.404338, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2013/11/07 14:24:57.404448, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (6->7) [2013/11/07 14:24:57.404534, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:57.404614, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:57.404700, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:57.404779, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:57.404903, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2013/11/07 14:24:57.405016, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (7->8) [2013/11/07 14:24:57.405103, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:57.405184, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:57.405272, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:57.405376, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:57.405489, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2013/11/07 14:24:57.405572, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (8->9) [2013/11/07 14:24:57.405657, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:57.405738, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:57.405843, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:57.405923, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:57.406029, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:57.406159, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [sprinter1] [2013/11/07 14:24:57.406242, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (9->10) [2013/11/07 14:24:57.406328, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:57.406409, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:57.406496, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:57.406575, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:57.406688, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:57.406819, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:24:57.406905, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (10->9) [2013/11/07 14:24:57.406989, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (9->8) [2013/11/07 14:24:57.407073, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (8->7) [2013/11/07 14:24:57.407157, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (7->6) [2013/11/07 14:24:57.407240, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (6->5) [2013/11/07 14:24:57.407323, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (5->4) [2013/11/07 14:24:57.407408, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[4] [0000] 00 00 00 00 71 01 00 00 00 00 00 00 7B 52 A9 94 ....q... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.407574, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000171-0000-0000-7b52-a9947f2c0000 result : WERR_OK [2013/11/07 14:24:57.407927, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000171-0000-0000-7b52-a9947f2c0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2013/11/07 14:24:57.408759, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 71 01 00 00 00 00 00 00 7B 52 A9 94 ....q... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.408912, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:57.408994, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2013/11/07 14:24:57.409076, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' (ops 0xb6d86bc0) [2013/11/07 14:24:57.409185, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:57.409308, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[0]: name[Attributes] len[4] [2013/11/07 14:24:57.409394, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[1]: name[Description] len[2] [2013/11/07 14:24:57.409478, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[2]: name[Datatype] len[8] [2013/11/07 14:24:57.409561, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[3]: name[Default Priority] len[4] [2013/11/07 14:24:57.409669, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[4]: name[Port] len[38] [2013/11/07 14:24:57.409769, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[5]: name[Name] len[20] [2013/11/07 14:24:57.409853, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[6]: name[Print Processor] len[18] [2013/11/07 14:24:57.409938, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[7]: name[Priority] len[4] [2013/11/07 14:24:57.410023, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[8]: name[Security] len[248] [2013/11/07 14:24:57.410108, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[9]: name[Share Name] len[20] [2013/11/07 14:24:57.410193, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[10]: name[StartTime] len[4] [2013/11/07 14:24:57.410279, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[11]: name[UntilTime] len[4] [2013/11/07 14:24:57.410388, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[12]: name[ChangeID] len[4] [2013/11/07 14:24:57.410475, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : NULL data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x00000000 (0) result : WERR_OK [2013/11/07 14:24:57.410935, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000171-0000-0000-7b52-a9947f2c0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_BINARY (3) data : * data: ARRAY(0) data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x00000000 (0) [2013/11/07 14:24:57.411795, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 71 01 00 00 00 00 00 00 7B 52 A9 94 ....q... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.411946, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:57.412042, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2013/11/07 14:24:57.412130, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : * data: ARRAY(248) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0xc4 (196) [55] : 0x00 (0) [56] : 0x07 (7) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x24 (36) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x05 (5) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x15 (21) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0xcd (205) [101] : 0x0e (14) [102] : 0x37 (55) [103] : 0x41 (65) [104] : 0xea (234) [105] : 0x03 (3) [106] : 0x00 (0) [107] : 0x1d (29) [108] : 0x0e (14) [109] : 0x89 (137) [110] : 0x3c (60) [111] : 0xd2 (210) [112] : 0x00 (0) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x02 (2) [118] : 0x24 (36) [119] : 0x00 (0) [120] : 0x0c (12) [121] : 0x00 (0) [122] : 0x0f (15) [123] : 0x10 (16) [124] : 0x01 (1) [125] : 0x05 (5) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x05 (5) [132] : 0x15 (21) [133] : 0x00 (0) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0xcd (205) [137] : 0x0e (14) [138] : 0x37 (55) [139] : 0x41 (65) [140] : 0xea (234) [141] : 0x03 (3) [142] : 0x00 (0) [143] : 0x1d (29) [144] : 0x0e (14) [145] : 0x89 (137) [146] : 0x3c (60) [147] : 0xd2 (210) [148] : 0x00 (0) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x09 (9) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x20 (32) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x02 (2) [178] : 0x18 (24) [179] : 0x00 (0) [180] : 0x0c (12) [181] : 0x00 (0) [182] : 0x0f (15) [183] : 0x10 (16) [184] : 0x01 (1) [185] : 0x02 (2) [186] : 0x00 (0) [187] : 0x00 (0) [188] : 0x00 (0) [189] : 0x00 (0) [190] : 0x00 (0) [191] : 0x05 (5) [192] : 0x20 (32) [193] : 0x00 (0) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x20 (32) [197] : 0x02 (2) [198] : 0x00 (0) [199] : 0x00 (0) [200] : 0x00 (0) [201] : 0x09 (9) [202] : 0x18 (24) [203] : 0x00 (0) [204] : 0x0c (12) [205] : 0x00 (0) [206] : 0x0f (15) [207] : 0x10 (16) [208] : 0x01 (1) [209] : 0x02 (2) [210] : 0x00 (0) [211] : 0x00 (0) [212] : 0x00 (0) [213] : 0x00 (0) [214] : 0x00 (0) [215] : 0x05 (5) [216] : 0x20 (32) [217] : 0x00 (0) [218] : 0x00 (0) [219] : 0x00 (0) [220] : 0x26 (38) [221] : 0x02 (2) [222] : 0x00 (0) [223] : 0x00 (0) [224] : 0x00 (0) [225] : 0x02 (2) [226] : 0x18 (24) [227] : 0x00 (0) [228] : 0x0c (12) [229] : 0x00 (0) [230] : 0x0f (15) [231] : 0x10 (16) [232] : 0x01 (1) [233] : 0x02 (2) [234] : 0x00 (0) [235] : 0x00 (0) [236] : 0x00 (0) [237] : 0x00 (0) [238] : 0x00 (0) [239] : 0x05 (5) [240] : 0x20 (32) [241] : 0x00 (0) [242] : 0x00 (0) [243] : 0x00 (0) [244] : 0x26 (38) [245] : 0x02 (2) [246] : 0x00 (0) [247] : 0x00 (0) data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x000000f8 (248) result : WERR_OK [2013/11/07 14:24:57.422892, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000171-0000-0000-7b52-a9947f2c0000 [2013/11/07 14:24:57.423188, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 71 01 00 00 00 00 00 00 7B 52 A9 94 ....q... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.423341, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 71 01 00 00 00 00 00 00 7B 52 A9 94 ....q... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.423505, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:24:57.423593, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (4->3) [2013/11/07 14:24:57.423676, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:24:57.424014, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000170-0000-0000-7b52-a9947f2c0000 [2013/11/07 14:24:57.424293, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 70 01 00 00 00 00 00 00 7B 52 A9 94 ....p... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.424474, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 70 01 00 00 00 00 00 00 7B 52 A9 94 ....p... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.424622, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:24:57.424705, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (3->2) [2013/11/07 14:24:57.424853, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:24:57.425237, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000016f-0000-0000-7b52-a9947f2c0000 [2013/11/07 14:24:57.425536, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 6F 01 00 00 00 00 00 00 7B 52 A9 94 ....o... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.425685, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 6F 01 00 00 00 00 00 00 7B 52 A9 94 ....o... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.425847, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:24:57.425938, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (2->1) [2013/11/07 14:24:57.426022, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:24:57.426385, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000016e-0000-0000-7b52-a9947f2c0000 [2013/11/07 14:24:57.426668, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 6E 01 00 00 00 00 00 00 7B 52 A9 94 ....n... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.426819, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 6E 01 00 00 00 00 00 00 7B 52 A9 94 ....n... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.426969, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:24:57.427052, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (1->0) [2013/11/07 14:24:57.427160, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:24:57.427501, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:416(close_policy_by_pipe) Deleted handle list for RPC connection \winreg [2013/11/07 14:24:57.427830, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) spoolss_GetPrinter: struct spoolss_GetPrinter out: struct spoolss_GetPrinter info : * info : union spoolss_PrinterInfo(case 2) info2: struct spoolss_PrinterInfo2 servername : * servername : '\\SLAVER' printername : * printername : '\\SLAVER\sprinter1' sharename : * sharename : 'sprinter1' portname : * portname : 'Samba Printer Port' drivername : * drivername : '' comment : * comment : '' location : * location : '' devmode : * devmode: struct spoolss_DeviceMode devicename : '\\SLAVER\sprinter1' specversion : DMSPEC_NT4_AND_ABOVE (1025) driverversion : 0x0400 (1024) size : 0x00dc (220) __driverextra_length : 0x0000 (0) fields : 0x00014713 (83731) 1: DEVMODE_ORIENTATION 1: DEVMODE_PAPERSIZE 0: DEVMODE_PAPERLENGTH 0: DEVMODE_PAPERWIDTH 1: DEVMODE_SCALE 0: DEVMODE_POSITION 0: DEVMODE_NUP 1: DEVMODE_COPIES 1: DEVMODE_DEFAULTSOURCE 1: DEVMODE_PRINTQUALITY 0: DEVMODE_COLOR 0: DEVMODE_DUPLEX 0: DEVMODE_YRESOLUTION 1: DEVMODE_TTOPTION 0: DEVMODE_COLLATE 1: DEVMODE_FORMNAME 0: DEVMODE_LOGPIXELS 0: DEVMODE_BITSPERPEL 0: DEVMODE_PELSWIDTH 0: DEVMODE_PELSHEIGHT 0: DEVMODE_DISPLAYFLAGS 0: DEVMODE_DISPLAYFREQUENCY 0: DEVMODE_ICMMETHOD 0: DEVMODE_ICMINTENT 0: DEVMODE_MEDIATYPE 0: DEVMODE_DITHERTYPE 0: DEVMODE_PANNINGWIDTH 0: DEVMODE_PANNINGHEIGHT orientation : DMORIENT_PORTRAIT (1) papersize : DMPAPER_LETTER (1) paperlength : 0x0000 (0) paperwidth : 0x0000 (0) scale : 0x0064 (100) copies : 0x0001 (1) defaultsource : DMBIN_FORMSOURCE (15) printquality : DMRES_HIGH (65532) color : DMRES_MONOCHROME (1) duplex : DMDUP_SIMPLEX (1) yresolution : 0x0000 (0) ttoption : DMTT_SUBDEV (3) collate : DMCOLLATE_FALSE (0) formname : 'Letter' logpixels : 0x0000 (0) bitsperpel : 0x00000000 (0) pelswidth : 0x00000000 (0) pelsheight : 0x00000000 (0) displayflags : UNKNOWN_ENUM_VALUE (0) displayfrequency : 0x00000000 (0) icmmethod : UNKNOWN_ENUM_VALUE (0) icmintent : UNKNOWN_ENUM_VALUE (0) mediatype : UNKNOWN_ENUM_VALUE (0) dithertype : UNKNOWN_ENUM_VALUE (0) reserved1 : 0x00000000 (0) reserved2 : 0x00000000 (0) panningwidth : 0x00000000 (0) panningheight : 0x00000000 (0) driverextra_data : DATA_BLOB length=0 sepfile : * sepfile : '' printprocessor : * printprocessor : 'winprint' datatype : * datatype : 'RAW' parameters : * parameters : '' secdesc : * secdesc: struct security_descriptor revision : SECURITY_DESCRIPTOR_REVISION_1 (1) type : 0x8004 (32772) 0: SEC_DESC_OWNER_DEFAULTED 0: SEC_DESC_GROUP_DEFAULTED 1: SEC_DESC_DACL_PRESENT 0: SEC_DESC_DACL_DEFAULTED 0: SEC_DESC_SACL_PRESENT 0: SEC_DESC_SACL_DEFAULTED 0: SEC_DESC_DACL_TRUSTED 0: SEC_DESC_SERVER_SECURITY 0: SEC_DESC_DACL_AUTO_INHERIT_REQ 0: SEC_DESC_SACL_AUTO_INHERIT_REQ 0: SEC_DESC_DACL_AUTO_INHERITED 0: SEC_DESC_SACL_AUTO_INHERITED 0: SEC_DESC_DACL_PROTECTED 0: SEC_DESC_SACL_PROTECTED 0: SEC_DESC_RM_CONTROL_VALID 1: SEC_DESC_SELF_RELATIVE owner_sid : * owner_sid : S-1-5-32-544 group_sid : * group_sid : S-1-5-32-544 sacl : NULL dacl : * dacl: struct security_acl revision : SECURITY_ACL_REVISION_NT4 (2) size : 0x00c4 (196) num_aces : 0x00000007 (7) aces: ARRAY(7) aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0014 (20) access_mask : 0x20020008 (537001992) object : union security_ace_object_ctr(case 0) trustee : S-1-1-0 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x09 (9) 1: SEC_ACE_FLAG_OBJECT_INHERIT 0: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 1: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0024 (36) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-21-1094127309-486540266-3527182606-512 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0024 (36) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-21-1094127309-486540266-3527182606-512 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x09 (9) 1: SEC_ACE_FLAG_OBJECT_INHERIT 0: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 1: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-544 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-544 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x09 (9) 1: SEC_ACE_FLAG_OBJECT_INHERIT 0: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 1: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-550 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-550 attributes : 0x00001048 (4168) 0: PRINTER_ATTRIBUTE_QUEUED 0: PRINTER_ATTRIBUTE_DIRECT 0: PRINTER_ATTRIBUTE_DEFAULT 1: PRINTER_ATTRIBUTE_SHARED 0: PRINTER_ATTRIBUTE_NETWORK 0: PRINTER_ATTRIBUTE_HIDDEN 1: PRINTER_ATTRIBUTE_LOCAL 0: PRINTER_ATTRIBUTE_ENABLE_DEVQ 0: PRINTER_ATTRIBUTE_KEEPPRINTEDJOBS 0: PRINTER_ATTRIBUTE_DO_COMPLETE_FIRST 0: PRINTER_ATTRIBUTE_WORK_OFFLINE 0: PRINTER_ATTRIBUTE_ENABLE_BIDI 1: PRINTER_ATTRIBUTE_RAW_ONLY 0: PRINTER_ATTRIBUTE_PUBLISHED 0: PRINTER_ATTRIBUTE_FAX 0: PRINTER_ATTRIBUTE_TS priority : 0x00000001 (1) defaultpriority : 0x00000001 (1) starttime : 0x00000000 (0) untiltime : 0x00000000 (0) status : 0x00000000 (0) 0: PRINTER_STATUS_PAUSED 0: PRINTER_STATUS_ERROR 0: PRINTER_STATUS_PENDING_DELETION 0: PRINTER_STATUS_PAPER_JAM 0: PRINTER_STATUS_PAPER_OUT 0: PRINTER_STATUS_MANUAL_FEED 0: PRINTER_STATUS_PAPER_PROBLEM 0: PRINTER_STATUS_OFFLINE 0: PRINTER_STATUS_IO_ACTIVE 0: PRINTER_STATUS_BUSY 0: PRINTER_STATUS_PRINTING 0: PRINTER_STATUS_OUTPUT_BIN_FULL 0: PRINTER_STATUS_NOT_AVAILABLE 0: PRINTER_STATUS_WAITING 0: PRINTER_STATUS_PROCESSING 0: PRINTER_STATUS_INITIALIZING 0: PRINTER_STATUS_WARMING_UP 0: PRINTER_STATUS_TONER_LOW 0: PRINTER_STATUS_NO_TONER 0: PRINTER_STATUS_PAGE_PUNT 0: PRINTER_STATUS_USER_INTERVENTION 0: PRINTER_STATUS_OUT_OF_MEMORY 0: PRINTER_STATUS_DOOR_OPEN 0: PRINTER_STATUS_SERVER_UNKNOWN 0: PRINTER_STATUS_POWER_SAVE cjobs : 0x00000000 (0) averageppm : 0x00000000 (0) needed : * needed : 0x000002f0 (752) result : WERR_OK [2013/11/07 14:24:57.439905, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1417(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2013/11/07 14:24:57.440047, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (2016, 5001) - sec_ctx_stack_ndx = 0 [2013/11/07 14:24:57.440136, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 4140 smbd_smb2_request_pending_queue: req->current_idx = 1 req->in.vector[0].iov_len = 0 req->in.vector[1].iov_len = 0 req->in.vector[2].iov_len = 64 req->in.vector[3].iov_len = 56 req->in.vector[4].iov_len = 4156 req->out.vector[0].iov_len = 4 req->out.vector[1].iov_len = 0 req->out.vector[2].iov_len = 64 req->out.vector[3].iov_len = 8 req->out.vector[4].iov_len = 0 [2013/11/07 14:24:57.440719, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:128(smbd_smb2_ioctl_pipe_write_done) smbd_smb2_ioctl_pipe_write_done: received 4156 [2013/11/07 14:24:57.440803, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:149(smbd_smb2_ioctl_pipe_write_done) smbd_smb2_ioctl_pipe_write_done: issuing np_read_send of size 1024 [2013/11/07 14:24:57.440888, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) name: \spoolss len: 1024 [2013/11/07 14:24:57.440973, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:347(read_from_internal_pipe) read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 4112. [2013/11/07 14:24:57.441072, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x1028 (4136) auth_length : 0x0000 (0) call_id : 0x00000003 (3) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00001010 (4112) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=4112 [0000] 04 00 02 00 00 10 00 00 EE 0F 00 00 C8 0F 00 00 ........ ........ [0010] B4 0F 00 00 8E 0F 00 00 8C 0F 00 00 8A 0F 00 00 ........ ........ [0020] 88 0F 00 00 8C 0E 00 00 86 0F 00 00 74 0F 00 00 ........ ....t... [0030] 6C 0F 00 00 6A 0F 00 00 94 0D 00 00 48 10 00 00 l...j... ....H... [0040] 01 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 01 00 04 80 ........ ........ [0DA0] D8 00 00 00 E8 00 00 00 00 00 00 00 14 00 00 00 ........ ........ [0DB0] 02 00 C4 00 07 00 00 00 00 02 14 00 08 00 02 20 ........ ....... [0DC0] 01 01 00 00 00 00 00 01 00 00 00 00 00 09 24 00 ........ ......$. [0DD0] 0C 00 0F 10 01 05 00 00 00 00 00 05 15 00 00 00 ........ ........ [0DE0] CD 0E 37 41 EA 03 00 1D 0E 89 3C D2 00 02 00 00 ..7A.... ..<..... [0DF0] 00 02 24 00 0C 00 0F 10 01 05 00 00 00 00 00 05 ..$..... ........ [0E00] 15 00 00 00 CD 0E 37 41 EA 03 00 1D 0E 89 3C D2 ......7A ......<. [0E10] 00 02 00 00 00 09 18 00 0C 00 0F 10 01 02 00 00 ........ ........ [0E20] 00 00 00 05 20 00 00 00 20 02 00 00 00 02 18 00 .... ... ....... [0E30] 0C 00 0F 10 01 02 00 00 00 00 00 05 20 00 00 00 ........ .... ... [0E40] 20 02 00 00 00 09 18 00 0C 00 0F 10 01 02 00 00 ....... ........ [0E50] 00 00 00 05 20 00 00 00 26 02 00 00 00 02 18 00 .... ... &....... [0E60] 0C 00 0F 10 01 02 00 00 00 00 00 05 20 00 00 00 ........ .... ... [0E70] 26 02 00 00 01 02 00 00 00 00 00 05 20 00 00 00 &....... .... ... [0E80] 20 02 00 00 01 02 00 00 00 00 00 05 20 00 00 00 ....... .... ... [0E90] 20 02 00 00 5C 00 5C 00 53 00 4C 00 41 00 56 00 ...\.\. S.L.A.V. [0EA0] 45 00 52 00 5C 00 73 00 70 00 72 00 69 00 6E 00 E.R.\.s. p.r.i.n. [0EB0] 74 00 65 00 72 00 31 00 00 00 00 00 00 00 00 00 t.e.r.1. ........ [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0ED0] 00 00 00 00 01 04 00 04 DC 00 00 00 13 47 01 00 ........ .....G.. [0EE0] 01 00 01 00 00 00 00 00 64 00 01 00 0F 00 FC FF ........ d....... [0EF0] 01 00 01 00 00 00 03 00 00 00 4C 00 65 00 74 00 ........ ..L.e.t. [0F00] 74 00 65 00 72 00 00 00 00 00 00 00 00 00 00 00 t.e.r... ........ [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F70] 00 00 00 00 52 00 41 00 57 00 00 00 77 00 69 00 ....R.A. W...w.i. [0F80] 6E 00 70 00 72 00 69 00 6E 00 74 00 00 00 00 00 n.p.r.i. n.t..... [0F90] 00 00 00 00 00 00 53 00 61 00 6D 00 62 00 61 00 ......S. a.m.b.a. [0FA0] 20 00 50 00 72 00 69 00 6E 00 74 00 65 00 72 00 .P.r.i. n.t.e.r. [0FB0] 20 00 50 00 6F 00 72 00 74 00 00 00 73 00 70 00 .P.o.r. t...s.p. [0FC0] 72 00 69 00 6E 00 74 00 65 00 72 00 31 00 00 00 r.i.n.t. e.r.1... [0FD0] 5C 00 5C 00 53 00 4C 00 41 00 56 00 45 00 52 00 \.\.S.L. A.V.E.R. [0FE0] 5C 00 73 00 70 00 72 00 69 00 6E 00 74 00 65 00 \.s.p.r. i.n.t.e. [0FF0] 72 00 31 00 00 00 5C 00 5C 00 53 00 4C 00 41 00 r.1...\. \.S.L.A. [1000] 56 00 45 00 52 00 00 00 F0 02 00 00 00 00 00 00 V.E.R... ........ [2013/11/07 14:24:57.460166, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 1024 bytes. There is more data outstanding [2013/11/07 14:24:57.460251, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:178(smbd_smb2_ioctl_pipe_read_done) smbd_smb2_ioctl_pipe_read_done: np_read_recv nread = 1024 is_data_outstanding = 1, status = NT_STATUS_OK [2013/11/07 14:24:57.460341, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl.c:291(smbd_smb2_request_ioctl_done) smbd_smb2_request_ioctl_done: smbd_smb2_ioctl_recv returned 1024 status STATUS_BUFFER_OVERFLOW [2013/11/07 14:24:57.460451, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) smbd_smb2_request_done_ex: idx[1] status[STATUS_BUFFER_OVERFLOW] body[48] dyn[yes:1024] at ../source3/smbd/smb2_ioctl.c:358 [2013/11/07 14:24:57.460539, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/202/127 [2013/11/07 14:24:57.460794, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) smbd_smb2_request_incoming: idx[1] of 5 vectors [2013/11/07 14:24:57.460884, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) smb2_validate_sequence_number: clearing id 202 (position 202) from bitmap [2013/11/07 14:24:57.460995, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) smbd_smb2_request_dispatch: opcode[SMB2_OP_CLOSE] mid = 202 [2013/11/07 14:24:57.461102, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2013/11/07 14:24:57.461213, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_close.c:185(smbd_smb2_close) smbd_smb2_close: spoolss - fnum 2524443903 [2013/11/07 14:24:57.461321, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap.c:187(dbwrap_check_lock_order) check lock order 1 for /var/run/samba/smbXsrv_open_global.tdb [2013/11/07 14:24:57.461403, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) lock order: 1:/var/run/samba/smbXsrv_open_global.tdb 2: 3: [2013/11/07 14:24:57.461489, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) Locking key 5DE11E80 [2013/11/07 14:24:57.461610, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap_tdb.c:143(db_tdb_fetch_locked_internal) Allocated locked data 0x0xb81e70e0 [2013/11/07 14:24:57.461705, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) Unlocking key 5DE11E80 [2013/11/07 14:24:57.461788, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor) release lock order 1 for /var/run/samba/smbXsrv_open_global.tdb [2013/11/07 14:24:57.461868, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) lock order: 1: 2: 3: [2013/11/07 14:24:57.461974, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/files.c:525(file_free) freed files structure 2524443903 (2 used) [2013/11/07 14:24:57.462079, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[60] dyn[no:0] at ../source3/smbd/smb2_close.c:139 [2013/11/07 14:24:57.462164, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/203/127 [2013/11/07 14:24:57.462343, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) smbd_smb2_request_incoming: idx[1] of 5 vectors [2013/11/07 14:24:57.462429, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) smb2_validate_sequence_number: clearing id 203 (position 203) from bitmap [2013/11/07 14:24:57.462511, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) smbd_smb2_request_dispatch: opcode[SMB2_OP_IOCTL] mid = 203 [2013/11/07 14:24:57.462610, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2013/11/07 14:24:57.462755, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) mid 203, CreditCharge: 1, NeededCharge: 1 [2013/11/07 14:24:57.462838, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl.c:394(smbd_smb2_ioctl_send) smbd_smb2_ioctl: ctl_code[0x0011c017] spoolss, fnum 3571729150 [2013/11/07 14:24:57.462926, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:59(smb2_ioctl_named_pipe) smbd_smb2_ioctl_send: np_write_send of size 44 [2013/11/07 14:24:57.463033, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 44 [2013/11/07 14:24:57.463116, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 44 [2013/11/07 14:24:57.463196, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 44 [2013/11/07 14:24:57.463303, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 [2013/11/07 14:24:57.463386, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 16 [2013/11/07 14:24:57.463487, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 28 [2013/11/07 14:24:57.463567, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 28 [2013/11/07 14:24:57.463672, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 0 [2013/11/07 14:24:57.463752, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 28 [2013/11/07 14:24:57.463831, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 28, incoming data = 28 [2013/11/07 14:24:57.463914, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) PDU is in Little Endian format! [2013/11/07 14:24:57.464005, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x002c (44) auth_length : 0x0000 (0) call_id : 0x00000015 (21) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x00000014 (20) context_id : 0x0000 (0) opnum : 0x001d (29) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=20 [0000] 00 00 00 00 0F 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.465064, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) Processing packet type 0 [2013/11/07 14:24:57.465147, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1472(dcesrv_auth_request) Checking request auth. [2013/11/07 14:24:57.465232, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(2016, 5001) : sec_ctx_stack_ndx = 1 [2013/11/07 14:24:57.465349, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (2016, 5001) - sec_ctx_stack_ndx = 1 [2013/11/07 14:24:57.465433, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (7): SID[ 0]: S-1-5-21-1094127309-486540266-3527182606-1118 SID[ 1]: S-1-5-21-1094127309-486540266-3527182606-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-32-545 SID[ 6]: S-1-5-32-554 Privileges (0x 800000): Privilege[ 0]: SeChangeNotifyPrivilege Rights (0x 400): Right[ 0]: SeRemoteInteractiveLogonRight [2013/11/07 14:24:57.465930, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 2016 Primary group is 5001 and contains 6 supplementary groups Group[ 0]: 5001 Group[ 1]: 5012 Group[ 2]: 5032 Group[ 3]: 5010 Group[ 4]: 5067 Group[ 5]: 5052 [2013/11/07 14:24:57.466272, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1324(api_pipe_request) Requested \spoolss rpc service [2013/11/07 14:24:57.466357, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1356(api_rpcTNP) api_rpcTNP: \spoolss op 0x1d - api_rpcTNP: rpc command: SPOOLSS_CLOSEPRINTER [2013/11/07 14:24:57.466443, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1390(api_rpcTNP) api_rpc_cmds[29].fn == 0xb766a170 [2013/11/07 14:24:57.466528, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) spoolss_ClosePrinter: struct spoolss_ClosePrinter in: struct spoolss_ClosePrinter handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000010f-0000-0000-7b52-a4947f2c0000 [2013/11/07 14:24:57.466810, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[1] [0000] 00 00 00 00 0F 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.466963, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[1] [0000] 00 00 00 00 0F 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.467113, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[1] [0000] 00 00 00 00 0F 01 00 00 00 00 00 00 7B 52 A4 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.467262, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:24:57.467347, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) spoolss_ClosePrinter: struct spoolss_ClosePrinter out: struct spoolss_ClosePrinter handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:24:57.467671, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1417(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2013/11/07 14:24:57.467764, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (2016, 5001) - sec_ctx_stack_ndx = 0 [2013/11/07 14:24:57.467848, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 28 smbd_smb2_request_pending_queue: req->current_idx = 1 req->in.vector[0].iov_len = 0 req->in.vector[1].iov_len = 0 req->in.vector[2].iov_len = 64 req->in.vector[3].iov_len = 56 req->in.vector[4].iov_len = 44 req->out.vector[0].iov_len = 4 req->out.vector[1].iov_len = 0 req->out.vector[2].iov_len = 64 req->out.vector[3].iov_len = 8 req->out.vector[4].iov_len = 0 [2013/11/07 14:24:57.468344, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:128(smbd_smb2_ioctl_pipe_write_done) smbd_smb2_ioctl_pipe_write_done: received 44 [2013/11/07 14:24:57.468486, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:149(smbd_smb2_ioctl_pipe_write_done) smbd_smb2_ioctl_pipe_write_done: issuing np_read_send of size 4136 [2013/11/07 14:24:57.468571, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) name: \spoolss len: 4136 [2013/11/07 14:24:57.468654, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:347(read_from_internal_pipe) read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 24. [2013/11/07 14:24:57.468748, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0030 (48) auth_length : 0x0000 (0) call_id : 0x00000015 (21) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00000018 (24) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=24 [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0010] 00 00 00 00 00 00 00 00 ........ [2013/11/07 14:24:57.469690, 3, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) free_pipe_context: destroying talloc pool of size 25 [2013/11/07 14:24:57.469792, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 48 bytes. There is no more data outstanding [2013/11/07 14:24:57.469872, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:178(smbd_smb2_ioctl_pipe_read_done) smbd_smb2_ioctl_pipe_read_done: np_read_recv nread = 48 is_data_outstanding = 0, status = NT_STATUS_OK [2013/11/07 14:24:57.469957, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl.c:291(smbd_smb2_request_ioctl_done) smbd_smb2_request_ioctl_done: smbd_smb2_ioctl_recv returned 48 status NT_STATUS_OK [2013/11/07 14:24:57.470039, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[48] dyn[yes:48] at ../source3/smbd/smb2_ioctl.c:358 [2013/11/07 14:24:57.470124, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/204/127 [2013/11/07 14:24:57.602361, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) smbd_smb2_request_incoming: idx[1] of 5 vectors [2013/11/07 14:24:57.602774, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) smb2_validate_sequence_number: clearing id 204 (position 204) from bitmap [2013/11/07 14:24:57.602998, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) smbd_smb2_request_dispatch: opcode[SMB2_OP_READ] mid = 204 [2013/11/07 14:24:57.603243, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2013/11/07 14:24:57.603465, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) mid 204, CreditCharge: 1, NeededCharge: 1 [2013/11/07 14:24:57.603672, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_read.c:400(smbd_smb2_read_send) smbd_smb2_read: spoolss - fnum 877850588 [2013/11/07 14:24:57.603896, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) name: \spoolss len: 3112 [2013/11/07 14:24:57.604112, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:326(read_from_internal_pipe) read_from_pipe: \spoolss: current_pdu_len = 4136, current_pdu_sent = 1024 returning 3112 bytes. [2013/11/07 14:24:57.604334, 3, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) free_pipe_context: destroying talloc pool of size 1258 smbd_smb2_request_pending_queue: req->current_idx = 1 req->in.vector[0].iov_len = 0 req->in.vector[1].iov_len = 0 req->in.vector[2].iov_len = 64 req->in.vector[3].iov_len = 48 req->in.vector[4].iov_len = 1 req->out.vector[0].iov_len = 4 req->out.vector[1].iov_len = 0 req->out.vector[2].iov_len = 64 req->out.vector[3].iov_len = 8 req->out.vector[4].iov_len = 0 [2013/11/07 14:24:57.605726, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 3112 bytes. There is more data outstanding [2013/11/07 14:24:57.605938, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[16] dyn[yes:3112] at ../source3/smbd/smb2_read.c:154 [2013/11/07 14:24:57.606154, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/205/127 [2013/11/07 14:24:57.606590, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) smbd_smb2_request_incoming: idx[1] of 5 vectors [2013/11/07 14:24:57.606806, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) smb2_validate_sequence_number: clearing id 205 (position 205) from bitmap [2013/11/07 14:24:57.607013, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) smbd_smb2_request_dispatch: opcode[SMB2_OP_CLOSE] mid = 205 [2013/11/07 14:24:57.607329, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2013/11/07 14:24:57.607569, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_close.c:185(smbd_smb2_close) smbd_smb2_close: spoolss - fnum 3571729150 [2013/11/07 14:24:57.607795, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap.c:187(dbwrap_check_lock_order) check lock order 1 for /var/run/samba/smbXsrv_open_global.tdb [2013/11/07 14:24:57.607998, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) lock order: 1:/var/run/samba/smbXsrv_open_global.tdb 2: 3: [2013/11/07 14:24:57.608255, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) Locking key C15EC750 [2013/11/07 14:24:57.608561, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap_tdb.c:143(db_tdb_fetch_locked_internal) Allocated locked data 0x0xb81e70e0 [2013/11/07 14:24:57.608798, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) Unlocking key C15EC750 [2013/11/07 14:24:57.609007, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor) release lock order 1 for /var/run/samba/smbXsrv_open_global.tdb [2013/11/07 14:24:57.609207, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) lock order: 1: 2: 3: [2013/11/07 14:24:57.609819, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/files.c:525(file_free) freed files structure 3571729150 (1 used) [2013/11/07 14:24:57.610093, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[60] dyn[no:0] at ../source3/smbd/smb2_close.c:139 [2013/11/07 14:24:57.610427, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/206/127 [2013/11/07 14:24:57.610834, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) smbd_smb2_request_incoming: idx[1] of 5 vectors [2013/11/07 14:24:57.611046, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) smb2_validate_sequence_number: clearing id 206 (position 206) from bitmap [2013/11/07 14:24:57.611254, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) smbd_smb2_request_dispatch: opcode[SMB2_OP_IOCTL] mid = 206 [2013/11/07 14:24:57.611488, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2013/11/07 14:24:57.611704, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) mid 206, CreditCharge: 1, NeededCharge: 1 [2013/11/07 14:24:57.611983, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl.c:394(smbd_smb2_ioctl_send) smbd_smb2_ioctl: ctl_code[0x0011c017] spoolss, fnum 877850588 [2013/11/07 14:24:57.612201, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:59(smb2_ioctl_named_pipe) smbd_smb2_ioctl_send: np_write_send of size 4156 [2013/11/07 14:24:57.612467, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 4156 [2013/11/07 14:24:57.612682, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 4156 [2013/11/07 14:24:57.612883, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 4156 [2013/11/07 14:24:57.613087, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) fill_rpc_header: data_to_copy = 4156, len_needed_to_complete_hdr = 16, receive_len = 0 [2013/11/07 14:24:57.613320, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 16 [2013/11/07 14:24:57.613521, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 4140 [2013/11/07 14:24:57.613761, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 4140 [2013/11/07 14:24:57.613977, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 0 [2013/11/07 14:24:57.614175, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 4140 [2013/11/07 14:24:57.614372, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 4140, incoming data = 4140 [2013/11/07 14:24:57.614582, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) PDU is in Little Endian format! [2013/11/07 14:24:57.614929, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x103c (4156) auth_length : 0x0000 (0) call_id : 0x00000004 (4) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x00001024 (4132) context_id : 0x0000 (0) opnum : 0x0008 (8) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=4132 [0000] 00 00 00 00 69 01 00 00 00 00 00 00 7B 52 A9 94 ....i... ....{R.. [0010] 7F 2C 00 00 02 00 00 00 00 00 02 00 00 10 00 00 .,...... ........ [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1020] 00 10 00 00 .... [2013/11/07 14:24:57.637582, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) Processing packet type 0 [2013/11/07 14:24:57.637674, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1472(dcesrv_auth_request) Checking request auth. [2013/11/07 14:24:57.637769, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(2016, 5001) : sec_ctx_stack_ndx = 1 [2013/11/07 14:24:57.637862, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (2016, 5001) - sec_ctx_stack_ndx = 1 [2013/11/07 14:24:57.637947, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (7): SID[ 0]: S-1-5-21-1094127309-486540266-3527182606-1118 SID[ 1]: S-1-5-21-1094127309-486540266-3527182606-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-32-545 SID[ 6]: S-1-5-32-554 Privileges (0x 800000): Privilege[ 0]: SeChangeNotifyPrivilege Rights (0x 400): Right[ 0]: SeRemoteInteractiveLogonRight [2013/11/07 14:24:57.638432, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 2016 Primary group is 5001 and contains 6 supplementary groups Group[ 0]: 5001 Group[ 1]: 5012 Group[ 2]: 5032 Group[ 3]: 5010 Group[ 4]: 5067 Group[ 5]: 5052 [2013/11/07 14:24:57.638797, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1324(api_pipe_request) Requested \spoolss rpc service [2013/11/07 14:24:57.638885, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1356(api_rpcTNP) api_rpcTNP: \spoolss op 0x8 - api_rpcTNP: rpc command: SPOOLSS_GETPRINTER [2013/11/07 14:24:57.638971, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1390(api_rpcTNP) api_rpc_cmds[8].fn == 0xb766e000 [2013/11/07 14:24:57.639062, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) spoolss_GetPrinter: struct spoolss_GetPrinter in: struct spoolss_GetPrinter handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000169-0000-0000-7b52-a9947f2c0000 level : 0x00000002 (2) buffer : * buffer : DATA_BLOB length=4096 [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ offered : 0x00001000 (4096) [2013/11/07 14:24:57.656818, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 69 01 00 00 00 00 00 00 7B 52 A9 94 ....i... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.656982, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 69 01 00 00 00 00 00 00 7B 52 A9 94 ....i... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.657141, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:489(get_printer_snum) short name:sprinter1 [2013/11/07 14:24:57.657359, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) Create pipe requested \winreg [2013/11/07 14:24:57.657454, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:221(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \winreg [2013/11/07 14:24:57.657538, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg [2013/11/07 14:24:57.657686, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) Created internal pipe \winreg [2013/11/07 14:24:57.657805, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:24:57.658316, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2013/11/07 14:24:57.658402, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(2016, 5001) : sec_ctx_stack_ndx = 2 [2013/11/07 14:24:57.658490, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:485(push_conn_ctx) push_conn_ctx(2620291195) : conn_ctx_stack_ndx = 0 [2013/11/07 14:24:57.658572, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/11/07 14:24:57.658669, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/11/07 14:24:57.658749, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/11/07 14:24:57.659000, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (2016, 5001) - sec_ctx_stack_ndx = 1 [2013/11/07 14:24:57.659088, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:866(regdb_open) regdb_open: registry db opened. refcount reset (1) [2013/11/07 14:24:57.659175, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2013/11/07 14:24:57.659257, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2013/11/07 14:24:57.659342, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:57.659422, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM] [2013/11/07 14:24:57.659551, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2013/11/07 14:24:57.659656, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:24:57.659745, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 72 01 00 00 00 00 00 00 7B 52 A9 94 ....r... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.659895, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000172-0000-0000-7b52-a9947f2c0000 result : WERR_OK [2013/11/07 14:24:57.660255, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000172-0000-0000-7b52-a9947f2c0000 keyname: struct winreg_String name_len : 0x008c (140) name_size : 0x008c (140) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:24:57.661359, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 72 01 00 00 00 00 00 00 7B 52 A9 94 ....r... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.661512, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2013/11/07 14:24:57.661594, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (1->2) [2013/11/07 14:24:57.661679, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2013/11/07 14:24:57.661759, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2013/11/07 14:24:57.661843, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:57.661923, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE] [2013/11/07 14:24:57.662036, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2013/11/07 14:24:57.662137, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2013/11/07 14:24:57.662220, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (2->3) [2013/11/07 14:24:57.662395, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:57.662478, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:57.662563, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:57.662643, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:57.662751, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:57.662853, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2013/11/07 14:24:57.662935, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (3->4) [2013/11/07 14:24:57.663019, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:57.663099, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:57.663199, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:57.663278, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:57.663380, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:57.663483, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2013/11/07 14:24:57.663565, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (4->5) [2013/11/07 14:24:57.663650, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:57.663729, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:57.663815, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:57.663894, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:57.664022, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2013/11/07 14:24:57.664105, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (5->6) [2013/11/07 14:24:57.664189, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:57.664270, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:57.664359, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:57.664474, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:57.664583, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2013/11/07 14:24:57.664665, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (6->7) [2013/11/07 14:24:57.664751, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:57.664832, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:57.664933, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:57.665013, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:57.665117, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:57.665220, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [sprinter1] [2013/11/07 14:24:57.665319, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (7->8) [2013/11/07 14:24:57.665405, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:57.665486, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:57.665574, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:57.665653, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:57.665779, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:57.665883, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:24:57.665969, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (8->7) [2013/11/07 14:24:57.666055, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (7->6) [2013/11/07 14:24:57.666139, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (6->5) [2013/11/07 14:24:57.666222, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (5->4) [2013/11/07 14:24:57.666305, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (4->3) [2013/11/07 14:24:57.666387, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (3->2) [2013/11/07 14:24:57.666472, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 73 01 00 00 00 00 00 00 7B 52 A9 94 ....s... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.666622, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000173-0000-0000-7b52-a9947f2c0000 result : WERR_OK [2013/11/07 14:24:57.666991, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey in: struct winreg_QueryInfoKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000173-0000-0000-7b52-a9947f2c0000 classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL [2013/11/07 14:24:57.667466, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 73 01 00 00 00 00 00 00 7B 52 A9 94 ....s... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.667623, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' (ops 0xb6d86bc0) [2013/11/07 14:24:57.667708, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:57.667828, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[0]: name[Attributes] len[4] [2013/11/07 14:24:57.667913, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[1]: name[Description] len[2] [2013/11/07 14:24:57.667997, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[2]: name[Datatype] len[8] [2013/11/07 14:24:57.668081, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[3]: name[Default Priority] len[4] [2013/11/07 14:24:57.668165, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[4]: name[Port] len[38] [2013/11/07 14:24:57.668250, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[5]: name[Name] len[20] [2013/11/07 14:24:57.668335, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[6]: name[Print Processor] len[18] [2013/11/07 14:24:57.668453, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[7]: name[Priority] len[4] [2013/11/07 14:24:57.668539, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[8]: name[Security] len[248] [2013/11/07 14:24:57.668624, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[9]: name[Share Name] len[20] [2013/11/07 14:24:57.668725, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[10]: name[StartTime] len[4] [2013/11/07 14:24:57.668811, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[11]: name[UntilTime] len[4] [2013/11/07 14:24:57.668896, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[12]: name[ChangeID] len[4] [2013/11/07 14:24:57.668983, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:57.669088, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey out: struct winreg_QueryInfoKey classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL num_subkeys : * num_subkeys : 0x00000003 (3) max_subkeylen : * max_subkeylen : 0x00000022 (34) max_classlen : * max_classlen : 0x00000000 (0) num_values : * num_values : 0x0000000d (13) max_valnamelen : * max_valnamelen : 0x00000022 (34) max_valbufsize : * max_valbufsize : 0x000000f8 (248) secdescsize : * secdescsize : 0x00000078 (120) last_changed_time : * last_changed_time : NTTIME(0) result : WERR_OK [2013/11/07 14:24:57.670115, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000173-0000-0000-7b52-a9947f2c0000 enum_index : 0x00000000 (0) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:57.671007, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 73 01 00 00 00 00 00 00 7B 52 A9 94 ....s... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.671159, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:57.671266, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0016 (22) size : 0x0024 (36) name : * name : 'Attributes' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x48 (72) [1] : 0x10 (16) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:57.672143, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000173-0000-0000-7b52-a9947f2c0000 enum_index : 0x00000001 (1) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:57.673043, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 73 01 00 00 00 00 00 00 7B 52 A9 94 ....s... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.673193, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:57.673301, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0018 (24) size : 0x0024 (36) name : * name : 'Description' type : * type : REG_SZ (1) value : * value: ARRAY(2) [0] : 0x00 (0) [1] : 0x00 (0) size : * size : 0x00000002 (2) length : * length : 0x00000002 (2) result : WERR_OK [2013/11/07 14:24:57.674170, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000173-0000-0000-7b52-a9947f2c0000 enum_index : 0x00000002 (2) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:57.675015, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 73 01 00 00 00 00 00 00 7B 52 A9 94 ....s... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.675167, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:57.675253, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Datatype' type : * type : REG_SZ (1) value : * value: ARRAY(8) [0] : 0x52 (82) [1] : 0x00 (0) [2] : 0x41 (65) [3] : 0x00 (0) [4] : 0x57 (87) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) size : * size : 0x00000008 (8) length : * length : 0x00000008 (8) result : WERR_OK [2013/11/07 14:24:57.676279, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000173-0000-0000-7b52-a9947f2c0000 enum_index : 0x00000003 (3) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:57.677175, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 73 01 00 00 00 00 00 00 7B 52 A9 94 ....s... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.677347, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:57.677435, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0022 (34) size : 0x0024 (36) name : * name : 'Default Priority' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:57.678305, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000173-0000-0000-7b52-a9947f2c0000 enum_index : 0x00000004 (4) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:57.679149, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 73 01 00 00 00 00 00 00 7B 52 A9 94 ....s... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.679313, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:57.679401, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x000a (10) size : 0x0024 (36) name : * name : 'Port' type : * type : REG_SZ (1) value : * value: ARRAY(38) [0] : 0x53 (83) [1] : 0x00 (0) [2] : 0x61 (97) [3] : 0x00 (0) [4] : 0x6d (109) [5] : 0x00 (0) [6] : 0x62 (98) [7] : 0x00 (0) [8] : 0x61 (97) [9] : 0x00 (0) [10] : 0x20 (32) [11] : 0x00 (0) [12] : 0x50 (80) [13] : 0x00 (0) [14] : 0x72 (114) [15] : 0x00 (0) [16] : 0x69 (105) [17] : 0x00 (0) [18] : 0x6e (110) [19] : 0x00 (0) [20] : 0x74 (116) [21] : 0x00 (0) [22] : 0x65 (101) [23] : 0x00 (0) [24] : 0x72 (114) [25] : 0x00 (0) [26] : 0x20 (32) [27] : 0x00 (0) [28] : 0x50 (80) [29] : 0x00 (0) [30] : 0x6f (111) [31] : 0x00 (0) [32] : 0x72 (114) [33] : 0x00 (0) [34] : 0x74 (116) [35] : 0x00 (0) [36] : 0x00 (0) [37] : 0x00 (0) size : * size : 0x00000026 (38) length : * length : 0x00000026 (38) result : WERR_OK [2013/11/07 14:24:57.681630, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000173-0000-0000-7b52-a9947f2c0000 enum_index : 0x00000005 (5) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:57.682488, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 73 01 00 00 00 00 00 00 7B 52 A9 94 ....s... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.682636, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:57.682724, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x000a (10) size : 0x0024 (36) name : * name : 'Name' type : * type : REG_SZ (1) value : * value: ARRAY(20) [0] : 0x73 (115) [1] : 0x00 (0) [2] : 0x70 (112) [3] : 0x00 (0) [4] : 0x72 (114) [5] : 0x00 (0) [6] : 0x69 (105) [7] : 0x00 (0) [8] : 0x6e (110) [9] : 0x00 (0) [10] : 0x74 (116) [11] : 0x00 (0) [12] : 0x65 (101) [13] : 0x00 (0) [14] : 0x72 (114) [15] : 0x00 (0) [16] : 0x31 (49) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) size : * size : 0x00000014 (20) length : * length : 0x00000014 (20) result : WERR_OK [2013/11/07 14:24:57.684194, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000173-0000-0000-7b52-a9947f2c0000 enum_index : 0x00000006 (6) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:57.685080, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 73 01 00 00 00 00 00 00 7B 52 A9 94 ....s... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.685228, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:57.685330, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0020 (32) size : 0x0024 (36) name : * name : 'Print Processor' type : * type : REG_SZ (1) value : * value: ARRAY(18) [0] : 0x77 (119) [1] : 0x00 (0) [2] : 0x69 (105) [3] : 0x00 (0) [4] : 0x6e (110) [5] : 0x00 (0) [6] : 0x70 (112) [7] : 0x00 (0) [8] : 0x72 (114) [9] : 0x00 (0) [10] : 0x69 (105) [11] : 0x00 (0) [12] : 0x6e (110) [13] : 0x00 (0) [14] : 0x74 (116) [15] : 0x00 (0) [16] : 0x00 (0) [17] : 0x00 (0) size : * size : 0x00000012 (18) length : * length : 0x00000012 (18) result : WERR_OK [2013/11/07 14:24:57.686733, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000173-0000-0000-7b52-a9947f2c0000 enum_index : 0x00000007 (7) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:57.687601, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 73 01 00 00 00 00 00 00 7B 52 A9 94 ....s... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.687749, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:57.687836, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Priority' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:57.688723, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000173-0000-0000-7b52-a9947f2c0000 enum_index : 0x00000008 (8) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:57.689590, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 73 01 00 00 00 00 00 00 7B 52 A9 94 ....s... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.689738, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:57.689824, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Security' type : * type : REG_BINARY (3) value : * value: ARRAY(248) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0xc4 (196) [55] : 0x00 (0) [56] : 0x07 (7) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x24 (36) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x05 (5) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x15 (21) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0xcd (205) [101] : 0x0e (14) [102] : 0x37 (55) [103] : 0x41 (65) [104] : 0xea (234) [105] : 0x03 (3) [106] : 0x00 (0) [107] : 0x1d (29) [108] : 0x0e (14) [109] : 0x89 (137) [110] : 0x3c (60) [111] : 0xd2 (210) [112] : 0x00 (0) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x02 (2) [118] : 0x24 (36) [119] : 0x00 (0) [120] : 0x0c (12) [121] : 0x00 (0) [122] : 0x0f (15) [123] : 0x10 (16) [124] : 0x01 (1) [125] : 0x05 (5) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x05 (5) [132] : 0x15 (21) [133] : 0x00 (0) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0xcd (205) [137] : 0x0e (14) [138] : 0x37 (55) [139] : 0x41 (65) [140] : 0xea (234) [141] : 0x03 (3) [142] : 0x00 (0) [143] : 0x1d (29) [144] : 0x0e (14) [145] : 0x89 (137) [146] : 0x3c (60) [147] : 0xd2 (210) [148] : 0x00 (0) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x09 (9) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x20 (32) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x02 (2) [178] : 0x18 (24) [179] : 0x00 (0) [180] : 0x0c (12) [181] : 0x00 (0) [182] : 0x0f (15) [183] : 0x10 (16) [184] : 0x01 (1) [185] : 0x02 (2) [186] : 0x00 (0) [187] : 0x00 (0) [188] : 0x00 (0) [189] : 0x00 (0) [190] : 0x00 (0) [191] : 0x05 (5) [192] : 0x20 (32) [193] : 0x00 (0) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x20 (32) [197] : 0x02 (2) [198] : 0x00 (0) [199] : 0x00 (0) [200] : 0x00 (0) [201] : 0x09 (9) [202] : 0x18 (24) [203] : 0x00 (0) [204] : 0x0c (12) [205] : 0x00 (0) [206] : 0x0f (15) [207] : 0x10 (16) [208] : 0x01 (1) [209] : 0x02 (2) [210] : 0x00 (0) [211] : 0x00 (0) [212] : 0x00 (0) [213] : 0x00 (0) [214] : 0x00 (0) [215] : 0x05 (5) [216] : 0x20 (32) [217] : 0x00 (0) [218] : 0x00 (0) [219] : 0x00 (0) [220] : 0x26 (38) [221] : 0x02 (2) [222] : 0x00 (0) [223] : 0x00 (0) [224] : 0x00 (0) [225] : 0x02 (2) [226] : 0x18 (24) [227] : 0x00 (0) [228] : 0x0c (12) [229] : 0x00 (0) [230] : 0x0f (15) [231] : 0x10 (16) [232] : 0x01 (1) [233] : 0x02 (2) [234] : 0x00 (0) [235] : 0x00 (0) [236] : 0x00 (0) [237] : 0x00 (0) [238] : 0x00 (0) [239] : 0x05 (5) [240] : 0x20 (32) [241] : 0x00 (0) [242] : 0x00 (0) [243] : 0x00 (0) [244] : 0x26 (38) [245] : 0x02 (2) [246] : 0x00 (0) [247] : 0x00 (0) size : * size : 0x000000f8 (248) length : * length : 0x000000f8 (248) result : WERR_OK [2013/11/07 14:24:57.700304, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000173-0000-0000-7b52-a9947f2c0000 enum_index : 0x00000009 (9) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:57.701193, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 73 01 00 00 00 00 00 00 7B 52 A9 94 ....s... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.701357, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:57.701444, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0016 (22) size : 0x0024 (36) name : * name : 'Share Name' type : * type : REG_SZ (1) value : * value: ARRAY(20) [0] : 0x73 (115) [1] : 0x00 (0) [2] : 0x70 (112) [3] : 0x00 (0) [4] : 0x72 (114) [5] : 0x00 (0) [6] : 0x69 (105) [7] : 0x00 (0) [8] : 0x6e (110) [9] : 0x00 (0) [10] : 0x74 (116) [11] : 0x00 (0) [12] : 0x65 (101) [13] : 0x00 (0) [14] : 0x72 (114) [15] : 0x00 (0) [16] : 0x31 (49) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) size : * size : 0x00000014 (20) length : * length : 0x00000014 (20) result : WERR_OK [2013/11/07 14:24:57.702920, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000173-0000-0000-7b52-a9947f2c0000 enum_index : 0x0000000a (10) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:57.703786, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 73 01 00 00 00 00 00 00 7B 52 A9 94 ....s... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.703934, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:57.704021, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0014 (20) size : 0x0024 (36) name : * name : 'StartTime' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:57.704910, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000173-0000-0000-7b52-a9947f2c0000 enum_index : 0x0000000b (11) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:57.705795, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 73 01 00 00 00 00 00 00 7B 52 A9 94 ....s... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.705944, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:57.706034, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0014 (20) size : 0x0024 (36) name : * name : 'UntilTime' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:57.706911, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000173-0000-0000-7b52-a9947f2c0000 enum_index : 0x0000000c (12) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:57.707759, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 73 01 00 00 00 00 00 00 7B 52 A9 94 ....s... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.707907, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:57.707993, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'ChangeID' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x33 (51) [1] : 0xac (172) [2] : 0x0e (14) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:57.708934, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000173-0000-0000-7b52-a9947f2c0000 value_name : * value_name: struct winreg_String name_len : 0x0020 (32) name_size : 0x0020 (32) name : * name : 'Default DevMode' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2013/11/07 14:24:57.709736, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 73 01 00 00 00 00 00 00 7B 52 A9 94 ....s... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.709887, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:57.709969, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2013/11/07 14:24:57.710058, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:316(_winreg_QueryValue) _winreg_QueryValue: reg_queryvalue failed with: WERR_BADFILE [2013/11/07 14:24:57.710139, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) result : WERR_BADFILE [2013/11/07 14:24:57.710597, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:24:57.711104, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2013/11/07 14:24:57.711187, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (2->3) [2013/11/07 14:24:57.711272, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2013/11/07 14:24:57.711352, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2013/11/07 14:24:57.711449, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:57.711529, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM] [2013/11/07 14:24:57.711649, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2013/11/07 14:24:57.711752, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:24:57.711840, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[3] [0000] 00 00 00 00 74 01 00 00 00 00 00 00 7B 52 A9 94 ....t... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.711992, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000174-0000-0000-7b52-a9947f2c0000 result : WERR_OK [2013/11/07 14:24:57.712335, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000174-0000-0000-7b52-a9947f2c0000 keyname: struct winreg_String name_len : 0x008c (140) name_size : 0x008c (140) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:24:57.713381, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 74 01 00 00 00 00 00 00 7B 52 A9 94 ....t... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.713534, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2013/11/07 14:24:57.713616, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (3->4) [2013/11/07 14:24:57.713699, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2013/11/07 14:24:57.713794, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2013/11/07 14:24:57.713878, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:57.713957, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE] [2013/11/07 14:24:57.714067, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2013/11/07 14:24:57.714168, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2013/11/07 14:24:57.714251, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (4->5) [2013/11/07 14:24:57.714334, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:57.714414, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:57.714498, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:57.714577, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:57.714682, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:57.714781, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2013/11/07 14:24:57.714864, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (5->6) [2013/11/07 14:24:57.714948, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:57.715085, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:57.715173, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:57.715252, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:57.715355, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:57.715457, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2013/11/07 14:24:57.715540, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (6->7) [2013/11/07 14:24:57.715637, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:57.715718, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:57.715803, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:57.715883, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:57.716006, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2013/11/07 14:24:57.716089, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (7->8) [2013/11/07 14:24:57.716173, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:57.716255, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:57.716343, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:57.716451, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:57.716560, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2013/11/07 14:24:57.716644, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (8->9) [2013/11/07 14:24:57.716729, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:57.716810, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:57.716898, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:57.716977, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:57.717082, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:57.717187, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [sprinter1] [2013/11/07 14:24:57.717269, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (9->10) [2013/11/07 14:24:57.717399, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:57.717482, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:57.717570, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:57.717649, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:57.717769, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:57.717874, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:24:57.717960, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (10->9) [2013/11/07 14:24:57.718044, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (9->8) [2013/11/07 14:24:57.718127, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (8->7) [2013/11/07 14:24:57.718218, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (7->6) [2013/11/07 14:24:57.718302, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (6->5) [2013/11/07 14:24:57.718385, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (5->4) [2013/11/07 14:24:57.718470, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[4] [0000] 00 00 00 00 75 01 00 00 00 00 00 00 7B 52 A9 94 ....u... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.718621, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000175-0000-0000-7b52-a9947f2c0000 result : WERR_OK [2013/11/07 14:24:57.718975, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000175-0000-0000-7b52-a9947f2c0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2013/11/07 14:24:57.719763, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 75 01 00 00 00 00 00 00 7B 52 A9 94 ....u... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.719913, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:57.719995, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2013/11/07 14:24:57.720077, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' (ops 0xb6d86bc0) [2013/11/07 14:24:57.720160, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:57.720268, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[0]: name[Attributes] len[4] [2013/11/07 14:24:57.720352, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[1]: name[Description] len[2] [2013/11/07 14:24:57.720467, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[2]: name[Datatype] len[8] [2013/11/07 14:24:57.720552, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[3]: name[Default Priority] len[4] [2013/11/07 14:24:57.720636, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[4]: name[Port] len[38] [2013/11/07 14:24:57.720721, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[5]: name[Name] len[20] [2013/11/07 14:24:57.720805, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[6]: name[Print Processor] len[18] [2013/11/07 14:24:57.720890, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[7]: name[Priority] len[4] [2013/11/07 14:24:57.720975, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[8]: name[Security] len[248] [2013/11/07 14:24:57.721060, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[9]: name[Share Name] len[20] [2013/11/07 14:24:57.721158, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[10]: name[StartTime] len[4] [2013/11/07 14:24:57.721244, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[11]: name[UntilTime] len[4] [2013/11/07 14:24:57.721351, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[12]: name[ChangeID] len[4] [2013/11/07 14:24:57.721438, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : NULL data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x00000000 (0) result : WERR_OK [2013/11/07 14:24:57.721891, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000175-0000-0000-7b52-a9947f2c0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_BINARY (3) data : * data: ARRAY(0) data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x00000000 (0) [2013/11/07 14:24:57.722702, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 75 01 00 00 00 00 00 00 7B 52 A9 94 ....u... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.722851, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:57.722933, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2013/11/07 14:24:57.723022, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : * data: ARRAY(248) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0xc4 (196) [55] : 0x00 (0) [56] : 0x07 (7) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x24 (36) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x05 (5) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x15 (21) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0xcd (205) [101] : 0x0e (14) [102] : 0x37 (55) [103] : 0x41 (65) [104] : 0xea (234) [105] : 0x03 (3) [106] : 0x00 (0) [107] : 0x1d (29) [108] : 0x0e (14) [109] : 0x89 (137) [110] : 0x3c (60) [111] : 0xd2 (210) [112] : 0x00 (0) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x02 (2) [118] : 0x24 (36) [119] : 0x00 (0) [120] : 0x0c (12) [121] : 0x00 (0) [122] : 0x0f (15) [123] : 0x10 (16) [124] : 0x01 (1) [125] : 0x05 (5) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x05 (5) [132] : 0x15 (21) [133] : 0x00 (0) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0xcd (205) [137] : 0x0e (14) [138] : 0x37 (55) [139] : 0x41 (65) [140] : 0xea (234) [141] : 0x03 (3) [142] : 0x00 (0) [143] : 0x1d (29) [144] : 0x0e (14) [145] : 0x89 (137) [146] : 0x3c (60) [147] : 0xd2 (210) [148] : 0x00 (0) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x09 (9) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x20 (32) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x02 (2) [178] : 0x18 (24) [179] : 0x00 (0) [180] : 0x0c (12) [181] : 0x00 (0) [182] : 0x0f (15) [183] : 0x10 (16) [184] : 0x01 (1) [185] : 0x02 (2) [186] : 0x00 (0) [187] : 0x00 (0) [188] : 0x00 (0) [189] : 0x00 (0) [190] : 0x00 (0) [191] : 0x05 (5) [192] : 0x20 (32) [193] : 0x00 (0) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x20 (32) [197] : 0x02 (2) [198] : 0x00 (0) [199] : 0x00 (0) [200] : 0x00 (0) [201] : 0x09 (9) [202] : 0x18 (24) [203] : 0x00 (0) [204] : 0x0c (12) [205] : 0x00 (0) [206] : 0x0f (15) [207] : 0x10 (16) [208] : 0x01 (1) [209] : 0x02 (2) [210] : 0x00 (0) [211] : 0x00 (0) [212] : 0x00 (0) [213] : 0x00 (0) [214] : 0x00 (0) [215] : 0x05 (5) [216] : 0x20 (32) [217] : 0x00 (0) [218] : 0x00 (0) [219] : 0x00 (0) [220] : 0x26 (38) [221] : 0x02 (2) [222] : 0x00 (0) [223] : 0x00 (0) [224] : 0x00 (0) [225] : 0x02 (2) [226] : 0x18 (24) [227] : 0x00 (0) [228] : 0x0c (12) [229] : 0x00 (0) [230] : 0x0f (15) [231] : 0x10 (16) [232] : 0x01 (1) [233] : 0x02 (2) [234] : 0x00 (0) [235] : 0x00 (0) [236] : 0x00 (0) [237] : 0x00 (0) [238] : 0x00 (0) [239] : 0x05 (5) [240] : 0x20 (32) [241] : 0x00 (0) [242] : 0x00 (0) [243] : 0x00 (0) [244] : 0x26 (38) [245] : 0x02 (2) [246] : 0x00 (0) [247] : 0x00 (0) data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x000000f8 (248) result : WERR_OK [2013/11/07 14:24:57.733430, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000175-0000-0000-7b52-a9947f2c0000 [2013/11/07 14:24:57.733721, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 75 01 00 00 00 00 00 00 7B 52 A9 94 ....u... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.733872, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 75 01 00 00 00 00 00 00 7B 52 A9 94 ....u... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.734020, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:24:57.734107, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (4->3) [2013/11/07 14:24:57.734191, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:24:57.734529, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000174-0000-0000-7b52-a9947f2c0000 [2013/11/07 14:24:57.734826, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 74 01 00 00 00 00 00 00 7B 52 A9 94 ....t... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.734979, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 74 01 00 00 00 00 00 00 7B 52 A9 94 ....t... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.735130, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:24:57.735213, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (3->2) [2013/11/07 14:24:57.735295, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:24:57.735636, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000173-0000-0000-7b52-a9947f2c0000 [2013/11/07 14:24:57.735918, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 73 01 00 00 00 00 00 00 7B 52 A9 94 ....s... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.736069, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 73 01 00 00 00 00 00 00 7B 52 A9 94 ....s... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.736219, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:24:57.736310, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (2->1) [2013/11/07 14:24:57.736475, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:24:57.736821, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000172-0000-0000-7b52-a9947f2c0000 [2013/11/07 14:24:57.737121, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 72 01 00 00 00 00 00 00 7B 52 A9 94 ....r... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.737272, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 72 01 00 00 00 00 00 00 7B 52 A9 94 ....r... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.737436, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:24:57.737521, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (1->0) [2013/11/07 14:24:57.737628, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:24:57.737969, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:416(close_policy_by_pipe) Deleted handle list for RPC connection \winreg [2013/11/07 14:24:57.738187, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) spoolss_GetPrinter: struct spoolss_GetPrinter out: struct spoolss_GetPrinter info : * info : union spoolss_PrinterInfo(case 2) info2: struct spoolss_PrinterInfo2 servername : * servername : '\\SLAVER' printername : * printername : '\\SLAVER\sprinter1' sharename : * sharename : 'sprinter1' portname : * portname : 'Samba Printer Port' drivername : * drivername : '' comment : * comment : '' location : * location : '' devmode : * devmode: struct spoolss_DeviceMode devicename : '\\SLAVER\sprinter1' specversion : DMSPEC_NT4_AND_ABOVE (1025) driverversion : 0x0400 (1024) size : 0x00dc (220) __driverextra_length : 0x0000 (0) fields : 0x00014713 (83731) 1: DEVMODE_ORIENTATION 1: DEVMODE_PAPERSIZE 0: DEVMODE_PAPERLENGTH 0: DEVMODE_PAPERWIDTH 1: DEVMODE_SCALE 0: DEVMODE_POSITION 0: DEVMODE_NUP 1: DEVMODE_COPIES 1: DEVMODE_DEFAULTSOURCE 1: DEVMODE_PRINTQUALITY 0: DEVMODE_COLOR 0: DEVMODE_DUPLEX 0: DEVMODE_YRESOLUTION 1: DEVMODE_TTOPTION 0: DEVMODE_COLLATE 1: DEVMODE_FORMNAME 0: DEVMODE_LOGPIXELS 0: DEVMODE_BITSPERPEL 0: DEVMODE_PELSWIDTH 0: DEVMODE_PELSHEIGHT 0: DEVMODE_DISPLAYFLAGS 0: DEVMODE_DISPLAYFREQUENCY 0: DEVMODE_ICMMETHOD 0: DEVMODE_ICMINTENT 0: DEVMODE_MEDIATYPE 0: DEVMODE_DITHERTYPE 0: DEVMODE_PANNINGWIDTH 0: DEVMODE_PANNINGHEIGHT orientation : DMORIENT_PORTRAIT (1) papersize : DMPAPER_LETTER (1) paperlength : 0x0000 (0) paperwidth : 0x0000 (0) scale : 0x0064 (100) copies : 0x0001 (1) defaultsource : DMBIN_FORMSOURCE (15) printquality : DMRES_HIGH (65532) color : DMRES_MONOCHROME (1) duplex : DMDUP_SIMPLEX (1) yresolution : 0x0000 (0) ttoption : DMTT_SUBDEV (3) collate : DMCOLLATE_FALSE (0) formname : 'Letter' logpixels : 0x0000 (0) bitsperpel : 0x00000000 (0) pelswidth : 0x00000000 (0) pelsheight : 0x00000000 (0) displayflags : UNKNOWN_ENUM_VALUE (0) displayfrequency : 0x00000000 (0) icmmethod : UNKNOWN_ENUM_VALUE (0) icmintent : UNKNOWN_ENUM_VALUE (0) mediatype : UNKNOWN_ENUM_VALUE (0) dithertype : UNKNOWN_ENUM_VALUE (0) reserved1 : 0x00000000 (0) reserved2 : 0x00000000 (0) panningwidth : 0x00000000 (0) panningheight : 0x00000000 (0) driverextra_data : DATA_BLOB length=0 sepfile : * sepfile : '' printprocessor : * printprocessor : 'winprint' datatype : * datatype : 'RAW' parameters : * parameters : '' secdesc : * secdesc: struct security_descriptor revision : SECURITY_DESCRIPTOR_REVISION_1 (1) type : 0x8004 (32772) 0: SEC_DESC_OWNER_DEFAULTED 0: SEC_DESC_GROUP_DEFAULTED 1: SEC_DESC_DACL_PRESENT 0: SEC_DESC_DACL_DEFAULTED 0: SEC_DESC_SACL_PRESENT 0: SEC_DESC_SACL_DEFAULTED 0: SEC_DESC_DACL_TRUSTED 0: SEC_DESC_SERVER_SECURITY 0: SEC_DESC_DACL_AUTO_INHERIT_REQ 0: SEC_DESC_SACL_AUTO_INHERIT_REQ 0: SEC_DESC_DACL_AUTO_INHERITED 0: SEC_DESC_SACL_AUTO_INHERITED 0: SEC_DESC_DACL_PROTECTED 0: SEC_DESC_SACL_PROTECTED 0: SEC_DESC_RM_CONTROL_VALID 1: SEC_DESC_SELF_RELATIVE owner_sid : * owner_sid : S-1-5-32-544 group_sid : * group_sid : S-1-5-32-544 sacl : NULL dacl : * dacl: struct security_acl revision : SECURITY_ACL_REVISION_NT4 (2) size : 0x00c4 (196) num_aces : 0x00000007 (7) aces: ARRAY(7) aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0014 (20) access_mask : 0x20020008 (537001992) object : union security_ace_object_ctr(case 0) trustee : S-1-1-0 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x09 (9) 1: SEC_ACE_FLAG_OBJECT_INHERIT 0: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 1: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0024 (36) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-21-1094127309-486540266-3527182606-512 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0024 (36) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-21-1094127309-486540266-3527182606-512 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x09 (9) 1: SEC_ACE_FLAG_OBJECT_INHERIT 0: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 1: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-544 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-544 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x09 (9) 1: SEC_ACE_FLAG_OBJECT_INHERIT 0: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 1: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-550 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-550 attributes : 0x00001048 (4168) 0: PRINTER_ATTRIBUTE_QUEUED 0: PRINTER_ATTRIBUTE_DIRECT 0: PRINTER_ATTRIBUTE_DEFAULT 1: PRINTER_ATTRIBUTE_SHARED 0: PRINTER_ATTRIBUTE_NETWORK 0: PRINTER_ATTRIBUTE_HIDDEN 1: PRINTER_ATTRIBUTE_LOCAL 0: PRINTER_ATTRIBUTE_ENABLE_DEVQ 0: PRINTER_ATTRIBUTE_KEEPPRINTEDJOBS 0: PRINTER_ATTRIBUTE_DO_COMPLETE_FIRST 0: PRINTER_ATTRIBUTE_WORK_OFFLINE 0: PRINTER_ATTRIBUTE_ENABLE_BIDI 1: PRINTER_ATTRIBUTE_RAW_ONLY 0: PRINTER_ATTRIBUTE_PUBLISHED 0: PRINTER_ATTRIBUTE_FAX 0: PRINTER_ATTRIBUTE_TS priority : 0x00000001 (1) defaultpriority : 0x00000001 (1) starttime : 0x00000000 (0) untiltime : 0x00000000 (0) status : 0x00000000 (0) 0: PRINTER_STATUS_PAUSED 0: PRINTER_STATUS_ERROR 0: PRINTER_STATUS_PENDING_DELETION 0: PRINTER_STATUS_PAPER_JAM 0: PRINTER_STATUS_PAPER_OUT 0: PRINTER_STATUS_MANUAL_FEED 0: PRINTER_STATUS_PAPER_PROBLEM 0: PRINTER_STATUS_OFFLINE 0: PRINTER_STATUS_IO_ACTIVE 0: PRINTER_STATUS_BUSY 0: PRINTER_STATUS_PRINTING 0: PRINTER_STATUS_OUTPUT_BIN_FULL 0: PRINTER_STATUS_NOT_AVAILABLE 0: PRINTER_STATUS_WAITING 0: PRINTER_STATUS_PROCESSING 0: PRINTER_STATUS_INITIALIZING 0: PRINTER_STATUS_WARMING_UP 0: PRINTER_STATUS_TONER_LOW 0: PRINTER_STATUS_NO_TONER 0: PRINTER_STATUS_PAGE_PUNT 0: PRINTER_STATUS_USER_INTERVENTION 0: PRINTER_STATUS_OUT_OF_MEMORY 0: PRINTER_STATUS_DOOR_OPEN 0: PRINTER_STATUS_SERVER_UNKNOWN 0: PRINTER_STATUS_POWER_SAVE cjobs : 0x00000000 (0) averageppm : 0x00000000 (0) needed : * needed : 0x000002f0 (752) result : WERR_OK [2013/11/07 14:24:57.749720, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1417(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2013/11/07 14:24:57.749833, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (2016, 5001) - sec_ctx_stack_ndx = 0 [2013/11/07 14:24:57.749929, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 4140 smbd_smb2_request_pending_queue: req->current_idx = 1 req->in.vector[0].iov_len = 0 req->in.vector[1].iov_len = 0 req->in.vector[2].iov_len = 64 req->in.vector[3].iov_len = 56 req->in.vector[4].iov_len = 4156 req->out.vector[0].iov_len = 4 req->out.vector[1].iov_len = 0 req->out.vector[2].iov_len = 64 req->out.vector[3].iov_len = 8 req->out.vector[4].iov_len = 0 [2013/11/07 14:24:57.750440, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:128(smbd_smb2_ioctl_pipe_write_done) smbd_smb2_ioctl_pipe_write_done: received 4156 [2013/11/07 14:24:57.750526, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:149(smbd_smb2_ioctl_pipe_write_done) smbd_smb2_ioctl_pipe_write_done: issuing np_read_send of size 4136 [2013/11/07 14:24:57.750612, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) name: \spoolss len: 4136 [2013/11/07 14:24:57.750696, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:347(read_from_internal_pipe) read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 4112. [2013/11/07 14:24:57.750794, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x1028 (4136) auth_length : 0x0000 (0) call_id : 0x00000004 (4) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00001010 (4112) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=4112 [0000] 04 00 02 00 00 10 00 00 EE 0F 00 00 C8 0F 00 00 ........ ........ [0010] B4 0F 00 00 8E 0F 00 00 8C 0F 00 00 8A 0F 00 00 ........ ........ [0020] 88 0F 00 00 8C 0E 00 00 86 0F 00 00 74 0F 00 00 ........ ....t... [0030] 6C 0F 00 00 6A 0F 00 00 94 0D 00 00 48 10 00 00 l...j... ....H... [0040] 01 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 01 00 04 80 ........ ........ [0DA0] D8 00 00 00 E8 00 00 00 00 00 00 00 14 00 00 00 ........ ........ [0DB0] 02 00 C4 00 07 00 00 00 00 02 14 00 08 00 02 20 ........ ....... [0DC0] 01 01 00 00 00 00 00 01 00 00 00 00 00 09 24 00 ........ ......$. [0DD0] 0C 00 0F 10 01 05 00 00 00 00 00 05 15 00 00 00 ........ ........ [0DE0] CD 0E 37 41 EA 03 00 1D 0E 89 3C D2 00 02 00 00 ..7A.... ..<..... [0DF0] 00 02 24 00 0C 00 0F 10 01 05 00 00 00 00 00 05 ..$..... ........ [0E00] 15 00 00 00 CD 0E 37 41 EA 03 00 1D 0E 89 3C D2 ......7A ......<. [0E10] 00 02 00 00 00 09 18 00 0C 00 0F 10 01 02 00 00 ........ ........ [0E20] 00 00 00 05 20 00 00 00 20 02 00 00 00 02 18 00 .... ... ....... [0E30] 0C 00 0F 10 01 02 00 00 00 00 00 05 20 00 00 00 ........ .... ... [0E40] 20 02 00 00 00 09 18 00 0C 00 0F 10 01 02 00 00 ....... ........ [0E50] 00 00 00 05 20 00 00 00 26 02 00 00 00 02 18 00 .... ... &....... [0E60] 0C 00 0F 10 01 02 00 00 00 00 00 05 20 00 00 00 ........ .... ... [0E70] 26 02 00 00 01 02 00 00 00 00 00 05 20 00 00 00 &....... .... ... [0E80] 20 02 00 00 01 02 00 00 00 00 00 05 20 00 00 00 ....... .... ... [0E90] 20 02 00 00 5C 00 5C 00 53 00 4C 00 41 00 56 00 ...\.\. S.L.A.V. [0EA0] 45 00 52 00 5C 00 73 00 70 00 72 00 69 00 6E 00 E.R.\.s. p.r.i.n. [0EB0] 74 00 65 00 72 00 31 00 00 00 00 00 00 00 00 00 t.e.r.1. ........ [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0ED0] 00 00 00 00 01 04 00 04 DC 00 00 00 13 47 01 00 ........ .....G.. [0EE0] 01 00 01 00 00 00 00 00 64 00 01 00 0F 00 FC FF ........ d....... [0EF0] 01 00 01 00 00 00 03 00 00 00 4C 00 65 00 74 00 ........ ..L.e.t. [0F00] 74 00 65 00 72 00 00 00 00 00 00 00 00 00 00 00 t.e.r... ........ [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F70] 00 00 00 00 52 00 41 00 57 00 00 00 77 00 69 00 ....R.A. W...w.i. [0F80] 6E 00 70 00 72 00 69 00 6E 00 74 00 00 00 00 00 n.p.r.i. n.t..... [0F90] 00 00 00 00 00 00 53 00 61 00 6D 00 62 00 61 00 ......S. a.m.b.a. [0FA0] 20 00 50 00 72 00 69 00 6E 00 74 00 65 00 72 00 .P.r.i. n.t.e.r. [0FB0] 20 00 50 00 6F 00 72 00 74 00 00 00 73 00 70 00 .P.o.r. t...s.p. [0FC0] 72 00 69 00 6E 00 74 00 65 00 72 00 31 00 00 00 r.i.n.t. e.r.1... [0FD0] 5C 00 5C 00 53 00 4C 00 41 00 56 00 45 00 52 00 \.\.S.L. A.V.E.R. [0FE0] 5C 00 73 00 70 00 72 00 69 00 6E 00 74 00 65 00 \.s.p.r. i.n.t.e. [0FF0] 72 00 31 00 00 00 5C 00 5C 00 53 00 4C 00 41 00 r.1...\. \.S.L.A. [1000] 56 00 45 00 52 00 00 00 F0 02 00 00 00 00 00 00 V.E.R... ........ [2013/11/07 14:24:57.769133, 3, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) free_pipe_context: destroying talloc pool of size 1258 [2013/11/07 14:24:57.769254, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 4136 bytes. There is no more data outstanding [2013/11/07 14:24:57.769352, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:178(smbd_smb2_ioctl_pipe_read_done) smbd_smb2_ioctl_pipe_read_done: np_read_recv nread = 4136 is_data_outstanding = 0, status = NT_STATUS_OK [2013/11/07 14:24:57.769443, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl.c:291(smbd_smb2_request_ioctl_done) smbd_smb2_request_ioctl_done: smbd_smb2_ioctl_recv returned 4136 status NT_STATUS_OK [2013/11/07 14:24:57.769527, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[48] dyn[yes:4136] at ../source3/smbd/smb2_ioctl.c:358 [2013/11/07 14:24:57.769615, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/207/127 [2013/11/07 14:24:57.769876, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) smbd_smb2_request_incoming: idx[1] of 5 vectors [2013/11/07 14:24:57.769968, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) smb2_validate_sequence_number: clearing id 207 (position 207) from bitmap [2013/11/07 14:24:57.770053, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) smbd_smb2_request_dispatch: opcode[SMB2_OP_CREATE] mid = 207 [2013/11/07 14:24:57.770158, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2013/11/07 14:24:57.770267, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_create.c:451(smbd_smb2_create_send) smbd_smb2_create: name[spoolss] [2013/11/07 14:24:57.770362, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap.c:187(dbwrap_check_lock_order) check lock order 1 for /var/run/samba/smbXsrv_open_global.tdb [2013/11/07 14:24:57.770443, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) lock order: 1:/var/run/samba/smbXsrv_open_global.tdb 2: 3: [2013/11/07 14:24:57.770531, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) Locking key 1F280C1F [2013/11/07 14:24:57.770625, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap_tdb.c:143(db_tdb_fetch_locked_internal) Allocated locked data 0x0xb80e8f90 [2013/11/07 14:24:57.770745, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smbXsrv_open.c:695(smbXsrv_open_global_store) [2013/11/07 14:24:57.770880, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smbXsrv_open.c:697(smbXsrv_open_global_store) smbXsrv_open_global_store: key '1F280C1F' stored [2013/11/07 14:24:57.770967, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) &global_blob: struct smbXsrv_open_globalB version : SMBXSRV_VERSION_0 (0) seqnum : 0x00000001 (1) info : union smbXsrv_open_globalU(case 0) info0 : * info0: struct smbXsrv_open_global0 db_rec : * server_id: struct server_id pid : 0x0000000000002c7f (11391) task_id : 0x00000000 (0) vnn : 0xffffffff (4294967295) unique_id : 0xf0a57ba60aba1420 (-1106342180374834144) open_global_id : 0x1f280c1f (522718239) open_persistent_id : 0x000000001f280c1f (522718239) open_volatile_id : 0x00000000e05ef21f (3764318751) open_owner : S-1-5-21-1094127309-486540266-3527182606-1118 open_time : Do Nov 7 14:24:58 2013 CET create_guid : 00000000-0000-0000-0000-000000000000 client_guid : 4a76dfb5-4795-11e3-be7a-5254003f141e app_instance_id : 00000000-0000-0000-0000-000000000000 disconnect_time : NTTIME(0) durable_timeout_msec : 0x00000000 (0) durable : 0x00 (0) backend_cookie : DATA_BLOB length=0 [2013/11/07 14:24:57.772044, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) Unlocking key 1F280C1F [2013/11/07 14:24:57.772131, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor) release lock order 1 for /var/run/samba/smbXsrv_open_global.tdb [2013/11/07 14:24:57.772212, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) lock order: 1: 2: 3: [2013/11/07 14:24:57.772296, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smbXsrv_open.c:862(smbXsrv_open_create) [2013/11/07 14:24:57.772341, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smbXsrv_open.c:870(smbXsrv_open_create) smbXsrv_open_create: global_id (0x1f280c1f) stored [2013/11/07 14:24:57.772455, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) &open_blob: struct smbXsrv_openB version : SMBXSRV_VERSION_0 (0) reserved : 0x00000000 (0) info : union smbXsrv_openU(case 0) info0 : * info0: struct smbXsrv_open table : * db_rec : NULL local_id : 0xe05ef21f (3764318751) global : * global: struct smbXsrv_open_global0 db_rec : NULL server_id: struct server_id pid : 0x0000000000002c7f (11391) task_id : 0x00000000 (0) vnn : 0xffffffff (4294967295) unique_id : 0xf0a57ba60aba1420 (-1106342180374834144) open_global_id : 0x1f280c1f (522718239) open_persistent_id : 0x000000001f280c1f (522718239) open_volatile_id : 0x00000000e05ef21f (3764318751) open_owner : S-1-5-21-1094127309-486540266-3527182606-1118 open_time : Do Nov 7 14:24:58 2013 CET create_guid : 00000000-0000-0000-0000-000000000000 client_guid : 4a76dfb5-4795-11e3-be7a-5254003f141e app_instance_id : 00000000-0000-0000-0000-000000000000 disconnect_time : NTTIME(0) durable_timeout_msec : 0x00000000 (0) durable : 0x00 (0) backend_cookie : DATA_BLOB length=0 status : NT_STATUS_OK idle_time : Do Nov 7 14:24:58 2013 CET compat : NULL [2013/11/07 14:24:57.774036, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/files.c:125(file_new) allocated file structure fnum 3764318751 (2 used) [2013/11/07 14:24:57.774132, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/files.c:713(file_name_hash) file_name_hash: /tmp/spoolss hash 0x7d4e46e5 [2013/11/07 14:24:57.774245, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) Create pipe requested \spoolss [2013/11/07 14:24:57.774336, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 13 for pipe \spoolss [2013/11/07 14:24:57.774494, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) Created internal pipe \spoolss [2013/11/07 14:24:57.774581, 8, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/dosmode.c:631(dos_mode) dos_mode: spoolss [2013/11/07 14:24:57.774682, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_create.c:1053(smbd_smb2_create_send) smbd_smb2_create_send: spoolss - fnum 3764318751 [2013/11/07 14:24:57.774790, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[88] dyn[yes:0] at ../source3/smbd/smb2_create.c:369 [2013/11/07 14:24:57.774876, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/208/127 [2013/11/07 14:24:57.775047, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) smbd_smb2_request_incoming: idx[1] of 5 vectors [2013/11/07 14:24:57.775133, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) smb2_validate_sequence_number: clearing id 208 (position 208) from bitmap [2013/11/07 14:24:57.775216, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) smbd_smb2_request_dispatch: opcode[SMB2_OP_IOCTL] mid = 208 [2013/11/07 14:24:57.775312, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2013/11/07 14:24:57.775400, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) mid 208, CreditCharge: 1, NeededCharge: 1 [2013/11/07 14:24:57.775484, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl.c:394(smbd_smb2_ioctl_send) smbd_smb2_ioctl: ctl_code[0x0011c017] spoolss, fnum 877850588 [2013/11/07 14:24:57.775587, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:59(smb2_ioctl_named_pipe) smbd_smb2_ioctl_send: np_write_send of size 64 [2013/11/07 14:24:57.775670, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 64 [2013/11/07 14:24:57.775752, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 64 [2013/11/07 14:24:57.775834, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 64 [2013/11/07 14:24:57.775916, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) fill_rpc_header: data_to_copy = 64, len_needed_to_complete_hdr = 16, receive_len = 0 [2013/11/07 14:24:57.775999, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 16 [2013/11/07 14:24:57.776079, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 48 [2013/11/07 14:24:57.776159, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 48 [2013/11/07 14:24:57.776242, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 0 [2013/11/07 14:24:57.776322, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 48 [2013/11/07 14:24:57.776435, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 48, incoming data = 48 [2013/11/07 14:24:57.776523, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) PDU is in Little Endian format! [2013/11/07 14:24:57.776612, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0040 (64) auth_length : 0x0000 (0) call_id : 0x00000005 (5) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x00000028 (40) context_id : 0x0000 (0) opnum : 0x0004 (4) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=40 [0000] 00 00 00 00 69 01 00 00 00 00 00 00 7B 52 A9 94 ....i... ....{R.. [0010] 7F 2C 00 00 00 00 00 00 FF FF FF FF 02 00 00 00 .,...... ........ [0020] 00 00 00 00 00 00 00 00 ........ [2013/11/07 14:24:57.777723, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) Processing packet type 0 [2013/11/07 14:24:57.777820, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1472(dcesrv_auth_request) Checking request auth. [2013/11/07 14:24:57.777905, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(2016, 5001) : sec_ctx_stack_ndx = 1 [2013/11/07 14:24:57.778039, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (2016, 5001) - sec_ctx_stack_ndx = 1 [2013/11/07 14:24:57.778123, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (7): SID[ 0]: S-1-5-21-1094127309-486540266-3527182606-1118 SID[ 1]: S-1-5-21-1094127309-486540266-3527182606-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-32-545 SID[ 6]: S-1-5-32-554 Privileges (0x 800000): Privilege[ 0]: SeChangeNotifyPrivilege Rights (0x 400): Right[ 0]: SeRemoteInteractiveLogonRight [2013/11/07 14:24:57.778606, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 2016 Primary group is 5001 and contains 6 supplementary groups Group[ 0]: 5001 Group[ 1]: 5012 Group[ 2]: 5032 Group[ 3]: 5010 Group[ 4]: 5067 Group[ 5]: 5052 [2013/11/07 14:24:57.778949, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1324(api_pipe_request) Requested \spoolss rpc service [2013/11/07 14:24:57.779035, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1356(api_rpcTNP) api_rpcTNP: \spoolss op 0x4 - api_rpcTNP: rpc command: SPOOLSS_ENUMJOBS [2013/11/07 14:24:57.779121, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1390(api_rpcTNP) api_rpc_cmds[4].fn == 0xb766eba0 [2013/11/07 14:24:57.779208, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) spoolss_EnumJobs: struct spoolss_EnumJobs in: struct spoolss_EnumJobs handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000169-0000-0000-7b52-a9947f2c0000 firstjob : 0x00000000 (0) numjobs : 0xffffffff (4294967295) level : 0x00000002 (2) buffer : NULL offered : 0x00000000 (0) [2013/11/07 14:24:57.779678, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:7299(_spoolss_EnumJobs) _spoolss_EnumJobs [2013/11/07 14:24:57.779760, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 69 01 00 00 00 00 00 00 7B 52 A9 94 ....i... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.779912, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:489(get_printer_snum) short name:sprinter1 [2013/11/07 14:24:57.780085, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) Create pipe requested \winreg [2013/11/07 14:24:57.780174, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:221(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \winreg [2013/11/07 14:24:57.780256, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg [2013/11/07 14:24:57.780468, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) Created internal pipe \winreg [2013/11/07 14:24:57.780581, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:24:57.781087, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2013/11/07 14:24:57.781172, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(2016, 5001) : sec_ctx_stack_ndx = 2 [2013/11/07 14:24:57.781259, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:485(push_conn_ctx) push_conn_ctx(2620291195) : conn_ctx_stack_ndx = 0 [2013/11/07 14:24:57.781377, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/11/07 14:24:57.781457, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/11/07 14:24:57.781536, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/11/07 14:24:57.781774, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (2016, 5001) - sec_ctx_stack_ndx = 1 [2013/11/07 14:24:57.781859, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:866(regdb_open) regdb_open: registry db opened. refcount reset (1) [2013/11/07 14:24:57.781945, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2013/11/07 14:24:57.782026, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2013/11/07 14:24:57.782110, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:57.782190, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM] [2013/11/07 14:24:57.782317, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2013/11/07 14:24:57.782421, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:24:57.782508, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 76 01 00 00 00 00 00 00 7B 52 A9 94 ....v... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.782661, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000176-0000-0000-7b52-a9947f2c0000 result : WERR_OK [2013/11/07 14:24:57.783034, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000176-0000-0000-7b52-a9947f2c0000 keyname: struct winreg_String name_len : 0x008c (140) name_size : 0x008c (140) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:24:57.784034, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 76 01 00 00 00 00 00 00 7B 52 A9 94 ....v... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.784189, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2013/11/07 14:24:57.784271, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (1->2) [2013/11/07 14:24:57.784355, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2013/11/07 14:24:57.784477, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2013/11/07 14:24:57.784562, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:57.784641, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE] [2013/11/07 14:24:57.784753, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2013/11/07 14:24:57.784854, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2013/11/07 14:24:57.784937, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (2->3) [2013/11/07 14:24:57.785021, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:57.785114, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:57.785198, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:57.785294, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:57.785402, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:57.785503, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2013/11/07 14:24:57.785585, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (3->4) [2013/11/07 14:24:57.785670, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:57.785749, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:57.785833, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:57.785912, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:57.786015, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:57.786115, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2013/11/07 14:24:57.786197, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (4->5) [2013/11/07 14:24:57.786282, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:57.786362, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:57.786447, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:57.786526, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:57.786649, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2013/11/07 14:24:57.786731, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (5->6) [2013/11/07 14:24:57.786816, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:57.786911, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:57.786998, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:57.787078, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:57.787186, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2013/11/07 14:24:57.787271, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (6->7) [2013/11/07 14:24:57.787357, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:57.787438, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:57.787526, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:57.787604, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:57.787710, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:57.787815, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [sprinter1] [2013/11/07 14:24:57.787897, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (7->8) [2013/11/07 14:24:57.787983, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:57.788064, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:57.788151, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:57.788230, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:57.788356, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:57.788497, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:24:57.788597, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (8->7) [2013/11/07 14:24:57.788681, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (7->6) [2013/11/07 14:24:57.788765, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (6->5) [2013/11/07 14:24:57.788847, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (5->4) [2013/11/07 14:24:57.788930, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (4->3) [2013/11/07 14:24:57.789013, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (3->2) [2013/11/07 14:24:57.789097, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 77 01 00 00 00 00 00 00 7B 52 A9 94 ....w... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.789247, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000177-0000-0000-7b52-a9947f2c0000 result : WERR_OK [2013/11/07 14:24:57.789632, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey in: struct winreg_QueryInfoKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000177-0000-0000-7b52-a9947f2c0000 classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL [2013/11/07 14:24:57.790105, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 77 01 00 00 00 00 00 00 7B 52 A9 94 ....w... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.790261, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' (ops 0xb6d86bc0) [2013/11/07 14:24:57.790345, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:57.790468, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[0]: name[Attributes] len[4] [2013/11/07 14:24:57.790554, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[1]: name[Description] len[2] [2013/11/07 14:24:57.790652, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[2]: name[Datatype] len[8] [2013/11/07 14:24:57.790736, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[3]: name[Default Priority] len[4] [2013/11/07 14:24:57.790820, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[4]: name[Port] len[38] [2013/11/07 14:24:57.790905, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[5]: name[Name] len[20] [2013/11/07 14:24:57.790989, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[6]: name[Print Processor] len[18] [2013/11/07 14:24:57.791074, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[7]: name[Priority] len[4] [2013/11/07 14:24:57.791158, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[8]: name[Security] len[248] [2013/11/07 14:24:57.791244, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[9]: name[Share Name] len[20] [2013/11/07 14:24:57.791329, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[10]: name[StartTime] len[4] [2013/11/07 14:24:57.791414, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[11]: name[UntilTime] len[4] [2013/11/07 14:24:57.791499, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[12]: name[ChangeID] len[4] [2013/11/07 14:24:57.791584, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:57.791690, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey out: struct winreg_QueryInfoKey classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL num_subkeys : * num_subkeys : 0x00000003 (3) max_subkeylen : * max_subkeylen : 0x00000022 (34) max_classlen : * max_classlen : 0x00000000 (0) num_values : * num_values : 0x0000000d (13) max_valnamelen : * max_valnamelen : 0x00000022 (34) max_valbufsize : * max_valbufsize : 0x000000f8 (248) secdescsize : * secdescsize : 0x00000078 (120) last_changed_time : * last_changed_time : NTTIME(0) result : WERR_OK [2013/11/07 14:24:57.792731, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000177-0000-0000-7b52-a9947f2c0000 enum_index : 0x00000000 (0) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:57.793595, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 77 01 00 00 00 00 00 00 7B 52 A9 94 ....w... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.793744, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:57.793833, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0016 (22) size : 0x0024 (36) name : * name : 'Attributes' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x48 (72) [1] : 0x10 (16) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:57.794705, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000177-0000-0000-7b52-a9947f2c0000 enum_index : 0x00000001 (1) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:57.795567, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 77 01 00 00 00 00 00 00 7B 52 A9 94 ....w... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.795718, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:57.795804, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0018 (24) size : 0x0024 (36) name : * name : 'Description' type : * type : REG_SZ (1) value : * value: ARRAY(2) [0] : 0x00 (0) [1] : 0x00 (0) size : * size : 0x00000002 (2) length : * length : 0x00000002 (2) result : WERR_OK [2013/11/07 14:24:57.796634, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000177-0000-0000-7b52-a9947f2c0000 enum_index : 0x00000002 (2) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:57.797513, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 77 01 00 00 00 00 00 00 7B 52 A9 94 ....w... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.797665, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:57.797752, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Datatype' type : * type : REG_SZ (1) value : * value: ARRAY(8) [0] : 0x52 (82) [1] : 0x00 (0) [2] : 0x41 (65) [3] : 0x00 (0) [4] : 0x57 (87) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) size : * size : 0x00000008 (8) length : * length : 0x00000008 (8) result : WERR_OK [2013/11/07 14:24:57.798801, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000177-0000-0000-7b52-a9947f2c0000 enum_index : 0x00000003 (3) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:57.799650, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 77 01 00 00 00 00 00 00 7B 52 A9 94 ....w... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.799800, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:57.799888, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0022 (34) size : 0x0024 (36) name : * name : 'Default Priority' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:57.800802, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000177-0000-0000-7b52-a9947f2c0000 enum_index : 0x00000004 (4) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:57.801686, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 77 01 00 00 00 00 00 00 7B 52 A9 94 ....w... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.801834, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:57.801925, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x000a (10) size : 0x0024 (36) name : * name : 'Port' type : * type : REG_SZ (1) value : * value: ARRAY(38) [0] : 0x53 (83) [1] : 0x00 (0) [2] : 0x61 (97) [3] : 0x00 (0) [4] : 0x6d (109) [5] : 0x00 (0) [6] : 0x62 (98) [7] : 0x00 (0) [8] : 0x61 (97) [9] : 0x00 (0) [10] : 0x20 (32) [11] : 0x00 (0) [12] : 0x50 (80) [13] : 0x00 (0) [14] : 0x72 (114) [15] : 0x00 (0) [16] : 0x69 (105) [17] : 0x00 (0) [18] : 0x6e (110) [19] : 0x00 (0) [20] : 0x74 (116) [21] : 0x00 (0) [22] : 0x65 (101) [23] : 0x00 (0) [24] : 0x72 (114) [25] : 0x00 (0) [26] : 0x20 (32) [27] : 0x00 (0) [28] : 0x50 (80) [29] : 0x00 (0) [30] : 0x6f (111) [31] : 0x00 (0) [32] : 0x72 (114) [33] : 0x00 (0) [34] : 0x74 (116) [35] : 0x00 (0) [36] : 0x00 (0) [37] : 0x00 (0) size : * size : 0x00000026 (38) length : * length : 0x00000026 (38) result : WERR_OK [2013/11/07 14:24:57.804134, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000177-0000-0000-7b52-a9947f2c0000 enum_index : 0x00000005 (5) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:57.805008, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 77 01 00 00 00 00 00 00 7B 52 A9 94 ....w... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.805156, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:57.805243, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x000a (10) size : 0x0024 (36) name : * name : 'Name' type : * type : REG_SZ (1) value : * value: ARRAY(20) [0] : 0x73 (115) [1] : 0x00 (0) [2] : 0x70 (112) [3] : 0x00 (0) [4] : 0x72 (114) [5] : 0x00 (0) [6] : 0x69 (105) [7] : 0x00 (0) [8] : 0x6e (110) [9] : 0x00 (0) [10] : 0x74 (116) [11] : 0x00 (0) [12] : 0x65 (101) [13] : 0x00 (0) [14] : 0x72 (114) [15] : 0x00 (0) [16] : 0x31 (49) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) size : * size : 0x00000014 (20) length : * length : 0x00000014 (20) result : WERR_OK [2013/11/07 14:24:57.806777, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000177-0000-0000-7b52-a9947f2c0000 enum_index : 0x00000006 (6) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:57.807630, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 77 01 00 00 00 00 00 00 7B 52 A9 94 ....w... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.807779, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:57.807865, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0020 (32) size : 0x0024 (36) name : * name : 'Print Processor' type : * type : REG_SZ (1) value : * value: ARRAY(18) [0] : 0x77 (119) [1] : 0x00 (0) [2] : 0x69 (105) [3] : 0x00 (0) [4] : 0x6e (110) [5] : 0x00 (0) [6] : 0x70 (112) [7] : 0x00 (0) [8] : 0x72 (114) [9] : 0x00 (0) [10] : 0x69 (105) [11] : 0x00 (0) [12] : 0x6e (110) [13] : 0x00 (0) [14] : 0x74 (116) [15] : 0x00 (0) [16] : 0x00 (0) [17] : 0x00 (0) size : * size : 0x00000012 (18) length : * length : 0x00000012 (18) result : WERR_OK [2013/11/07 14:24:57.809331, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000177-0000-0000-7b52-a9947f2c0000 enum_index : 0x00000007 (7) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:57.810182, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 77 01 00 00 00 00 00 00 7B 52 A9 94 ....w... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.810334, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:57.810421, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Priority' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:57.811298, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000177-0000-0000-7b52-a9947f2c0000 enum_index : 0x00000008 (8) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:57.812167, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 77 01 00 00 00 00 00 00 7B 52 A9 94 ....w... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.812316, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:57.812428, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Security' type : * type : REG_BINARY (3) value : * value: ARRAY(248) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0xc4 (196) [55] : 0x00 (0) [56] : 0x07 (7) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x24 (36) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x05 (5) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x15 (21) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0xcd (205) [101] : 0x0e (14) [102] : 0x37 (55) [103] : 0x41 (65) [104] : 0xea (234) [105] : 0x03 (3) [106] : 0x00 (0) [107] : 0x1d (29) [108] : 0x0e (14) [109] : 0x89 (137) [110] : 0x3c (60) [111] : 0xd2 (210) [112] : 0x00 (0) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x02 (2) [118] : 0x24 (36) [119] : 0x00 (0) [120] : 0x0c (12) [121] : 0x00 (0) [122] : 0x0f (15) [123] : 0x10 (16) [124] : 0x01 (1) [125] : 0x05 (5) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x05 (5) [132] : 0x15 (21) [133] : 0x00 (0) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0xcd (205) [137] : 0x0e (14) [138] : 0x37 (55) [139] : 0x41 (65) [140] : 0xea (234) [141] : 0x03 (3) [142] : 0x00 (0) [143] : 0x1d (29) [144] : 0x0e (14) [145] : 0x89 (137) [146] : 0x3c (60) [147] : 0xd2 (210) [148] : 0x00 (0) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x09 (9) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x20 (32) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x02 (2) [178] : 0x18 (24) [179] : 0x00 (0) [180] : 0x0c (12) [181] : 0x00 (0) [182] : 0x0f (15) [183] : 0x10 (16) [184] : 0x01 (1) [185] : 0x02 (2) [186] : 0x00 (0) [187] : 0x00 (0) [188] : 0x00 (0) [189] : 0x00 (0) [190] : 0x00 (0) [191] : 0x05 (5) [192] : 0x20 (32) [193] : 0x00 (0) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x20 (32) [197] : 0x02 (2) [198] : 0x00 (0) [199] : 0x00 (0) [200] : 0x00 (0) [201] : 0x09 (9) [202] : 0x18 (24) [203] : 0x00 (0) [204] : 0x0c (12) [205] : 0x00 (0) [206] : 0x0f (15) [207] : 0x10 (16) [208] : 0x01 (1) [209] : 0x02 (2) [210] : 0x00 (0) [211] : 0x00 (0) [212] : 0x00 (0) [213] : 0x00 (0) [214] : 0x00 (0) [215] : 0x05 (5) [216] : 0x20 (32) [217] : 0x00 (0) [218] : 0x00 (0) [219] : 0x00 (0) [220] : 0x26 (38) [221] : 0x02 (2) [222] : 0x00 (0) [223] : 0x00 (0) [224] : 0x00 (0) [225] : 0x02 (2) [226] : 0x18 (24) [227] : 0x00 (0) [228] : 0x0c (12) [229] : 0x00 (0) [230] : 0x0f (15) [231] : 0x10 (16) [232] : 0x01 (1) [233] : 0x02 (2) [234] : 0x00 (0) [235] : 0x00 (0) [236] : 0x00 (0) [237] : 0x00 (0) [238] : 0x00 (0) [239] : 0x05 (5) [240] : 0x20 (32) [241] : 0x00 (0) [242] : 0x00 (0) [243] : 0x00 (0) [244] : 0x26 (38) [245] : 0x02 (2) [246] : 0x00 (0) [247] : 0x00 (0) size : * size : 0x000000f8 (248) length : * length : 0x000000f8 (248) result : WERR_OK [2013/11/07 14:24:57.823022, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000177-0000-0000-7b52-a9947f2c0000 enum_index : 0x00000009 (9) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:57.823880, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 77 01 00 00 00 00 00 00 7B 52 A9 94 ....w... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.824030, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:57.824181, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0016 (22) size : 0x0024 (36) name : * name : 'Share Name' type : * type : REG_SZ (1) value : * value: ARRAY(20) [0] : 0x73 (115) [1] : 0x00 (0) [2] : 0x70 (112) [3] : 0x00 (0) [4] : 0x72 (114) [5] : 0x00 (0) [6] : 0x69 (105) [7] : 0x00 (0) [8] : 0x6e (110) [9] : 0x00 (0) [10] : 0x74 (116) [11] : 0x00 (0) [12] : 0x65 (101) [13] : 0x00 (0) [14] : 0x72 (114) [15] : 0x00 (0) [16] : 0x31 (49) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) size : * size : 0x00000014 (20) length : * length : 0x00000014 (20) result : WERR_OK [2013/11/07 14:24:57.825763, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000177-0000-0000-7b52-a9947f2c0000 enum_index : 0x0000000a (10) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:57.826621, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 77 01 00 00 00 00 00 00 7B 52 A9 94 ....w... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.826770, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:57.826857, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0014 (20) size : 0x0024 (36) name : * name : 'StartTime' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:57.827733, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000177-0000-0000-7b52-a9947f2c0000 enum_index : 0x0000000b (11) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:57.828644, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 77 01 00 00 00 00 00 00 7B 52 A9 94 ....w... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.828793, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:57.828880, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0014 (20) size : 0x0024 (36) name : * name : 'UntilTime' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:57.829778, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000177-0000-0000-7b52-a9947f2c0000 enum_index : 0x0000000c (12) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:57.830628, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 77 01 00 00 00 00 00 00 7B 52 A9 94 ....w... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.830790, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:57.830877, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'ChangeID' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x33 (51) [1] : 0xac (172) [2] : 0x0e (14) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:57.831793, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000177-0000-0000-7b52-a9947f2c0000 value_name : * value_name: struct winreg_String name_len : 0x0020 (32) name_size : 0x0020 (32) name : * name : 'Default DevMode' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2013/11/07 14:24:57.832596, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 77 01 00 00 00 00 00 00 7B 52 A9 94 ....w... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.832885, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:57.832968, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2013/11/07 14:24:57.833058, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:316(_winreg_QueryValue) _winreg_QueryValue: reg_queryvalue failed with: WERR_BADFILE [2013/11/07 14:24:57.833140, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) result : WERR_BADFILE [2013/11/07 14:24:57.833641, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:24:57.834150, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2013/11/07 14:24:57.834233, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (2->3) [2013/11/07 14:24:57.834318, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2013/11/07 14:24:57.834399, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2013/11/07 14:24:57.834482, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:57.834561, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM] [2013/11/07 14:24:57.834683, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2013/11/07 14:24:57.834786, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:24:57.834874, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[3] [0000] 00 00 00 00 78 01 00 00 00 00 00 00 7B 52 A9 94 ....x... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.835026, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000178-0000-0000-7b52-a9947f2c0000 result : WERR_OK [2013/11/07 14:24:57.835374, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000178-0000-0000-7b52-a9947f2c0000 keyname: struct winreg_String name_len : 0x008c (140) name_size : 0x008c (140) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:24:57.836421, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 78 01 00 00 00 00 00 00 7B 52 A9 94 ....x... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.836581, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2013/11/07 14:24:57.836663, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (3->4) [2013/11/07 14:24:57.836747, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2013/11/07 14:24:57.836826, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2013/11/07 14:24:57.836910, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:57.836989, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE] [2013/11/07 14:24:57.837100, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2013/11/07 14:24:57.837201, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2013/11/07 14:24:57.837307, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (4->5) [2013/11/07 14:24:57.837394, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:57.837474, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:57.837557, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:57.837637, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:57.837747, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:57.837847, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2013/11/07 14:24:57.837944, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (5->6) [2013/11/07 14:24:57.838029, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:57.838109, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:57.838194, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:57.838273, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:57.838375, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:57.838476, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2013/11/07 14:24:57.838558, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (6->7) [2013/11/07 14:24:57.838643, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:57.838723, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:57.838808, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:57.838888, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:57.839010, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2013/11/07 14:24:57.839093, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (7->8) [2013/11/07 14:24:57.839178, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:57.839259, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:57.839347, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:57.839426, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:57.839534, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2013/11/07 14:24:57.839616, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (8->9) [2013/11/07 14:24:57.839718, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:57.839799, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:57.839887, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:57.839966, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:57.840071, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:57.840174, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [sprinter1] [2013/11/07 14:24:57.840256, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (9->10) [2013/11/07 14:24:57.840342, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:57.840452, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:57.840543, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:57.840623, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:57.840737, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:57.840841, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:24:57.840927, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (10->9) [2013/11/07 14:24:57.841011, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (9->8) [2013/11/07 14:24:57.841095, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (8->7) [2013/11/07 14:24:57.841178, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (7->6) [2013/11/07 14:24:57.841261, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (6->5) [2013/11/07 14:24:57.841368, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (5->4) [2013/11/07 14:24:57.841454, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[4] [0000] 00 00 00 00 79 01 00 00 00 00 00 00 7B 52 A9 94 ....y... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.841603, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000179-0000-0000-7b52-a9947f2c0000 result : WERR_OK [2013/11/07 14:24:57.841956, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000179-0000-0000-7b52-a9947f2c0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2013/11/07 14:24:57.842731, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 79 01 00 00 00 00 00 00 7B 52 A9 94 ....y... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.842880, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:57.842962, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2013/11/07 14:24:57.843045, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' (ops 0xb6d86bc0) [2013/11/07 14:24:57.843129, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:57.843235, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[0]: name[Attributes] len[4] [2013/11/07 14:24:57.843320, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[1]: name[Description] len[2] [2013/11/07 14:24:57.843404, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[2]: name[Datatype] len[8] [2013/11/07 14:24:57.843503, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[3]: name[Default Priority] len[4] [2013/11/07 14:24:57.843587, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[4]: name[Port] len[38] [2013/11/07 14:24:57.843672, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[5]: name[Name] len[20] [2013/11/07 14:24:57.843756, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[6]: name[Print Processor] len[18] [2013/11/07 14:24:57.843841, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[7]: name[Priority] len[4] [2013/11/07 14:24:57.843927, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[8]: name[Security] len[248] [2013/11/07 14:24:57.844011, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[9]: name[Share Name] len[20] [2013/11/07 14:24:57.844096, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[10]: name[StartTime] len[4] [2013/11/07 14:24:57.844182, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[11]: name[UntilTime] len[4] [2013/11/07 14:24:57.844267, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[12]: name[ChangeID] len[4] [2013/11/07 14:24:57.844354, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : NULL data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x00000000 (0) result : WERR_OK [2013/11/07 14:24:57.844838, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000179-0000-0000-7b52-a9947f2c0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_BINARY (3) data : * data: ARRAY(0) data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x00000000 (0) [2013/11/07 14:24:57.845675, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 79 01 00 00 00 00 00 00 7B 52 A9 94 ....y... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.845825, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:57.845907, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2013/11/07 14:24:57.845995, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : * data: ARRAY(248) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0xc4 (196) [55] : 0x00 (0) [56] : 0x07 (7) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x24 (36) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x05 (5) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x15 (21) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0xcd (205) [101] : 0x0e (14) [102] : 0x37 (55) [103] : 0x41 (65) [104] : 0xea (234) [105] : 0x03 (3) [106] : 0x00 (0) [107] : 0x1d (29) [108] : 0x0e (14) [109] : 0x89 (137) [110] : 0x3c (60) [111] : 0xd2 (210) [112] : 0x00 (0) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x02 (2) [118] : 0x24 (36) [119] : 0x00 (0) [120] : 0x0c (12) [121] : 0x00 (0) [122] : 0x0f (15) [123] : 0x10 (16) [124] : 0x01 (1) [125] : 0x05 (5) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x05 (5) [132] : 0x15 (21) [133] : 0x00 (0) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0xcd (205) [137] : 0x0e (14) [138] : 0x37 (55) [139] : 0x41 (65) [140] : 0xea (234) [141] : 0x03 (3) [142] : 0x00 (0) [143] : 0x1d (29) [144] : 0x0e (14) [145] : 0x89 (137) [146] : 0x3c (60) [147] : 0xd2 (210) [148] : 0x00 (0) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x09 (9) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x20 (32) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x02 (2) [178] : 0x18 (24) [179] : 0x00 (0) [180] : 0x0c (12) [181] : 0x00 (0) [182] : 0x0f (15) [183] : 0x10 (16) [184] : 0x01 (1) [185] : 0x02 (2) [186] : 0x00 (0) [187] : 0x00 (0) [188] : 0x00 (0) [189] : 0x00 (0) [190] : 0x00 (0) [191] : 0x05 (5) [192] : 0x20 (32) [193] : 0x00 (0) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x20 (32) [197] : 0x02 (2) [198] : 0x00 (0) [199] : 0x00 (0) [200] : 0x00 (0) [201] : 0x09 (9) [202] : 0x18 (24) [203] : 0x00 (0) [204] : 0x0c (12) [205] : 0x00 (0) [206] : 0x0f (15) [207] : 0x10 (16) [208] : 0x01 (1) [209] : 0x02 (2) [210] : 0x00 (0) [211] : 0x00 (0) [212] : 0x00 (0) [213] : 0x00 (0) [214] : 0x00 (0) [215] : 0x05 (5) [216] : 0x20 (32) [217] : 0x00 (0) [218] : 0x00 (0) [219] : 0x00 (0) [220] : 0x26 (38) [221] : 0x02 (2) [222] : 0x00 (0) [223] : 0x00 (0) [224] : 0x00 (0) [225] : 0x02 (2) [226] : 0x18 (24) [227] : 0x00 (0) [228] : 0x0c (12) [229] : 0x00 (0) [230] : 0x0f (15) [231] : 0x10 (16) [232] : 0x01 (1) [233] : 0x02 (2) [234] : 0x00 (0) [235] : 0x00 (0) [236] : 0x00 (0) [237] : 0x00 (0) [238] : 0x00 (0) [239] : 0x05 (5) [240] : 0x20 (32) [241] : 0x00 (0) [242] : 0x00 (0) [243] : 0x00 (0) [244] : 0x26 (38) [245] : 0x02 (2) [246] : 0x00 (0) [247] : 0x00 (0) data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x000000f8 (248) result : WERR_OK [2013/11/07 14:24:57.856254, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000179-0000-0000-7b52-a9947f2c0000 [2013/11/07 14:24:57.856582, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 79 01 00 00 00 00 00 00 7B 52 A9 94 ....y... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.856733, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 79 01 00 00 00 00 00 00 7B 52 A9 94 ....y... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.856882, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:24:57.856969, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (4->3) [2013/11/07 14:24:57.857052, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:24:57.857404, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000178-0000-0000-7b52-a9947f2c0000 [2013/11/07 14:24:57.857685, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 78 01 00 00 00 00 00 00 7B 52 A9 94 ....x... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.857834, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 78 01 00 00 00 00 00 00 7B 52 A9 94 ....x... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.857981, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:24:57.858064, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (3->2) [2013/11/07 14:24:57.858146, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:24:57.858485, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000177-0000-0000-7b52-a9947f2c0000 [2013/11/07 14:24:57.858766, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 77 01 00 00 00 00 00 00 7B 52 A9 94 ....w... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.858930, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 77 01 00 00 00 00 00 00 7B 52 A9 94 ....w... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.859077, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:24:57.859166, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (2->1) [2013/11/07 14:24:57.859249, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:24:57.859585, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000176-0000-0000-7b52-a9947f2c0000 [2013/11/07 14:24:57.859865, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 76 01 00 00 00 00 00 00 7B 52 A9 94 ....v... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.860017, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 76 01 00 00 00 00 00 00 7B 52 A9 94 ....v... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.860168, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:24:57.860251, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (1->0) [2013/11/07 14:24:57.860359, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:24:57.860759, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:416(close_policy_by_pipe) Deleted handle list for RPC connection \winreg [2013/11/07 14:24:57.860898, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/printing/printing.c:3087(get_stored_queue_info) get_stored_queue_info: qcount = 0, extra_count = 0 count:[0], status:[0], [] [2013/11/07 14:24:57.861023, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) spoolss_EnumJobs: struct spoolss_EnumJobs out: struct spoolss_EnumJobs count : * count : 0x00000000 (0) info : * info : NULL needed : * needed : 0x00000000 (0) result : WERR_OK [2013/11/07 14:24:57.861473, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1417(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2013/11/07 14:24:57.861583, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (2016, 5001) - sec_ctx_stack_ndx = 0 [2013/11/07 14:24:57.861671, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 48 smbd_smb2_request_pending_queue: req->current_idx = 1 req->in.vector[0].iov_len = 0 req->in.vector[1].iov_len = 0 req->in.vector[2].iov_len = 64 req->in.vector[3].iov_len = 56 req->in.vector[4].iov_len = 64 req->out.vector[0].iov_len = 4 req->out.vector[1].iov_len = 0 req->out.vector[2].iov_len = 64 req->out.vector[3].iov_len = 8 req->out.vector[4].iov_len = 0 [2013/11/07 14:24:57.862167, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:128(smbd_smb2_ioctl_pipe_write_done) smbd_smb2_ioctl_pipe_write_done: received 64 [2013/11/07 14:24:57.862251, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:149(smbd_smb2_ioctl_pipe_write_done) smbd_smb2_ioctl_pipe_write_done: issuing np_read_send of size 4136 [2013/11/07 14:24:57.862336, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) name: \spoolss len: 4136 [2013/11/07 14:24:57.862420, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:347(read_from_internal_pipe) read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 16. [2013/11/07 14:24:57.862515, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0028 (40) auth_length : 0x0000 (0) call_id : 0x00000005 (5) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00000010 (16) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=16 [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [2013/11/07 14:24:57.863384, 3, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) free_pipe_context: destroying talloc pool of size 25 [2013/11/07 14:24:57.863475, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 40 bytes. There is no more data outstanding [2013/11/07 14:24:57.863557, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:178(smbd_smb2_ioctl_pipe_read_done) smbd_smb2_ioctl_pipe_read_done: np_read_recv nread = 40 is_data_outstanding = 0, status = NT_STATUS_OK [2013/11/07 14:24:57.863659, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl.c:291(smbd_smb2_request_ioctl_done) smbd_smb2_request_ioctl_done: smbd_smb2_ioctl_recv returned 40 status NT_STATUS_OK [2013/11/07 14:24:57.863743, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[48] dyn[yes:40] at ../source3/smbd/smb2_ioctl.c:358 [2013/11/07 14:24:57.863830, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/209/127 [2013/11/07 14:24:57.864058, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) smbd_smb2_request_incoming: idx[1] of 5 vectors [2013/11/07 14:24:57.864147, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) smb2_validate_sequence_number: clearing id 209 (position 209) from bitmap [2013/11/07 14:24:57.864232, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) smbd_smb2_request_dispatch: opcode[SMB2_OP_CREATE] mid = 209 [2013/11/07 14:24:57.864348, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2013/11/07 14:24:57.864491, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_create.c:451(smbd_smb2_create_send) smbd_smb2_create: name[spoolss] [2013/11/07 14:24:57.864587, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap.c:187(dbwrap_check_lock_order) check lock order 1 for /var/run/samba/smbXsrv_open_global.tdb [2013/11/07 14:24:57.864669, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) lock order: 1:/var/run/samba/smbXsrv_open_global.tdb 2: 3: [2013/11/07 14:24:57.864756, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) Locking key 3C672C94 [2013/11/07 14:24:57.864846, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap_tdb.c:143(db_tdb_fetch_locked_internal) Allocated locked data 0x0xb7eb4a68 [2013/11/07 14:24:57.864964, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smbXsrv_open.c:695(smbXsrv_open_global_store) [2013/11/07 14:24:57.865010, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smbXsrv_open.c:697(smbXsrv_open_global_store) smbXsrv_open_global_store: key '3C672C94' stored [2013/11/07 14:24:57.865092, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) &global_blob: struct smbXsrv_open_globalB version : SMBXSRV_VERSION_0 (0) seqnum : 0x00000001 (1) info : union smbXsrv_open_globalU(case 0) info0 : * info0: struct smbXsrv_open_global0 db_rec : * server_id: struct server_id pid : 0x0000000000002c7f (11391) task_id : 0x00000000 (0) vnn : 0xffffffff (4294967295) unique_id : 0xf0a57ba60aba1420 (-1106342180374834144) open_global_id : 0x3c672c94 (1013394580) open_persistent_id : 0x000000003c672c94 (1013394580) open_volatile_id : 0x0000000062dcefc5 (1658646469) open_owner : S-1-5-21-1094127309-486540266-3527182606-1118 open_time : Do Nov 7 14:24:58 2013 CET create_guid : 00000000-0000-0000-0000-000000000000 client_guid : 4a76dfb5-4795-11e3-be7a-5254003f141e app_instance_id : 00000000-0000-0000-0000-000000000000 disconnect_time : NTTIME(0) durable_timeout_msec : 0x00000000 (0) durable : 0x00 (0) backend_cookie : DATA_BLOB length=0 [2013/11/07 14:24:57.866131, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) Unlocking key 3C672C94 [2013/11/07 14:24:57.866216, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor) release lock order 1 for /var/run/samba/smbXsrv_open_global.tdb [2013/11/07 14:24:57.866297, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) lock order: 1: 2: 3: [2013/11/07 14:24:57.866381, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smbXsrv_open.c:862(smbXsrv_open_create) [2013/11/07 14:24:57.866426, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smbXsrv_open.c:870(smbXsrv_open_create) smbXsrv_open_create: global_id (0x3c672c94) stored [2013/11/07 14:24:57.866506, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) &open_blob: struct smbXsrv_openB version : SMBXSRV_VERSION_0 (0) reserved : 0x00000000 (0) info : union smbXsrv_openU(case 0) info0 : * info0: struct smbXsrv_open table : * db_rec : NULL local_id : 0x62dcefc5 (1658646469) global : * global: struct smbXsrv_open_global0 db_rec : NULL server_id: struct server_id pid : 0x0000000000002c7f (11391) task_id : 0x00000000 (0) vnn : 0xffffffff (4294967295) unique_id : 0xf0a57ba60aba1420 (-1106342180374834144) open_global_id : 0x3c672c94 (1013394580) open_persistent_id : 0x000000003c672c94 (1013394580) open_volatile_id : 0x0000000062dcefc5 (1658646469) open_owner : S-1-5-21-1094127309-486540266-3527182606-1118 open_time : Do Nov 7 14:24:58 2013 CET create_guid : 00000000-0000-0000-0000-000000000000 client_guid : 4a76dfb5-4795-11e3-be7a-5254003f141e app_instance_id : 00000000-0000-0000-0000-000000000000 disconnect_time : NTTIME(0) durable_timeout_msec : 0x00000000 (0) durable : 0x00 (0) backend_cookie : DATA_BLOB length=0 status : NT_STATUS_OK idle_time : Do Nov 7 14:24:58 2013 CET compat : NULL [2013/11/07 14:24:57.867983, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/files.c:125(file_new) allocated file structure fnum 1658646469 (3 used) [2013/11/07 14:24:57.868075, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/files.c:713(file_name_hash) file_name_hash: /tmp/spoolss hash 0x7d4e46e5 [2013/11/07 14:24:57.868186, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) Create pipe requested \spoolss [2013/11/07 14:24:57.868292, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 14 for pipe \spoolss [2013/11/07 14:24:57.868480, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) Created internal pipe \spoolss [2013/11/07 14:24:57.868571, 8, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/dosmode.c:631(dos_mode) dos_mode: spoolss [2013/11/07 14:24:57.868672, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_create.c:1053(smbd_smb2_create_send) smbd_smb2_create_send: spoolss - fnum 1658646469 [2013/11/07 14:24:57.868779, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[88] dyn[yes:0] at ../source3/smbd/smb2_create.c:369 [2013/11/07 14:24:57.868865, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/210/127 [2013/11/07 14:24:57.869035, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) smbd_smb2_request_incoming: idx[1] of 5 vectors [2013/11/07 14:24:57.869121, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) smb2_validate_sequence_number: clearing id 210 (position 210) from bitmap [2013/11/07 14:24:57.869204, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) smbd_smb2_request_dispatch: opcode[SMB2_OP_IOCTL] mid = 210 [2013/11/07 14:24:57.869315, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2013/11/07 14:24:57.869405, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) mid 210, CreditCharge: 1, NeededCharge: 1 [2013/11/07 14:24:57.869488, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl.c:394(smbd_smb2_ioctl_send) smbd_smb2_ioctl: ctl_code[0x0011c017] spoolss, fnum 877850588 [2013/11/07 14:24:57.869575, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:59(smb2_ioctl_named_pipe) smbd_smb2_ioctl_send: np_write_send of size 1716 [2013/11/07 14:24:57.869657, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 1716 [2013/11/07 14:24:57.869740, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 1716 [2013/11/07 14:24:57.869821, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 1716 [2013/11/07 14:24:57.869903, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) fill_rpc_header: data_to_copy = 1716, len_needed_to_complete_hdr = 16, receive_len = 0 [2013/11/07 14:24:57.869986, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 16 [2013/11/07 14:24:57.870066, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 1700 [2013/11/07 14:24:57.870146, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 1700 [2013/11/07 14:24:57.870342, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 0 [2013/11/07 14:24:57.870426, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 1700 [2013/11/07 14:24:57.870506, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 1700, incoming data = 1700 [2013/11/07 14:24:57.870590, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) PDU is in Little Endian format! [2013/11/07 14:24:57.870718, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x06b4 (1716) auth_length : 0x0000 (0) call_id : 0x00000006 (6) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x0000069c (1692) context_id : 0x0000 (0) opnum : 0x0004 (4) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=1692 [0000] 00 00 00 00 69 01 00 00 00 00 00 00 7B 52 A9 94 ....i... ....{R.. [0010] 7F 2C 00 00 00 00 00 00 FF FF FF FF 02 00 00 00 .,...... ........ [0020] 00 00 02 00 70 06 00 00 00 00 00 00 00 00 00 00 ....p... ........ [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0690] 00 00 00 00 00 00 00 00 70 06 00 00 ........ p... [2013/11/07 14:24:57.878744, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) Processing packet type 0 [2013/11/07 14:24:57.878829, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1472(dcesrv_auth_request) Checking request auth. [2013/11/07 14:24:57.878920, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(2016, 5001) : sec_ctx_stack_ndx = 1 [2013/11/07 14:24:57.879009, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (2016, 5001) - sec_ctx_stack_ndx = 1 [2013/11/07 14:24:57.879093, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (7): SID[ 0]: S-1-5-21-1094127309-486540266-3527182606-1118 SID[ 1]: S-1-5-21-1094127309-486540266-3527182606-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-32-545 SID[ 6]: S-1-5-32-554 Privileges (0x 800000): Privilege[ 0]: SeChangeNotifyPrivilege Rights (0x 400): Right[ 0]: SeRemoteInteractiveLogonRight [2013/11/07 14:24:57.879577, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 2016 Primary group is 5001 and contains 6 supplementary groups Group[ 0]: 5001 Group[ 1]: 5012 Group[ 2]: 5032 Group[ 3]: 5010 Group[ 4]: 5067 Group[ 5]: 5052 [2013/11/07 14:24:57.879917, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1324(api_pipe_request) Requested \spoolss rpc service [2013/11/07 14:24:57.880017, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1356(api_rpcTNP) api_rpcTNP: \spoolss op 0x4 - api_rpcTNP: rpc command: SPOOLSS_ENUMJOBS [2013/11/07 14:24:57.880103, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1390(api_rpcTNP) api_rpc_cmds[4].fn == 0xb766eba0 [2013/11/07 14:24:57.880191, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) spoolss_EnumJobs: struct spoolss_EnumJobs in: struct spoolss_EnumJobs handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000169-0000-0000-7b52-a9947f2c0000 firstjob : 0x00000000 (0) numjobs : 0xffffffff (4294967295) level : 0x00000002 (2) buffer : * buffer : DATA_BLOB length=1648 [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ offered : 0x00000670 (1648) [2013/11/07 14:24:57.887574, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:7299(_spoolss_EnumJobs) _spoolss_EnumJobs [2013/11/07 14:24:57.887657, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 69 01 00 00 00 00 00 00 7B 52 A9 94 ....i... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.887808, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:489(get_printer_snum) short name:sprinter1 [2013/11/07 14:24:57.887985, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) Create pipe requested \winreg [2013/11/07 14:24:57.888076, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:221(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \winreg [2013/11/07 14:24:57.888160, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg [2013/11/07 14:24:57.888284, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) Created internal pipe \winreg [2013/11/07 14:24:57.888443, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:24:57.888954, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2013/11/07 14:24:57.889040, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(2016, 5001) : sec_ctx_stack_ndx = 2 [2013/11/07 14:24:57.889127, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:485(push_conn_ctx) push_conn_ctx(2620291195) : conn_ctx_stack_ndx = 0 [2013/11/07 14:24:57.889209, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/11/07 14:24:57.889319, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/11/07 14:24:57.889399, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/11/07 14:24:57.889639, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (2016, 5001) - sec_ctx_stack_ndx = 1 [2013/11/07 14:24:57.889724, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:866(regdb_open) regdb_open: registry db opened. refcount reset (1) [2013/11/07 14:24:57.889811, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2013/11/07 14:24:57.889891, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2013/11/07 14:24:57.889975, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:57.890055, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM] [2013/11/07 14:24:57.890181, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2013/11/07 14:24:57.890285, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:24:57.890372, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 7A 01 00 00 00 00 00 00 7B 52 A9 94 ....z... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.890524, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000017a-0000-0000-7b52-a9947f2c0000 result : WERR_OK [2013/11/07 14:24:57.890881, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000017a-0000-0000-7b52-a9947f2c0000 keyname: struct winreg_String name_len : 0x008c (140) name_size : 0x008c (140) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:24:57.891901, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 7A 01 00 00 00 00 00 00 7B 52 A9 94 ....z... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.892053, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2013/11/07 14:24:57.892136, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (1->2) [2013/11/07 14:24:57.892221, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2013/11/07 14:24:57.892301, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2013/11/07 14:24:57.892420, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:57.892504, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE] [2013/11/07 14:24:57.892617, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2013/11/07 14:24:57.892718, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2013/11/07 14:24:57.892801, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (2->3) [2013/11/07 14:24:57.892885, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:57.892966, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:57.893050, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:57.893128, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:57.893234, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:57.893347, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2013/11/07 14:24:57.893430, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (3->4) [2013/11/07 14:24:57.893515, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:57.893595, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:57.893693, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:57.893772, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:57.893874, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:57.893977, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2013/11/07 14:24:57.894059, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (4->5) [2013/11/07 14:24:57.894146, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:57.894226, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:57.894311, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:57.894390, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:57.894515, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2013/11/07 14:24:57.894598, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (5->6) [2013/11/07 14:24:57.894684, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:57.894765, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:57.894853, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:57.894932, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:57.895040, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2013/11/07 14:24:57.895123, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (6->7) [2013/11/07 14:24:57.895208, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:57.895289, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:57.895391, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:57.895471, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:57.895576, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:57.895679, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [sprinter1] [2013/11/07 14:24:57.895762, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (7->8) [2013/11/07 14:24:57.895848, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:57.895929, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:57.896017, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:57.896096, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:57.896222, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:57.896325, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:24:57.896456, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (8->7) [2013/11/07 14:24:57.896542, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (7->6) [2013/11/07 14:24:57.896627, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (6->5) [2013/11/07 14:24:57.896710, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (5->4) [2013/11/07 14:24:57.896793, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (4->3) [2013/11/07 14:24:57.896876, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (3->2) [2013/11/07 14:24:57.896961, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 7B 01 00 00 00 00 00 00 7B 52 A9 94 ....{... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.897124, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000017b-0000-0000-7b52-a9947f2c0000 result : WERR_OK [2013/11/07 14:24:57.897501, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey in: struct winreg_QueryInfoKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000017b-0000-0000-7b52-a9947f2c0000 classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL [2013/11/07 14:24:57.897974, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 7B 01 00 00 00 00 00 00 7B 52 A9 94 ....{... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.898130, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' (ops 0xb6d86bc0) [2013/11/07 14:24:57.898214, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:57.898339, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[0]: name[Attributes] len[4] [2013/11/07 14:24:57.898425, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[1]: name[Description] len[2] [2013/11/07 14:24:57.898508, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[2]: name[Datatype] len[8] [2013/11/07 14:24:57.898592, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[3]: name[Default Priority] len[4] [2013/11/07 14:24:57.898676, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[4]: name[Port] len[38] [2013/11/07 14:24:57.898760, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[5]: name[Name] len[20] [2013/11/07 14:24:57.898845, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[6]: name[Print Processor] len[18] [2013/11/07 14:24:57.898930, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[7]: name[Priority] len[4] [2013/11/07 14:24:57.899015, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[8]: name[Security] len[248] [2013/11/07 14:24:57.899113, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[9]: name[Share Name] len[20] [2013/11/07 14:24:57.899199, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[10]: name[StartTime] len[4] [2013/11/07 14:24:57.899285, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[11]: name[UntilTime] len[4] [2013/11/07 14:24:57.899370, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[12]: name[ChangeID] len[4] [2013/11/07 14:24:57.899456, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:57.899560, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey out: struct winreg_QueryInfoKey classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL num_subkeys : * num_subkeys : 0x00000003 (3) max_subkeylen : * max_subkeylen : 0x00000022 (34) max_classlen : * max_classlen : 0x00000000 (0) num_values : * num_values : 0x0000000d (13) max_valnamelen : * max_valnamelen : 0x00000022 (34) max_valbufsize : * max_valbufsize : 0x000000f8 (248) secdescsize : * secdescsize : 0x00000078 (120) last_changed_time : * last_changed_time : NTTIME(0) result : WERR_OK [2013/11/07 14:24:57.900665, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000017b-0000-0000-7b52-a9947f2c0000 enum_index : 0x00000000 (0) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:57.901535, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 7B 01 00 00 00 00 00 00 7B 52 A9 94 ....{... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.901699, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:57.901789, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0016 (22) size : 0x0024 (36) name : * name : 'Attributes' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x48 (72) [1] : 0x10 (16) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:57.902660, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000017b-0000-0000-7b52-a9947f2c0000 enum_index : 0x00000001 (1) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:57.903511, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 7B 01 00 00 00 00 00 00 7B 52 A9 94 ....{... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.903659, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:57.903746, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0018 (24) size : 0x0024 (36) name : * name : 'Description' type : * type : REG_SZ (1) value : * value: ARRAY(2) [0] : 0x00 (0) [1] : 0x00 (0) size : * size : 0x00000002 (2) length : * length : 0x00000002 (2) result : WERR_OK [2013/11/07 14:24:57.904581, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000017b-0000-0000-7b52-a9947f2c0000 enum_index : 0x00000002 (2) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:57.905441, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 7B 01 00 00 00 00 00 00 7B 52 A9 94 ....{... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.905590, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:57.905677, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Datatype' type : * type : REG_SZ (1) value : * value: ARRAY(8) [0] : 0x52 (82) [1] : 0x00 (0) [2] : 0x41 (65) [3] : 0x00 (0) [4] : 0x57 (87) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) size : * size : 0x00000008 (8) length : * length : 0x00000008 (8) result : WERR_OK [2013/11/07 14:24:57.906710, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000017b-0000-0000-7b52-a9947f2c0000 enum_index : 0x00000003 (3) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:57.907577, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 7B 01 00 00 00 00 00 00 7B 52 A9 94 ....{... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.907725, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:57.907812, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0022 (34) size : 0x0024 (36) name : * name : 'Default Priority' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:57.908792, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000017b-0000-0000-7b52-a9947f2c0000 enum_index : 0x00000004 (4) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:57.909678, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 7B 01 00 00 00 00 00 00 7B 52 A9 94 ....{... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.909849, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:57.909939, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x000a (10) size : 0x0024 (36) name : * name : 'Port' type : * type : REG_SZ (1) value : * value: ARRAY(38) [0] : 0x53 (83) [1] : 0x00 (0) [2] : 0x61 (97) [3] : 0x00 (0) [4] : 0x6d (109) [5] : 0x00 (0) [6] : 0x62 (98) [7] : 0x00 (0) [8] : 0x61 (97) [9] : 0x00 (0) [10] : 0x20 (32) [11] : 0x00 (0) [12] : 0x50 (80) [13] : 0x00 (0) [14] : 0x72 (114) [15] : 0x00 (0) [16] : 0x69 (105) [17] : 0x00 (0) [18] : 0x6e (110) [19] : 0x00 (0) [20] : 0x74 (116) [21] : 0x00 (0) [22] : 0x65 (101) [23] : 0x00 (0) [24] : 0x72 (114) [25] : 0x00 (0) [26] : 0x20 (32) [27] : 0x00 (0) [28] : 0x50 (80) [29] : 0x00 (0) [30] : 0x6f (111) [31] : 0x00 (0) [32] : 0x72 (114) [33] : 0x00 (0) [34] : 0x74 (116) [35] : 0x00 (0) [36] : 0x00 (0) [37] : 0x00 (0) size : * size : 0x00000026 (38) length : * length : 0x00000026 (38) result : WERR_OK [2013/11/07 14:24:57.912147, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000017b-0000-0000-7b52-a9947f2c0000 enum_index : 0x00000005 (5) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:57.913048, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 7B 01 00 00 00 00 00 00 7B 52 A9 94 ....{... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.913197, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:57.913297, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x000a (10) size : 0x0024 (36) name : * name : 'Name' type : * type : REG_SZ (1) value : * value: ARRAY(20) [0] : 0x73 (115) [1] : 0x00 (0) [2] : 0x70 (112) [3] : 0x00 (0) [4] : 0x72 (114) [5] : 0x00 (0) [6] : 0x69 (105) [7] : 0x00 (0) [8] : 0x6e (110) [9] : 0x00 (0) [10] : 0x74 (116) [11] : 0x00 (0) [12] : 0x65 (101) [13] : 0x00 (0) [14] : 0x72 (114) [15] : 0x00 (0) [16] : 0x31 (49) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) size : * size : 0x00000014 (20) length : * length : 0x00000014 (20) result : WERR_OK [2013/11/07 14:24:57.914798, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000017b-0000-0000-7b52-a9947f2c0000 enum_index : 0x00000006 (6) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:57.915737, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 7B 01 00 00 00 00 00 00 7B 52 A9 94 ....{... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.915886, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:57.915976, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0020 (32) size : 0x0024 (36) name : * name : 'Print Processor' type : * type : REG_SZ (1) value : * value: ARRAY(18) [0] : 0x77 (119) [1] : 0x00 (0) [2] : 0x69 (105) [3] : 0x00 (0) [4] : 0x6e (110) [5] : 0x00 (0) [6] : 0x70 (112) [7] : 0x00 (0) [8] : 0x72 (114) [9] : 0x00 (0) [10] : 0x69 (105) [11] : 0x00 (0) [12] : 0x6e (110) [13] : 0x00 (0) [14] : 0x74 (116) [15] : 0x00 (0) [16] : 0x00 (0) [17] : 0x00 (0) size : * size : 0x00000012 (18) length : * length : 0x00000012 (18) result : WERR_OK [2013/11/07 14:24:57.917445, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000017b-0000-0000-7b52-a9947f2c0000 enum_index : 0x00000007 (7) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:57.918318, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 7B 01 00 00 00 00 00 00 7B 52 A9 94 ....{... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.918466, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:57.918554, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Priority' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:57.919433, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000017b-0000-0000-7b52-a9947f2c0000 enum_index : 0x00000008 (8) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:57.920285, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 7B 01 00 00 00 00 00 00 7B 52 A9 94 ....{... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.920461, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:57.920550, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Security' type : * type : REG_BINARY (3) value : * value: ARRAY(248) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0xc4 (196) [55] : 0x00 (0) [56] : 0x07 (7) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x24 (36) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x05 (5) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x15 (21) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0xcd (205) [101] : 0x0e (14) [102] : 0x37 (55) [103] : 0x41 (65) [104] : 0xea (234) [105] : 0x03 (3) [106] : 0x00 (0) [107] : 0x1d (29) [108] : 0x0e (14) [109] : 0x89 (137) [110] : 0x3c (60) [111] : 0xd2 (210) [112] : 0x00 (0) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x02 (2) [118] : 0x24 (36) [119] : 0x00 (0) [120] : 0x0c (12) [121] : 0x00 (0) [122] : 0x0f (15) [123] : 0x10 (16) [124] : 0x01 (1) [125] : 0x05 (5) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x05 (5) [132] : 0x15 (21) [133] : 0x00 (0) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0xcd (205) [137] : 0x0e (14) [138] : 0x37 (55) [139] : 0x41 (65) [140] : 0xea (234) [141] : 0x03 (3) [142] : 0x00 (0) [143] : 0x1d (29) [144] : 0x0e (14) [145] : 0x89 (137) [146] : 0x3c (60) [147] : 0xd2 (210) [148] : 0x00 (0) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x09 (9) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x20 (32) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x02 (2) [178] : 0x18 (24) [179] : 0x00 (0) [180] : 0x0c (12) [181] : 0x00 (0) [182] : 0x0f (15) [183] : 0x10 (16) [184] : 0x01 (1) [185] : 0x02 (2) [186] : 0x00 (0) [187] : 0x00 (0) [188] : 0x00 (0) [189] : 0x00 (0) [190] : 0x00 (0) [191] : 0x05 (5) [192] : 0x20 (32) [193] : 0x00 (0) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x20 (32) [197] : 0x02 (2) [198] : 0x00 (0) [199] : 0x00 (0) [200] : 0x00 (0) [201] : 0x09 (9) [202] : 0x18 (24) [203] : 0x00 (0) [204] : 0x0c (12) [205] : 0x00 (0) [206] : 0x0f (15) [207] : 0x10 (16) [208] : 0x01 (1) [209] : 0x02 (2) [210] : 0x00 (0) [211] : 0x00 (0) [212] : 0x00 (0) [213] : 0x00 (0) [214] : 0x00 (0) [215] : 0x05 (5) [216] : 0x20 (32) [217] : 0x00 (0) [218] : 0x00 (0) [219] : 0x00 (0) [220] : 0x26 (38) [221] : 0x02 (2) [222] : 0x00 (0) [223] : 0x00 (0) [224] : 0x00 (0) [225] : 0x02 (2) [226] : 0x18 (24) [227] : 0x00 (0) [228] : 0x0c (12) [229] : 0x00 (0) [230] : 0x0f (15) [231] : 0x10 (16) [232] : 0x01 (1) [233] : 0x02 (2) [234] : 0x00 (0) [235] : 0x00 (0) [236] : 0x00 (0) [237] : 0x00 (0) [238] : 0x00 (0) [239] : 0x05 (5) [240] : 0x20 (32) [241] : 0x00 (0) [242] : 0x00 (0) [243] : 0x00 (0) [244] : 0x26 (38) [245] : 0x02 (2) [246] : 0x00 (0) [247] : 0x00 (0) size : * size : 0x000000f8 (248) length : * length : 0x000000f8 (248) result : WERR_OK [2013/11/07 14:24:57.931017, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000017b-0000-0000-7b52-a9947f2c0000 enum_index : 0x00000009 (9) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:57.931902, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 7B 01 00 00 00 00 00 00 7B 52 A9 94 ....{... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.932052, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:57.932142, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0016 (22) size : 0x0024 (36) name : * name : 'Share Name' type : * type : REG_SZ (1) value : * value: ARRAY(20) [0] : 0x73 (115) [1] : 0x00 (0) [2] : 0x70 (112) [3] : 0x00 (0) [4] : 0x72 (114) [5] : 0x00 (0) [6] : 0x69 (105) [7] : 0x00 (0) [8] : 0x6e (110) [9] : 0x00 (0) [10] : 0x74 (116) [11] : 0x00 (0) [12] : 0x65 (101) [13] : 0x00 (0) [14] : 0x72 (114) [15] : 0x00 (0) [16] : 0x31 (49) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) size : * size : 0x00000014 (20) length : * length : 0x00000014 (20) result : WERR_OK [2013/11/07 14:24:57.933848, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000017b-0000-0000-7b52-a9947f2c0000 enum_index : 0x0000000a (10) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:57.934725, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 7B 01 00 00 00 00 00 00 7B 52 A9 94 ....{... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.934875, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:57.934963, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0014 (20) size : 0x0024 (36) name : * name : 'StartTime' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:57.935840, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000017b-0000-0000-7b52-a9947f2c0000 enum_index : 0x0000000b (11) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:57.936728, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 7B 01 00 00 00 00 00 00 7B 52 A9 94 ....{... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.936876, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:57.936963, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0014 (20) size : 0x0024 (36) name : * name : 'UntilTime' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:57.937870, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000017b-0000-0000-7b52-a9947f2c0000 enum_index : 0x0000000c (12) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:57.938723, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 7B 01 00 00 00 00 00 00 7B 52 A9 94 ....{... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.938871, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:57.938958, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'ChangeID' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x33 (51) [1] : 0xac (172) [2] : 0x0e (14) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:57.939882, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000017b-0000-0000-7b52-a9947f2c0000 value_name : * value_name: struct winreg_String name_len : 0x0020 (32) name_size : 0x0020 (32) name : * name : 'Default DevMode' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2013/11/07 14:24:57.940699, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 7B 01 00 00 00 00 00 00 7B 52 A9 94 ....{... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.940848, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:57.940930, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2013/11/07 14:24:57.941019, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:316(_winreg_QueryValue) _winreg_QueryValue: reg_queryvalue failed with: WERR_BADFILE [2013/11/07 14:24:57.941099, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) result : WERR_BADFILE [2013/11/07 14:24:57.941576, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:24:57.942081, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2013/11/07 14:24:57.942164, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (2->3) [2013/11/07 14:24:57.942249, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2013/11/07 14:24:57.942343, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2013/11/07 14:24:57.942429, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:57.942508, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM] [2013/11/07 14:24:57.942633, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2013/11/07 14:24:57.942738, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:24:57.942826, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[3] [0000] 00 00 00 00 7C 01 00 00 00 00 00 00 7B 52 A9 94 ....|... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.942979, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000017c-0000-0000-7b52-a9947f2c0000 result : WERR_OK [2013/11/07 14:24:57.943325, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000017c-0000-0000-7b52-a9947f2c0000 keyname: struct winreg_String name_len : 0x008c (140) name_size : 0x008c (140) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:24:57.944326, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 7C 01 00 00 00 00 00 00 7B 52 A9 94 ....|... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.944507, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2013/11/07 14:24:57.944589, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (3->4) [2013/11/07 14:24:57.944673, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2013/11/07 14:24:57.944766, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2013/11/07 14:24:57.944850, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:57.944929, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE] [2013/11/07 14:24:57.945040, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2013/11/07 14:24:57.945140, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2013/11/07 14:24:57.945222, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (4->5) [2013/11/07 14:24:57.945332, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:57.945412, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:57.945496, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:57.945575, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:57.945684, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:57.945784, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2013/11/07 14:24:57.945867, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (5->6) [2013/11/07 14:24:57.945951, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:57.946030, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:57.946115, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:57.946193, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:57.946295, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:57.946396, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2013/11/07 14:24:57.946478, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (6->7) [2013/11/07 14:24:57.946577, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:57.946656, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:57.946742, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:57.946821, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:57.946946, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2013/11/07 14:24:57.947029, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (7->8) [2013/11/07 14:24:57.947113, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:57.947194, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:57.947282, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:57.947361, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:57.947468, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2013/11/07 14:24:57.947550, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (8->9) [2013/11/07 14:24:57.947637, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:57.947718, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:57.947806, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:57.947885, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:57.947989, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:57.948092, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [sprinter1] [2013/11/07 14:24:57.948173, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (9->10) [2013/11/07 14:24:57.948272, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:57.948354, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:57.948473, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:57.948553, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:57.948668, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:57.948771, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:24:57.948856, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (10->9) [2013/11/07 14:24:57.948939, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (9->8) [2013/11/07 14:24:57.949023, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (8->7) [2013/11/07 14:24:57.949106, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (7->6) [2013/11/07 14:24:57.949188, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (6->5) [2013/11/07 14:24:57.949282, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (5->4) [2013/11/07 14:24:57.949368, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[4] [0000] 00 00 00 00 7D 01 00 00 00 00 00 00 7B 52 A9 94 ....}... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.949518, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000017d-0000-0000-7b52-a9947f2c0000 result : WERR_OK [2013/11/07 14:24:57.949869, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000017d-0000-0000-7b52-a9947f2c0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2013/11/07 14:24:57.950659, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 7D 01 00 00 00 00 00 00 7B 52 A9 94 ....}... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.950808, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:57.950890, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2013/11/07 14:24:57.950973, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' (ops 0xb6d86bc0) [2013/11/07 14:24:57.951056, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:57.951163, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[0]: name[Attributes] len[4] [2013/11/07 14:24:57.951247, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[1]: name[Description] len[2] [2013/11/07 14:24:57.951331, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[2]: name[Datatype] len[8] [2013/11/07 14:24:57.951414, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[3]: name[Default Priority] len[4] [2013/11/07 14:24:57.951499, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[4]: name[Port] len[38] [2013/11/07 14:24:57.951583, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[5]: name[Name] len[20] [2013/11/07 14:24:57.951667, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[6]: name[Print Processor] len[18] [2013/11/07 14:24:57.951751, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[7]: name[Priority] len[4] [2013/11/07 14:24:57.951836, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[8]: name[Security] len[248] [2013/11/07 14:24:57.951921, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[9]: name[Share Name] len[20] [2013/11/07 14:24:57.952019, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[10]: name[StartTime] len[4] [2013/11/07 14:24:57.952105, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[11]: name[UntilTime] len[4] [2013/11/07 14:24:57.952190, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[12]: name[ChangeID] len[4] [2013/11/07 14:24:57.952277, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : NULL data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x00000000 (0) result : WERR_OK [2013/11/07 14:24:57.952762, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000017d-0000-0000-7b52-a9947f2c0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_BINARY (3) data : * data: ARRAY(0) data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x00000000 (0) [2013/11/07 14:24:57.953584, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 7D 01 00 00 00 00 00 00 7B 52 A9 94 ....}... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.953733, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:57.953814, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2013/11/07 14:24:57.953902, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : * data: ARRAY(248) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0xc4 (196) [55] : 0x00 (0) [56] : 0x07 (7) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x24 (36) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x05 (5) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x15 (21) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0xcd (205) [101] : 0x0e (14) [102] : 0x37 (55) [103] : 0x41 (65) [104] : 0xea (234) [105] : 0x03 (3) [106] : 0x00 (0) [107] : 0x1d (29) [108] : 0x0e (14) [109] : 0x89 (137) [110] : 0x3c (60) [111] : 0xd2 (210) [112] : 0x00 (0) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x02 (2) [118] : 0x24 (36) [119] : 0x00 (0) [120] : 0x0c (12) [121] : 0x00 (0) [122] : 0x0f (15) [123] : 0x10 (16) [124] : 0x01 (1) [125] : 0x05 (5) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x05 (5) [132] : 0x15 (21) [133] : 0x00 (0) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0xcd (205) [137] : 0x0e (14) [138] : 0x37 (55) [139] : 0x41 (65) [140] : 0xea (234) [141] : 0x03 (3) [142] : 0x00 (0) [143] : 0x1d (29) [144] : 0x0e (14) [145] : 0x89 (137) [146] : 0x3c (60) [147] : 0xd2 (210) [148] : 0x00 (0) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x09 (9) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x20 (32) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x02 (2) [178] : 0x18 (24) [179] : 0x00 (0) [180] : 0x0c (12) [181] : 0x00 (0) [182] : 0x0f (15) [183] : 0x10 (16) [184] : 0x01 (1) [185] : 0x02 (2) [186] : 0x00 (0) [187] : 0x00 (0) [188] : 0x00 (0) [189] : 0x00 (0) [190] : 0x00 (0) [191] : 0x05 (5) [192] : 0x20 (32) [193] : 0x00 (0) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x20 (32) [197] : 0x02 (2) [198] : 0x00 (0) [199] : 0x00 (0) [200] : 0x00 (0) [201] : 0x09 (9) [202] : 0x18 (24) [203] : 0x00 (0) [204] : 0x0c (12) [205] : 0x00 (0) [206] : 0x0f (15) [207] : 0x10 (16) [208] : 0x01 (1) [209] : 0x02 (2) [210] : 0x00 (0) [211] : 0x00 (0) [212] : 0x00 (0) [213] : 0x00 (0) [214] : 0x00 (0) [215] : 0x05 (5) [216] : 0x20 (32) [217] : 0x00 (0) [218] : 0x00 (0) [219] : 0x00 (0) [220] : 0x26 (38) [221] : 0x02 (2) [222] : 0x00 (0) [223] : 0x00 (0) [224] : 0x00 (0) [225] : 0x02 (2) [226] : 0x18 (24) [227] : 0x00 (0) [228] : 0x0c (12) [229] : 0x00 (0) [230] : 0x0f (15) [231] : 0x10 (16) [232] : 0x01 (1) [233] : 0x02 (2) [234] : 0x00 (0) [235] : 0x00 (0) [236] : 0x00 (0) [237] : 0x00 (0) [238] : 0x00 (0) [239] : 0x05 (5) [240] : 0x20 (32) [241] : 0x00 (0) [242] : 0x00 (0) [243] : 0x00 (0) [244] : 0x26 (38) [245] : 0x02 (2) [246] : 0x00 (0) [247] : 0x00 (0) data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x000000f8 (248) result : WERR_OK [2013/11/07 14:24:57.964165, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000017d-0000-0000-7b52-a9947f2c0000 [2013/11/07 14:24:57.964476, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 7D 01 00 00 00 00 00 00 7B 52 A9 94 ....}... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.964626, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 7D 01 00 00 00 00 00 00 7B 52 A9 94 ....}... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.964772, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:24:57.964858, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (4->3) [2013/11/07 14:24:57.964940, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:24:57.965301, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000017c-0000-0000-7b52-a9947f2c0000 [2013/11/07 14:24:57.965582, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 7C 01 00 00 00 00 00 00 7B 52 A9 94 ....|... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.965730, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 7C 01 00 00 00 00 00 00 7B 52 A9 94 ....|... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.965876, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:24:57.965958, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (3->2) [2013/11/07 14:24:57.966040, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:24:57.966378, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000017b-0000-0000-7b52-a9947f2c0000 [2013/11/07 14:24:57.966655, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 7B 01 00 00 00 00 00 00 7B 52 A9 94 ....{... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.966803, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 7B 01 00 00 00 00 00 00 7B 52 A9 94 ....{... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.966950, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:24:57.967039, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (2->1) [2013/11/07 14:24:57.967121, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:24:57.967457, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000017a-0000-0000-7b52-a9947f2c0000 [2013/11/07 14:24:57.967750, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 7A 01 00 00 00 00 00 00 7B 52 A9 94 ....z... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.967900, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 7A 01 00 00 00 00 00 00 7B 52 A9 94 ....z... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.968048, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:24:57.968131, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (1->0) [2013/11/07 14:24:57.968238, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:24:57.968640, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:416(close_policy_by_pipe) Deleted handle list for RPC connection \winreg [2013/11/07 14:24:57.968777, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/printing/printing.c:3087(get_stored_queue_info) get_stored_queue_info: qcount = 0, extra_count = 0 count:[0], status:[0], [] [2013/11/07 14:24:57.968902, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) spoolss_EnumJobs: struct spoolss_EnumJobs out: struct spoolss_EnumJobs count : * count : 0x00000000 (0) info : * info : NULL needed : * needed : 0x00000000 (0) result : WERR_OK [2013/11/07 14:24:57.969392, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1417(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2013/11/07 14:24:57.969507, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (2016, 5001) - sec_ctx_stack_ndx = 0 [2013/11/07 14:24:57.969595, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 1700 smbd_smb2_request_pending_queue: req->current_idx = 1 req->in.vector[0].iov_len = 0 req->in.vector[1].iov_len = 0 req->in.vector[2].iov_len = 64 req->in.vector[3].iov_len = 56 req->in.vector[4].iov_len = 1716 req->out.vector[0].iov_len = 4 req->out.vector[1].iov_len = 0 req->out.vector[2].iov_len = 64 req->out.vector[3].iov_len = 8 req->out.vector[4].iov_len = 0 [2013/11/07 14:24:57.970095, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:128(smbd_smb2_ioctl_pipe_write_done) smbd_smb2_ioctl_pipe_write_done: received 1716 [2013/11/07 14:24:57.970181, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:149(smbd_smb2_ioctl_pipe_write_done) smbd_smb2_ioctl_pipe_write_done: issuing np_read_send of size 4136 [2013/11/07 14:24:57.970283, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) name: \spoolss len: 4136 [2013/11/07 14:24:57.970367, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:347(read_from_internal_pipe) read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 1668. [2013/11/07 14:24:57.970464, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x069c (1692) auth_length : 0x0000 (0) call_id : 0x00000006 (6) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00000684 (1668) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=1668 [0000] 04 00 02 00 70 06 00 00 00 00 00 00 00 00 00 00 ....p... ........ [0010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0680] 00 00 00 00 .... [2013/11/07 14:24:57.978526, 3, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) free_pipe_context: destroying talloc pool of size 25 [2013/11/07 14:24:57.978621, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 1692 bytes. There is no more data outstanding [2013/11/07 14:24:57.978703, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:178(smbd_smb2_ioctl_pipe_read_done) smbd_smb2_ioctl_pipe_read_done: np_read_recv nread = 1692 is_data_outstanding = 0, status = NT_STATUS_OK [2013/11/07 14:24:57.978792, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl.c:291(smbd_smb2_request_ioctl_done) smbd_smb2_request_ioctl_done: smbd_smb2_ioctl_recv returned 1692 status NT_STATUS_OK [2013/11/07 14:24:57.978875, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[48] dyn[yes:1692] at ../source3/smbd/smb2_ioctl.c:358 [2013/11/07 14:24:57.978962, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/211/127 [2013/11/07 14:24:57.979221, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) smbd_smb2_request_incoming: idx[1] of 5 vectors [2013/11/07 14:24:57.979325, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) smb2_validate_sequence_number: clearing id 211 (position 211) from bitmap [2013/11/07 14:24:57.979409, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) smbd_smb2_request_dispatch: opcode[SMB2_OP_WRITE] mid = 211 [2013/11/07 14:24:57.979513, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2013/11/07 14:24:57.979607, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) mid 211, CreditCharge: 1, NeededCharge: 1 [2013/11/07 14:24:57.979705, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_write.c:271(smbd_smb2_write_send) smbd_smb2_write: spoolss - fnum 3764318751 [2013/11/07 14:24:57.979795, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 160 [2013/11/07 14:24:57.979877, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 160 [2013/11/07 14:24:57.979958, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 160 [2013/11/07 14:24:57.980039, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) fill_rpc_header: data_to_copy = 160, len_needed_to_complete_hdr = 16, receive_len = 0 [2013/11/07 14:24:57.980122, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 16 [2013/11/07 14:24:57.980259, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 144 [2013/11/07 14:24:57.980340, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 144 [2013/11/07 14:24:57.980492, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 0 [2013/11/07 14:24:57.980573, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 144 [2013/11/07 14:24:57.980653, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 144, incoming data = 144 [2013/11/07 14:24:57.980737, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) PDU is in Little Endian format! [2013/11/07 14:24:57.980830, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_BIND (11) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x00a0 (160) auth_length : 0x0000 (0) call_id : 0x00000002 (2) u : union dcerpc_payload(case 11) bind: struct dcerpc_bind max_xmit_frag : 0x10b8 (4280) max_recv_frag : 0x10b8 (4280) assoc_group_id : 0x00000000 (0) num_contexts : 0x03 (3) ctx_list: ARRAY(3) ctx_list: struct dcerpc_ctx_list context_id : 0x0000 (0) num_transfer_syntaxes : 0x01 (1) abstract_syntax: struct ndr_syntax_id uuid : 12345678-1234-abcd-ef00-0123456789ab if_version : 0x00000001 (1) transfer_syntaxes: ARRAY(1) transfer_syntaxes: struct ndr_syntax_id uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 if_version : 0x00000002 (2) ctx_list: struct dcerpc_ctx_list context_id : 0x0001 (1) num_transfer_syntaxes : 0x01 (1) abstract_syntax: struct ndr_syntax_id uuid : 12345678-1234-abcd-ef00-0123456789ab if_version : 0x00000001 (1) transfer_syntaxes: ARRAY(1) transfer_syntaxes: struct ndr_syntax_id uuid : 71710533-beba-4937-8319-b5dbef9ccc36 if_version : 0x00000001 (1) ctx_list: struct dcerpc_ctx_list context_id : 0x0002 (2) num_transfer_syntaxes : 0x01 (1) abstract_syntax: struct ndr_syntax_id uuid : 12345678-1234-abcd-ef00-0123456789ab if_version : 0x00000001 (1) transfer_syntaxes: ARRAY(1) transfer_syntaxes: struct ndr_syntax_id uuid : 6cb71c2c-9812-4540-0300-000000000000 if_version : 0x00000001 (1) auth_info : DATA_BLOB length=0 [2013/11/07 14:24:57.982957, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) Processing packet type 11 [2013/11/07 14:24:57.983042, 3, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:693(api_pipe_bind_req) api_pipe_bind_req: spoolss -> spoolss rpc service [2013/11/07 14:24:57.983127, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:724(api_pipe_bind_req) api_pipe_bind_req: make response. 724 [2013/11/07 14:24:57.983209, 3, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:342(check_bind_req) check_bind_req for \spoolss [2013/11/07 14:24:57.983294, 3, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:349(check_bind_req) check_bind_req: spoolss -> spoolss rpc service [2013/11/07 14:24:57.983378, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 15 for pipe \spoolss [2013/11/07 14:24:57.983481, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_BIND_ACK (12) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0044 (68) auth_length : 0x0000 (0) call_id : 0x00000002 (2) u : union dcerpc_payload(case 12) bind_ack: struct dcerpc_bind_ack max_xmit_frag : 0x10b8 (4280) max_recv_frag : 0x10b8 (4280) assoc_group_id : 0x000053f0 (21488) secondary_address_size : 0x000e (14) secondary_address : '\PIPE\spoolss' _pad1 : DATA_BLOB length=0 num_results : 0x01 (1) ctx_list: ARRAY(1) ctx_list: struct dcerpc_ack_ctx result : 0x0000 (0) reason : 0x0000 (0) syntax: struct ndr_syntax_id uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 if_version : 0x00000002 (2) auth_info : DATA_BLOB length=0 [2013/11/07 14:24:57.984820, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 144 smbd_smb2_request_pending_queue: req->current_idx = 1 req->in.vector[0].iov_len = 0 req->in.vector[1].iov_len = 0 req->in.vector[2].iov_len = 64 req->in.vector[3].iov_len = 48 req->in.vector[4].iov_len = 160 req->out.vector[0].iov_len = 4 req->out.vector[1].iov_len = 0 req->out.vector[2].iov_len = 64 req->out.vector[3].iov_len = 8 req->out.vector[4].iov_len = 0 [2013/11/07 14:24:57.985333, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[16] dyn[yes:0] at ../source3/smbd/smb2_write.c:150 [2013/11/07 14:24:57.985422, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/212/127 [2013/11/07 14:24:57.985591, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) smbd_smb2_request_incoming: idx[1] of 5 vectors [2013/11/07 14:24:57.985677, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) smb2_validate_sequence_number: clearing id 212 (position 212) from bitmap [2013/11/07 14:24:57.985760, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) smbd_smb2_request_dispatch: opcode[SMB2_OP_WRITE] mid = 212 [2013/11/07 14:24:57.985857, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2013/11/07 14:24:57.985944, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) mid 212, CreditCharge: 1, NeededCharge: 1 [2013/11/07 14:24:57.986027, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_write.c:271(smbd_smb2_write_send) smbd_smb2_write: spoolss - fnum 1658646469 [2013/11/07 14:24:57.986113, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 160 [2013/11/07 14:24:57.986195, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 160 [2013/11/07 14:24:57.986276, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 160 [2013/11/07 14:24:57.986358, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) fill_rpc_header: data_to_copy = 160, len_needed_to_complete_hdr = 16, receive_len = 0 [2013/11/07 14:24:57.986440, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 16 [2013/11/07 14:24:57.986520, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 144 [2013/11/07 14:24:57.986615, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 144 [2013/11/07 14:24:57.986699, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 0 [2013/11/07 14:24:57.986779, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 144 [2013/11/07 14:24:57.986858, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 144, incoming data = 144 [2013/11/07 14:24:57.986941, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) PDU is in Little Endian format! [2013/11/07 14:24:57.987030, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_BIND (11) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x00a0 (160) auth_length : 0x0000 (0) call_id : 0x00000002 (2) u : union dcerpc_payload(case 11) bind: struct dcerpc_bind max_xmit_frag : 0x10b8 (4280) max_recv_frag : 0x10b8 (4280) assoc_group_id : 0x00000000 (0) num_contexts : 0x03 (3) ctx_list: ARRAY(3) ctx_list: struct dcerpc_ctx_list context_id : 0x0000 (0) num_transfer_syntaxes : 0x01 (1) abstract_syntax: struct ndr_syntax_id uuid : 12345678-1234-abcd-ef00-0123456789ab if_version : 0x00000001 (1) transfer_syntaxes: ARRAY(1) transfer_syntaxes: struct ndr_syntax_id uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 if_version : 0x00000002 (2) ctx_list: struct dcerpc_ctx_list context_id : 0x0001 (1) num_transfer_syntaxes : 0x01 (1) abstract_syntax: struct ndr_syntax_id uuid : 12345678-1234-abcd-ef00-0123456789ab if_version : 0x00000001 (1) transfer_syntaxes: ARRAY(1) transfer_syntaxes: struct ndr_syntax_id uuid : 71710533-beba-4937-8319-b5dbef9ccc36 if_version : 0x00000001 (1) ctx_list: struct dcerpc_ctx_list context_id : 0x0002 (2) num_transfer_syntaxes : 0x01 (1) abstract_syntax: struct ndr_syntax_id uuid : 12345678-1234-abcd-ef00-0123456789ab if_version : 0x00000001 (1) transfer_syntaxes: ARRAY(1) transfer_syntaxes: struct ndr_syntax_id uuid : 6cb71c2c-9812-4540-0300-000000000000 if_version : 0x00000001 (1) auth_info : DATA_BLOB length=0 [2013/11/07 14:24:57.989142, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) Processing packet type 11 [2013/11/07 14:24:57.989225, 3, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:693(api_pipe_bind_req) api_pipe_bind_req: spoolss -> spoolss rpc service [2013/11/07 14:24:57.989321, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:724(api_pipe_bind_req) api_pipe_bind_req: make response. 724 [2013/11/07 14:24:57.989403, 3, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:342(check_bind_req) check_bind_req for \spoolss [2013/11/07 14:24:57.989487, 3, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:349(check_bind_req) check_bind_req: spoolss -> spoolss rpc service [2013/11/07 14:24:57.989570, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 16 for pipe \spoolss [2013/11/07 14:24:57.989669, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_BIND_ACK (12) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0044 (68) auth_length : 0x0000 (0) call_id : 0x00000002 (2) u : union dcerpc_payload(case 12) bind_ack: struct dcerpc_bind_ack max_xmit_frag : 0x10b8 (4280) max_recv_frag : 0x10b8 (4280) assoc_group_id : 0x000053f0 (21488) secondary_address_size : 0x000e (14) secondary_address : '\PIPE\spoolss' _pad1 : DATA_BLOB length=0 num_results : 0x01 (1) ctx_list: ARRAY(1) ctx_list: struct dcerpc_ack_ctx result : 0x0000 (0) reason : 0x0000 (0) syntax: struct ndr_syntax_id uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 if_version : 0x00000002 (2) auth_info : DATA_BLOB length=0 [2013/11/07 14:24:57.990884, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 144 smbd_smb2_request_pending_queue: req->current_idx = 1 req->in.vector[0].iov_len = 0 req->in.vector[1].iov_len = 0 req->in.vector[2].iov_len = 64 req->in.vector[3].iov_len = 48 req->in.vector[4].iov_len = 160 req->out.vector[0].iov_len = 4 req->out.vector[1].iov_len = 0 req->out.vector[2].iov_len = 64 req->out.vector[3].iov_len = 8 req->out.vector[4].iov_len = 0 [2013/11/07 14:24:57.991372, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[16] dyn[yes:0] at ../source3/smbd/smb2_write.c:150 [2013/11/07 14:24:57.991459, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/213/127 [2013/11/07 14:24:57.991630, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) smbd_smb2_request_incoming: idx[1] of 5 vectors [2013/11/07 14:24:57.991722, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) smb2_validate_sequence_number: clearing id 213 (position 213) from bitmap [2013/11/07 14:24:57.991805, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) smbd_smb2_request_dispatch: opcode[SMB2_OP_IOCTL] mid = 213 [2013/11/07 14:24:57.991900, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2013/11/07 14:24:57.991988, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) mid 213, CreditCharge: 1, NeededCharge: 1 [2013/11/07 14:24:57.992071, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl.c:394(smbd_smb2_ioctl_send) smbd_smb2_ioctl: ctl_code[0x0011c017] spoolss, fnum 877850588 [2013/11/07 14:24:57.992158, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:59(smb2_ioctl_named_pipe) smbd_smb2_ioctl_send: np_write_send of size 44 [2013/11/07 14:24:57.992240, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 44 [2013/11/07 14:24:57.992322, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 44 [2013/11/07 14:24:57.992433, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 44 [2013/11/07 14:24:57.992518, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 [2013/11/07 14:24:57.992601, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 16 [2013/11/07 14:24:57.992681, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 28 [2013/11/07 14:24:57.992761, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 28 [2013/11/07 14:24:57.992844, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 0 [2013/11/07 14:24:57.992924, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 28 [2013/11/07 14:24:57.993004, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 28, incoming data = 28 [2013/11/07 14:24:57.993087, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) PDU is in Little Endian format! [2013/11/07 14:24:57.993173, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x002c (44) auth_length : 0x0000 (0) call_id : 0x00000007 (7) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x00000014 (20) context_id : 0x0000 (0) opnum : 0x001d (29) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=20 [0000] 00 00 00 00 69 01 00 00 00 00 00 00 7B 52 A9 94 ....i... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.994226, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) Processing packet type 0 [2013/11/07 14:24:57.994308, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1472(dcesrv_auth_request) Checking request auth. [2013/11/07 14:24:57.994393, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(2016, 5001) : sec_ctx_stack_ndx = 1 [2013/11/07 14:24:57.994486, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (2016, 5001) - sec_ctx_stack_ndx = 1 [2013/11/07 14:24:57.994571, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (7): SID[ 0]: S-1-5-21-1094127309-486540266-3527182606-1118 SID[ 1]: S-1-5-21-1094127309-486540266-3527182606-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-32-545 SID[ 6]: S-1-5-32-554 Privileges (0x 800000): Privilege[ 0]: SeChangeNotifyPrivilege Rights (0x 400): Right[ 0]: SeRemoteInteractiveLogonRight [2013/11/07 14:24:57.995055, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 2016 Primary group is 5001 and contains 6 supplementary groups Group[ 0]: 5001 Group[ 1]: 5012 Group[ 2]: 5032 Group[ 3]: 5010 Group[ 4]: 5067 Group[ 5]: 5052 [2013/11/07 14:24:57.995402, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1324(api_pipe_request) Requested \spoolss rpc service [2013/11/07 14:24:57.995487, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1356(api_rpcTNP) api_rpcTNP: \spoolss op 0x1d - api_rpcTNP: rpc command: SPOOLSS_CLOSEPRINTER [2013/11/07 14:24:57.995574, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1390(api_rpcTNP) api_rpc_cmds[29].fn == 0xb766a170 [2013/11/07 14:24:57.995660, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) spoolss_ClosePrinter: struct spoolss_ClosePrinter in: struct spoolss_ClosePrinter handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000169-0000-0000-7b52-a9947f2c0000 [2013/11/07 14:24:57.995942, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 69 01 00 00 00 00 00 00 7B 52 A9 94 ....i... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.996093, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 69 01 00 00 00 00 00 00 7B 52 A9 94 ....i... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.996256, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 69 01 00 00 00 00 00 00 7B 52 A9 94 ....i... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:57.996456, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:24:57.996543, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) spoolss_ClosePrinter: struct spoolss_ClosePrinter out: struct spoolss_ClosePrinter handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:24:57.996867, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1417(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2013/11/07 14:24:57.996961, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (2016, 5001) - sec_ctx_stack_ndx = 0 [2013/11/07 14:24:57.997045, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 28 smbd_smb2_request_pending_queue: req->current_idx = 1 req->in.vector[0].iov_len = 0 req->in.vector[1].iov_len = 0 req->in.vector[2].iov_len = 64 req->in.vector[3].iov_len = 56 req->in.vector[4].iov_len = 44 req->out.vector[0].iov_len = 4 req->out.vector[1].iov_len = 0 req->out.vector[2].iov_len = 64 req->out.vector[3].iov_len = 8 req->out.vector[4].iov_len = 0 [2013/11/07 14:24:57.997543, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:128(smbd_smb2_ioctl_pipe_write_done) smbd_smb2_ioctl_pipe_write_done: received 44 [2013/11/07 14:24:57.997626, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:149(smbd_smb2_ioctl_pipe_write_done) smbd_smb2_ioctl_pipe_write_done: issuing np_read_send of size 4136 [2013/11/07 14:24:57.997712, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) name: \spoolss len: 4136 [2013/11/07 14:24:57.997796, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:347(read_from_internal_pipe) read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 24. [2013/11/07 14:24:57.997890, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0030 (48) auth_length : 0x0000 (0) call_id : 0x00000007 (7) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00000018 (24) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=24 [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0010] 00 00 00 00 00 00 00 00 ........ [2013/11/07 14:24:57.998833, 3, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) free_pipe_context: destroying talloc pool of size 25 [2013/11/07 14:24:57.998934, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 48 bytes. There is no more data outstanding [2013/11/07 14:24:57.999015, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:178(smbd_smb2_ioctl_pipe_read_done) smbd_smb2_ioctl_pipe_read_done: np_read_recv nread = 48 is_data_outstanding = 0, status = NT_STATUS_OK [2013/11/07 14:24:57.999102, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl.c:291(smbd_smb2_request_ioctl_done) smbd_smb2_request_ioctl_done: smbd_smb2_ioctl_recv returned 48 status NT_STATUS_OK [2013/11/07 14:24:57.999184, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[48] dyn[yes:48] at ../source3/smbd/smb2_ioctl.c:358 [2013/11/07 14:24:57.999270, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/214/127 [2013/11/07 14:24:57.999441, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) smbd_smb2_request_incoming: idx[1] of 5 vectors [2013/11/07 14:24:57.999528, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) smb2_validate_sequence_number: clearing id 214 (position 214) from bitmap [2013/11/07 14:24:57.999611, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) smbd_smb2_request_dispatch: opcode[SMB2_OP_READ] mid = 214 [2013/11/07 14:24:57.999706, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2013/11/07 14:24:57.999793, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) mid 214, CreditCharge: 1, NeededCharge: 1 [2013/11/07 14:24:57.999876, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_read.c:400(smbd_smb2_read_send) smbd_smb2_read: spoolss - fnum 3764318751 [2013/11/07 14:24:58.000004, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) name: \spoolss len: 1024 [2013/11/07 14:24:58.000089, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:326(read_from_internal_pipe) read_from_pipe: \spoolss: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. [2013/11/07 14:24:58.000175, 3, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) free_pipe_context: destroying talloc pool of size 25 smbd_smb2_request_pending_queue: req->current_idx = 1 req->in.vector[0].iov_len = 0 req->in.vector[1].iov_len = 0 req->in.vector[2].iov_len = 64 req->in.vector[3].iov_len = 48 req->in.vector[4].iov_len = 1 req->out.vector[0].iov_len = 4 req->out.vector[1].iov_len = 0 req->out.vector[2].iov_len = 64 req->out.vector[3].iov_len = 8 req->out.vector[4].iov_len = 0 [2013/11/07 14:24:58.000700, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 68 bytes. There is no more data outstanding [2013/11/07 14:24:58.000801, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[16] dyn[yes:68] at ../source3/smbd/smb2_read.c:154 [2013/11/07 14:24:58.000887, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/215/127 [2013/11/07 14:24:58.003303, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) smbd_smb2_request_incoming: idx[1] of 5 vectors [2013/11/07 14:24:58.003445, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) smb2_validate_sequence_number: clearing id 215 (position 215) from bitmap [2013/11/07 14:24:58.003567, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) smbd_smb2_request_dispatch: opcode[SMB2_OP_READ] mid = 215 [2013/11/07 14:24:58.003740, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2013/11/07 14:24:58.003905, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) mid 215, CreditCharge: 1, NeededCharge: 1 [2013/11/07 14:24:58.003991, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_read.c:400(smbd_smb2_read_send) smbd_smb2_read: spoolss - fnum 1658646469 [2013/11/07 14:24:58.004084, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) name: \spoolss len: 1024 [2013/11/07 14:24:58.004169, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:326(read_from_internal_pipe) read_from_pipe: \spoolss: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. [2013/11/07 14:24:58.004307, 3, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) free_pipe_context: destroying talloc pool of size 25 smbd_smb2_request_pending_queue: req->current_idx = 1 req->in.vector[0].iov_len = 0 req->in.vector[1].iov_len = 0 req->in.vector[2].iov_len = 64 req->in.vector[3].iov_len = 48 req->in.vector[4].iov_len = 1 req->out.vector[0].iov_len = 4 req->out.vector[1].iov_len = 0 req->out.vector[2].iov_len = 64 req->out.vector[3].iov_len = 8 req->out.vector[4].iov_len = 0 [2013/11/07 14:24:58.004834, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 68 bytes. There is no more data outstanding [2013/11/07 14:24:58.004952, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[16] dyn[yes:68] at ../source3/smbd/smb2_read.c:154 [2013/11/07 14:24:58.005039, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/216/127 [2013/11/07 14:24:58.005210, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) smbd_smb2_request_incoming: idx[1] of 5 vectors [2013/11/07 14:24:58.005336, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) smb2_validate_sequence_number: clearing id 216 (position 216) from bitmap [2013/11/07 14:24:58.005420, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) smbd_smb2_request_dispatch: opcode[SMB2_OP_CLOSE] mid = 216 [2013/11/07 14:24:58.005535, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2013/11/07 14:24:58.005624, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_close.c:185(smbd_smb2_close) smbd_smb2_close: spoolss - fnum 877850588 [2013/11/07 14:24:58.005717, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap.c:187(dbwrap_check_lock_order) check lock order 1 for /var/run/samba/smbXsrv_open_global.tdb [2013/11/07 14:24:58.005798, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) lock order: 1:/var/run/samba/smbXsrv_open_global.tdb 2: 3: [2013/11/07 14:24:58.005958, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) Locking key 9892B4AC [2013/11/07 14:24:58.006057, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap_tdb.c:143(db_tdb_fetch_locked_internal) Allocated locked data 0x0xb81e70e0 [2013/11/07 14:24:58.006152, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) Unlocking key 9892B4AC [2013/11/07 14:24:58.006235, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor) release lock order 1 for /var/run/samba/smbXsrv_open_global.tdb [2013/11/07 14:24:58.006315, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) lock order: 1: 2: 3: [2013/11/07 14:24:58.006418, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/files.c:525(file_free) freed files structure 877850588 (2 used) [2013/11/07 14:24:58.006525, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[60] dyn[no:0] at ../source3/smbd/smb2_close.c:139 [2013/11/07 14:24:58.006611, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/217/127 [2013/11/07 14:24:58.006767, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) smbd_smb2_request_incoming: idx[1] of 5 vectors [2013/11/07 14:24:58.006859, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) smb2_validate_sequence_number: clearing id 217 (position 217) from bitmap [2013/11/07 14:24:58.006950, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) smbd_smb2_request_dispatch: opcode[SMB2_OP_IOCTL] mid = 217 [2013/11/07 14:24:58.007043, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2013/11/07 14:24:58.007129, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) mid 217, CreditCharge: 1, NeededCharge: 1 [2013/11/07 14:24:58.007211, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl.c:394(smbd_smb2_ioctl_send) smbd_smb2_ioctl: ctl_code[0x0011c017] spoolss, fnum 3764318751 [2013/11/07 14:24:58.007298, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:59(smb2_ioctl_named_pipe) smbd_smb2_ioctl_send: np_write_send of size 1452 [2013/11/07 14:24:58.007378, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 1452 [2013/11/07 14:24:58.007460, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 1452 [2013/11/07 14:24:58.007557, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 1452 [2013/11/07 14:24:58.007639, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) fill_rpc_header: data_to_copy = 1452, len_needed_to_complete_hdr = 16, receive_len = 0 [2013/11/07 14:24:58.007721, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 16 [2013/11/07 14:24:58.007800, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 1436 [2013/11/07 14:24:58.007880, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 1436 [2013/11/07 14:24:58.007967, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 0 [2013/11/07 14:24:58.008046, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 1436 [2013/11/07 14:24:58.008159, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 1436, incoming data = 1436 [2013/11/07 14:24:58.008245, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) PDU is in Little Endian format! [2013/11/07 14:24:58.008334, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x05ac (1452) auth_length : 0x0000 (0) call_id : 0x00000002 (2) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x00000594 (1428) context_id : 0x0000 (0) opnum : 0x0045 (69) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=1428 [0000] 00 00 02 00 13 00 00 00 00 00 00 00 13 00 00 00 ........ ........ [0010] 5C 00 5C 00 53 00 4C 00 41 00 56 00 45 00 52 00 \.\.S.L. A.V.E.R. [0020] 5C 00 73 00 70 00 72 00 69 00 6E 00 74 00 65 00 \.s.p.r. i.n.t.e. [0030] 72 00 31 00 00 00 00 00 04 00 02 00 04 00 00 00 r.1..... ........ [0040] 00 00 00 00 04 00 00 00 52 00 41 00 57 00 00 00 ........ R.A.W... [0050] D4 04 00 00 08 00 02 00 D4 04 00 00 5C 00 5C 00 ........ ....\.\. [0060] 53 00 4C 00 41 00 56 00 45 00 52 00 5C 00 73 00 S.L.A.V. E.R.\.s. [0070] 70 00 72 00 69 00 6E 00 74 00 65 00 72 00 31 00 p.r.i.n. t.e.r.1. [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 01 04 03 06 ........ ........ [00A0] DC 00 F8 03 43 AF 00 02 01 00 09 00 9A 0B 34 08 ....C... ......4. [00B0] 64 00 01 00 0F 00 58 02 02 00 01 00 58 02 03 00 d.....X. ....X... [00C0] 01 00 41 00 34 00 00 00 00 00 00 00 00 00 00 00 ..A.4... ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 01 00 00 00 00 00 00 00 01 00 00 00 02 00 00 00 ........ ........ [0120] 01 00 00 00 FF FF FF FF 47 49 53 34 00 00 00 00 ........ GIS4.... [0130] 00 00 00 00 00 00 00 00 44 49 4E 55 22 00 80 01 ........ DINU"... [0140] DC 03 1C 00 7B 11 F1 64 00 00 00 00 00 00 00 00 ....{..d ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 0D 00 00 00 01 00 00 00 00 00 00 00 ........ ........ [0170] 01 00 00 00 00 00 03 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0360] 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 ........ ........ [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0390] 00 00 00 00 80 01 00 00 53 4D 54 4A 00 00 00 00 ........ SMTJ.... [03A0] 10 00 70 01 7B 00 39 00 31 00 32 00 35 00 42 00 ..p.{.9. 1.2.5.B. [03B0] 45 00 32 00 31 00 2D 00 44 00 45 00 41 00 42 00 E.2.1.-. D.E.A.B. [03C0] 2D 00 34 00 44 00 39 00 30 00 2D 00 41 00 31 00 -.4.D.9. 0.-.A.1. [03D0] 43 00 31 00 2D 00 30 00 42 00 32 00 34 00 30 00 C.1.-.0. B.2.4.0. [03E0] 43 00 46 00 42 00 38 00 45 00 46 00 31 00 7D 00 C.F.B.8. E.F.1.}. [03F0] 00 00 49 6E 70 75 74 42 69 6E 00 41 55 54 4F 00 ..InputB in.AUTO. [0400] 52 45 53 44 4C 4C 00 55 6E 69 72 65 73 44 4C 4C RESDLL.U niresDLL [0410] 00 4A 6F 62 4E 55 70 41 6C 6C 44 6F 63 75 6D 65 .JobNUpA llDocume [0420] 6E 74 73 43 6F 6E 74 69 67 75 6F 75 73 6C 79 00 ntsConti guously. [0430] 31 00 4F 72 69 65 6E 74 61 74 69 6F 6E 00 50 4F 1.Orient ation.PO [0440] 52 54 52 41 49 54 00 43 6F 6C 6C 61 74 65 00 4F RTRAIT.C ollate.O [0450] 4E 00 52 65 73 6F 6C 75 74 69 6F 6E 00 72 36 30 N.Resolu tion.r60 [0460] 30 78 36 30 30 00 43 6F 6C 6F 72 4D 6F 64 65 00 0x600.Co lorMode. [0470] 43 6F 6C 6F 72 00 50 61 70 65 72 53 69 7A 65 00 Color.Pa perSize. [0480] 41 34 00 4D 65 64 69 61 54 79 70 65 00 53 54 41 A4.Media Type.STA [0490] 4E 44 41 52 44 00 48 61 6C 66 74 6F 6E 65 00 48 NDARD.Ha lftone.H [04A0] 54 5F 50 41 54 53 49 5A 45 5F 41 55 54 4F 00 50 T_PATSIZ E_AUTO.P [04B0] 61 67 65 42 6F 72 64 65 72 6C 65 73 73 00 4E 6F ageBorde rless.No [04C0] 6E 65 00 50 61 67 65 4F 75 74 70 75 74 51 75 61 ne.PageO utputQua [04D0] 6C 69 74 79 00 41 75 74 6F 6D 61 74 69 63 00 4A lity.Aut omatic.J [04E0] 6F 62 50 61 67 65 4F 72 64 65 72 00 53 74 61 6E obPageOr der.Stan [04F0] 64 61 72 64 00 00 00 00 00 00 00 00 00 00 00 00 dard.... ........ [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0510] 00 00 00 00 1C 00 00 00 56 34 44 4D 01 00 00 00 ........ V4DM.... [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0530] 08 00 00 00 01 00 00 00 01 00 00 00 0C 00 02 00 ........ ........ [0540] 28 00 00 00 10 00 02 00 14 00 02 00 80 25 00 00 (....... .....%.. [0550] 03 00 00 00 00 00 00 00 09 00 00 00 05 00 00 00 ........ ........ [0560] 00 00 00 00 05 00 00 00 57 00 49 00 4E 00 38 00 ........ W.I.N.8. [0570] 00 00 00 00 0A 00 00 00 00 00 00 00 0A 00 00 00 ........ ........ [0580] 46 00 46 00 46 00 5C 00 74 00 65 00 73 00 74 00 F.F.F.\. t.e.s.t. [0590] 38 00 00 00 8... [2013/11/07 14:24:58.021351, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) Processing packet type 0 [2013/11/07 14:24:58.021440, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1472(dcesrv_auth_request) Checking request auth. [2013/11/07 14:24:58.021534, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(2016, 5001) : sec_ctx_stack_ndx = 1 [2013/11/07 14:24:58.021624, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (2016, 5001) - sec_ctx_stack_ndx = 1 [2013/11/07 14:24:58.021708, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (7): SID[ 0]: S-1-5-21-1094127309-486540266-3527182606-1118 SID[ 1]: S-1-5-21-1094127309-486540266-3527182606-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-32-545 SID[ 6]: S-1-5-32-554 Privileges (0x 800000): Privilege[ 0]: SeChangeNotifyPrivilege Rights (0x 400): Right[ 0]: SeRemoteInteractiveLogonRight [2013/11/07 14:24:58.022190, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 2016 Primary group is 5001 and contains 6 supplementary groups Group[ 0]: 5001 Group[ 1]: 5012 Group[ 2]: 5032 Group[ 3]: 5010 Group[ 4]: 5067 Group[ 5]: 5052 [2013/11/07 14:24:58.022535, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1324(api_pipe_request) Requested \spoolss rpc service [2013/11/07 14:24:58.022621, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1356(api_rpcTNP) api_rpcTNP: \spoolss op 0x45 - api_rpcTNP: rpc command: SPOOLSS_OPENPRINTEREX [2013/11/07 14:24:58.022722, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1390(api_rpcTNP) api_rpc_cmds[69].fn == 0xb7662e70 [2013/11/07 14:24:58.022824, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) spoolss_OpenPrinterEx: struct spoolss_OpenPrinterEx in: struct spoolss_OpenPrinterEx printername : * printername : '\\SLAVER\sprinter1' datatype : * datatype : 'RAW' devmode_ctr: struct spoolss_DevmodeContainer _ndr_size : 0x000004d4 (1236) devmode : * devmode: struct spoolss_DeviceMode devicename : '\\SLAVER\sprinter1' specversion : DMSPEC_NT4_AND_ABOVE (1025) driverversion : 0x0603 (1539) size : 0x00dc (220) __driverextra_length : 0x03f8 (1016) fields : 0x0200af43 (33599299) 1: DEVMODE_ORIENTATION 1: DEVMODE_PAPERSIZE 0: DEVMODE_PAPERLENGTH 0: DEVMODE_PAPERWIDTH 0: DEVMODE_SCALE 0: DEVMODE_POSITION 1: DEVMODE_NUP 1: DEVMODE_COPIES 1: DEVMODE_DEFAULTSOURCE 1: DEVMODE_PRINTQUALITY 1: DEVMODE_COLOR 0: DEVMODE_DUPLEX 1: DEVMODE_YRESOLUTION 0: DEVMODE_TTOPTION 1: DEVMODE_COLLATE 0: DEVMODE_FORMNAME 0: DEVMODE_LOGPIXELS 0: DEVMODE_BITSPERPEL 0: DEVMODE_PELSWIDTH 0: DEVMODE_PELSHEIGHT 0: DEVMODE_DISPLAYFLAGS 0: DEVMODE_DISPLAYFREQUENCY 0: DEVMODE_ICMMETHOD 0: DEVMODE_ICMINTENT 1: DEVMODE_MEDIATYPE 0: DEVMODE_DITHERTYPE 0: DEVMODE_PANNINGWIDTH 0: DEVMODE_PANNINGHEIGHT orientation : DMORIENT_PORTRAIT (1) papersize : DMPAPER_A4 (9) paperlength : 0x0b9a (2970) paperwidth : 0x0834 (2100) scale : 0x0064 (100) copies : 0x0001 (1) defaultsource : DMBIN_FORMSOURCE (15) printquality : UNKNOWN_ENUM_VALUE (600) color : DMRES_COLOR (2) duplex : DMDUP_SIMPLEX (1) yresolution : 0x0258 (600) ttoption : DMTT_SUBDEV (3) collate : DMCOLLATE_TRUE (1) formname : 'A4' logpixels : 0x0000 (0) bitsperpel : 0x00000000 (0) pelswidth : 0x00000000 (0) pelsheight : 0x00000000 (0) displayflags : DMNUP_SYSTEM (1) displayfrequency : 0x00000000 (0) icmmethod : DMICMMETHOD_NONE (1) icmintent : DMICM_CONTRAST (2) mediatype : DMMEDIA_STANDARD (1) dithertype : UNKNOWN_ENUM_VALUE (-1) reserved1 : 0x34534947 (877873479) reserved2 : 0x00000000 (0) panningwidth : 0x00000000 (0) panningheight : 0x00000000 (0) driverextra_data : DATA_BLOB length=1016 [0000] 44 49 4E 55 22 00 80 01 DC 03 1C 00 7B 11 F1 64 DINU"... ....{..d [0010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0020] 00 00 00 00 00 00 00 00 00 00 00 00 0D 00 00 00 ........ ........ [0030] 01 00 00 00 00 00 00 00 01 00 00 00 00 00 03 00 ........ ........ [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0230] 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0250] 00 00 00 00 00 00 00 00 00 00 00 00 80 01 00 00 ........ ........ [0260] 53 4D 54 4A 00 00 00 00 10 00 70 01 7B 00 39 00 SMTJ.... ..p.{.9. [0270] 31 00 32 00 35 00 42 00 45 00 32 00 31 00 2D 00 1.2.5.B. E.2.1.-. [0280] 44 00 45 00 41 00 42 00 2D 00 34 00 44 00 39 00 D.E.A.B. -.4.D.9. [0290] 30 00 2D 00 41 00 31 00 43 00 31 00 2D 00 30 00 0.-.A.1. C.1.-.0. [02A0] 42 00 32 00 34 00 30 00 43 00 46 00 42 00 38 00 B.2.4.0. C.F.B.8. [02B0] 45 00 46 00 31 00 7D 00 00 00 49 6E 70 75 74 42 E.F.1.}. ..InputB [02C0] 69 6E 00 41 55 54 4F 00 52 45 53 44 4C 4C 00 55 in.AUTO. RESDLL.U [02D0] 6E 69 72 65 73 44 4C 4C 00 4A 6F 62 4E 55 70 41 niresDLL .JobNUpA [02E0] 6C 6C 44 6F 63 75 6D 65 6E 74 73 43 6F 6E 74 69 llDocume ntsConti [02F0] 67 75 6F 75 73 6C 79 00 31 00 4F 72 69 65 6E 74 guously. 1.Orient [0300] 61 74 69 6F 6E 00 50 4F 52 54 52 41 49 54 00 43 ation.PO RTRAIT.C [0310] 6F 6C 6C 61 74 65 00 4F 4E 00 52 65 73 6F 6C 75 ollate.O N.Resolu [0320] 74 69 6F 6E 00 72 36 30 30 78 36 30 30 00 43 6F tion.r60 0x600.Co [0330] 6C 6F 72 4D 6F 64 65 00 43 6F 6C 6F 72 00 50 61 lorMode. Color.Pa [0340] 70 65 72 53 69 7A 65 00 41 34 00 4D 65 64 69 61 perSize. A4.Media [0350] 54 79 70 65 00 53 54 41 4E 44 41 52 44 00 48 61 Type.STA NDARD.Ha [0360] 6C 66 74 6F 6E 65 00 48 54 5F 50 41 54 53 49 5A lftone.H T_PATSIZ [0370] 45 5F 41 55 54 4F 00 50 61 67 65 42 6F 72 64 65 E_AUTO.P ageBorde [0380] 72 6C 65 73 73 00 4E 6F 6E 65 00 50 61 67 65 4F rless.No ne.PageO [0390] 75 74 70 75 74 51 75 61 6C 69 74 79 00 41 75 74 utputQua lity.Aut [03A0] 6F 6D 61 74 69 63 00 4A 6F 62 50 61 67 65 4F 72 omatic.J obPageOr [03B0] 64 65 72 00 53 74 61 6E 64 61 72 64 00 00 00 00 der.Stan dard.... [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 1C 00 00 00 ........ ........ [03E0] 56 34 44 4D 01 00 00 00 00 00 00 00 00 00 00 00 V4DM.... ........ [03F0] 00 00 00 00 00 00 00 00 ........ access_mask : 0x00000008 (8) 0: SERVER_ACCESS_ADMINISTER 0: SERVER_ACCESS_ENUMERATE 0: PRINTER_ACCESS_ADMINISTER 1: PRINTER_ACCESS_USE 0: JOB_ACCESS_ADMINISTER 0: JOB_ACCESS_READ userlevel_ctr: struct spoolss_UserLevelCtr level : 0x00000001 (1) user_info : union spoolss_UserLevel(case 1) level1 : * level1: struct spoolss_UserLevel1 size : 0x00000028 (40) client : * client : 'WIN8' user : * user : 'FFF\test8' build : 0x00002580 (9600) major : UNKNOWN_ENUM_VALUE (3) minor : SPOOLSS_MINOR_VERSION_0 (0) processor : PROCESSOR_ARCHITECTURE_AMD64 (9) checking name: \\SLAVER\sprinter1 [2013/11/07 14:24:58.031048, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:737(open_printer_hnd) open_printer_hnd: name [\\SLAVER\sprinter1] [2013/11/07 14:24:58.031143, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 7E 01 00 00 00 00 00 00 7B 52 AA 94 ....~... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.031295, 3, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:506(set_printer_hnd_printertype) Setting printer type=\\SLAVER\sprinter1 Printer is a printer [2013/11/07 14:24:58.031427, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:566(set_printer_hnd_name) Setting printer name=\\SLAVER\sprinter1 (len=18) searching for [sprinter1] [2013/11/07 14:24:58.031585, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=tdb] ../source3/lib/gencache.c:275(gencache_set_data_blob) Did not store value for PRINTERNAME/sprinter1, we already got it set_printer_hnd_name: Printer found: sprinter1 -> sprinter1 [2013/11/07 14:24:58.031704, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:773(open_printer_hnd) 1 printer handles active [2013/11/07 14:24:58.031787, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 7E 01 00 00 00 00 00 00 7B 52 AA 94 ....~... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.031936, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 7E 01 00 00 00 00 00 00 7B 52 AA 94 ....~... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.032083, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:489(get_printer_snum) short name:sprinter1 [2013/11/07 14:24:58.032187, 3, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/access.c:338(allow_access) Allowed connection from 10.200.7.61 (10.200.7.61) [2013/11/07 14:24:58.032449, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/share_access.c:237(user_ok_token) user_ok_token: share sprinter1 is ok for unix user test8 [2013/11/07 14:24:58.032612, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) Create pipe requested \winreg [2013/11/07 14:24:58.032704, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:221(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \winreg [2013/11/07 14:24:58.032786, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg [2013/11/07 14:24:58.032923, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) Created internal pipe \winreg [2013/11/07 14:24:58.033036, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:24:58.033710, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2013/11/07 14:24:58.033798, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(2016, 5001) : sec_ctx_stack_ndx = 2 [2013/11/07 14:24:58.033886, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:485(push_conn_ctx) push_conn_ctx(2620291195) : conn_ctx_stack_ndx = 0 [2013/11/07 14:24:58.033969, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/11/07 14:24:58.034066, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/11/07 14:24:58.034147, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/11/07 14:24:58.034385, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (2016, 5001) - sec_ctx_stack_ndx = 1 [2013/11/07 14:24:58.034471, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:866(regdb_open) regdb_open: registry db opened. refcount reset (1) [2013/11/07 14:24:58.034558, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2013/11/07 14:24:58.034639, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2013/11/07 14:24:58.034723, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:58.034803, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM] [2013/11/07 14:24:58.034932, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2013/11/07 14:24:58.035037, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:24:58.035124, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 7F 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.035277, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000017f-0000-0000-7b52-aa947f2c0000 result : WERR_OK [2013/11/07 14:24:58.035641, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000017f-0000-0000-7b52-aa947f2c0000 keyname: struct winreg_String name_len : 0x008c (140) name_size : 0x008c (140) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:24:58.036711, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 7F 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.036867, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2013/11/07 14:24:58.036950, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (1->2) [2013/11/07 14:24:58.037034, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2013/11/07 14:24:58.037114, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2013/11/07 14:24:58.037198, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:58.037291, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE] [2013/11/07 14:24:58.037405, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2013/11/07 14:24:58.037507, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2013/11/07 14:24:58.037588, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (2->3) [2013/11/07 14:24:58.037673, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:58.037753, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:58.037837, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:58.037916, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:58.038023, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:58.038124, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2013/11/07 14:24:58.038206, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (3->4) [2013/11/07 14:24:58.038291, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:58.038370, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:58.038469, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:58.038548, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:58.038650, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:58.038750, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2013/11/07 14:24:58.038832, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (4->5) [2013/11/07 14:24:58.038917, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:58.038997, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:58.039083, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:58.039162, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:58.039286, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2013/11/07 14:24:58.039370, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (5->6) [2013/11/07 14:24:58.039458, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:58.039539, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:58.039627, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:58.039707, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:58.039817, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2013/11/07 14:24:58.039899, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (6->7) [2013/11/07 14:24:58.039985, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:58.040066, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:58.040168, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:58.040248, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:58.040353, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:58.040491, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [sprinter1] [2013/11/07 14:24:58.040574, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (7->8) [2013/11/07 14:24:58.040661, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:58.040742, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:58.040829, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:58.040909, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:58.041035, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:58.041140, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:24:58.041225, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (8->7) [2013/11/07 14:24:58.041339, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (7->6) [2013/11/07 14:24:58.041424, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (6->5) [2013/11/07 14:24:58.041506, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (5->4) [2013/11/07 14:24:58.041589, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (4->3) [2013/11/07 14:24:58.041672, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (3->2) [2013/11/07 14:24:58.041756, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 80 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.041921, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000180-0000-0000-7b52-aa947f2c0000 result : WERR_OK [2013/11/07 14:24:58.042284, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000180-0000-0000-7b52-aa947f2c0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2013/11/07 14:24:58.043053, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 80 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.043202, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:58.043284, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2013/11/07 14:24:58.043368, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' (ops 0xb6d86bc0) [2013/11/07 14:24:58.043452, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:58.043574, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[0]: name[Attributes] len[4] [2013/11/07 14:24:58.043659, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[1]: name[Description] len[2] [2013/11/07 14:24:58.043743, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[2]: name[Datatype] len[8] [2013/11/07 14:24:58.043828, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[3]: name[Default Priority] len[4] [2013/11/07 14:24:58.043912, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[4]: name[Port] len[38] [2013/11/07 14:24:58.044012, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[5]: name[Name] len[20] [2013/11/07 14:24:58.044096, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[6]: name[Print Processor] len[18] [2013/11/07 14:24:58.044181, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[7]: name[Priority] len[4] [2013/11/07 14:24:58.044266, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[8]: name[Security] len[248] [2013/11/07 14:24:58.044352, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[9]: name[Share Name] len[20] [2013/11/07 14:24:58.044536, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[10]: name[StartTime] len[4] [2013/11/07 14:24:58.044625, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[11]: name[UntilTime] len[4] [2013/11/07 14:24:58.044711, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[12]: name[ChangeID] len[4] [2013/11/07 14:24:58.044799, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : NULL data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x00000000 (0) result : WERR_OK [2013/11/07 14:24:58.045264, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000180-0000-0000-7b52-aa947f2c0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_BINARY (3) data : * data: ARRAY(0) data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x00000000 (0) [2013/11/07 14:24:58.046090, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 80 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.046243, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:58.046343, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2013/11/07 14:24:58.046432, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : * data: ARRAY(248) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0xc4 (196) [55] : 0x00 (0) [56] : 0x07 (7) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x24 (36) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x05 (5) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x15 (21) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0xcd (205) [101] : 0x0e (14) [102] : 0x37 (55) [103] : 0x41 (65) [104] : 0xea (234) [105] : 0x03 (3) [106] : 0x00 (0) [107] : 0x1d (29) [108] : 0x0e (14) [109] : 0x89 (137) [110] : 0x3c (60) [111] : 0xd2 (210) [112] : 0x00 (0) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x02 (2) [118] : 0x24 (36) [119] : 0x00 (0) [120] : 0x0c (12) [121] : 0x00 (0) [122] : 0x0f (15) [123] : 0x10 (16) [124] : 0x01 (1) [125] : 0x05 (5) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x05 (5) [132] : 0x15 (21) [133] : 0x00 (0) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0xcd (205) [137] : 0x0e (14) [138] : 0x37 (55) [139] : 0x41 (65) [140] : 0xea (234) [141] : 0x03 (3) [142] : 0x00 (0) [143] : 0x1d (29) [144] : 0x0e (14) [145] : 0x89 (137) [146] : 0x3c (60) [147] : 0xd2 (210) [148] : 0x00 (0) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x09 (9) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x20 (32) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x02 (2) [178] : 0x18 (24) [179] : 0x00 (0) [180] : 0x0c (12) [181] : 0x00 (0) [182] : 0x0f (15) [183] : 0x10 (16) [184] : 0x01 (1) [185] : 0x02 (2) [186] : 0x00 (0) [187] : 0x00 (0) [188] : 0x00 (0) [189] : 0x00 (0) [190] : 0x00 (0) [191] : 0x05 (5) [192] : 0x20 (32) [193] : 0x00 (0) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x20 (32) [197] : 0x02 (2) [198] : 0x00 (0) [199] : 0x00 (0) [200] : 0x00 (0) [201] : 0x09 (9) [202] : 0x18 (24) [203] : 0x00 (0) [204] : 0x0c (12) [205] : 0x00 (0) [206] : 0x0f (15) [207] : 0x10 (16) [208] : 0x01 (1) [209] : 0x02 (2) [210] : 0x00 (0) [211] : 0x00 (0) [212] : 0x00 (0) [213] : 0x00 (0) [214] : 0x00 (0) [215] : 0x05 (5) [216] : 0x20 (32) [217] : 0x00 (0) [218] : 0x00 (0) [219] : 0x00 (0) [220] : 0x26 (38) [221] : 0x02 (2) [222] : 0x00 (0) [223] : 0x00 (0) [224] : 0x00 (0) [225] : 0x02 (2) [226] : 0x18 (24) [227] : 0x00 (0) [228] : 0x0c (12) [229] : 0x00 (0) [230] : 0x0f (15) [231] : 0x10 (16) [232] : 0x01 (1) [233] : 0x02 (2) [234] : 0x00 (0) [235] : 0x00 (0) [236] : 0x00 (0) [237] : 0x00 (0) [238] : 0x00 (0) [239] : 0x05 (5) [240] : 0x20 (32) [241] : 0x00 (0) [242] : 0x00 (0) [243] : 0x00 (0) [244] : 0x26 (38) [245] : 0x02 (2) [246] : 0x00 (0) [247] : 0x00 (0) data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x000000f8 (248) result : WERR_OK [2013/11/07 14:24:58.056804, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000180-0000-0000-7b52-aa947f2c0000 [2013/11/07 14:24:58.057088, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 80 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.057238, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 80 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.057414, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:24:58.057501, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (2->1) [2013/11/07 14:24:58.057584, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:24:58.057921, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000017f-0000-0000-7b52-aa947f2c0000 [2013/11/07 14:24:58.058202, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 7F 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.058354, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 7F 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.058505, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:24:58.058587, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (1->0) [2013/11/07 14:24:58.058689, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:24:58.059024, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:416(close_policy_by_pipe) Deleted handle list for RPC connection \winreg [2013/11/07 14:24:58.059118, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x20020008 to 0x00020008 [2013/11/07 14:24:58.059199, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2013/11/07 14:24:58.059280, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2013/11/07 14:24:58.059360, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2013/11/07 14:24:58.059454, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2013/11/07 14:24:58.059536, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2013/11/07 14:24:58.059616, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2013/11/07 14:24:58.059700, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/printing/nt_printing.c:1844(print_access_check) access check was SUCCESS [2013/11/07 14:24:58.059785, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:1921(_spoolss_OpenPrinterEx) Setting printer access = PRINTER_ACCESS_USE [2013/11/07 14:24:58.059938, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) Create pipe requested \winreg [2013/11/07 14:24:58.060030, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:221(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \winreg [2013/11/07 14:24:58.060113, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg [2013/11/07 14:24:58.060251, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) Created internal pipe \winreg [2013/11/07 14:24:58.060352, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:24:58.060914, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2013/11/07 14:24:58.060998, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(2016, 5001) : sec_ctx_stack_ndx = 2 [2013/11/07 14:24:58.061088, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:485(push_conn_ctx) push_conn_ctx(2620291195) : conn_ctx_stack_ndx = 0 [2013/11/07 14:24:58.061170, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/11/07 14:24:58.061251, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/11/07 14:24:58.061345, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/11/07 14:24:58.061573, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (2016, 5001) - sec_ctx_stack_ndx = 1 [2013/11/07 14:24:58.061658, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:866(regdb_open) regdb_open: registry db opened. refcount reset (1) [2013/11/07 14:24:58.061744, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2013/11/07 14:24:58.061840, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2013/11/07 14:24:58.061923, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:58.062002, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM] [2013/11/07 14:24:58.062126, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2013/11/07 14:24:58.062227, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:24:58.062315, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 81 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.062467, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000181-0000-0000-7b52-aa947f2c0000 result : WERR_OK [2013/11/07 14:24:58.062817, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000181-0000-0000-7b52-aa947f2c0000 keyname: struct winreg_String name_len : 0x008c (140) name_size : 0x008c (140) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:24:58.063814, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 81 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.063967, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2013/11/07 14:24:58.064050, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (1->2) [2013/11/07 14:24:58.064148, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2013/11/07 14:24:58.064228, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2013/11/07 14:24:58.064311, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:58.064426, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE] [2013/11/07 14:24:58.064541, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2013/11/07 14:24:58.064642, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2013/11/07 14:24:58.064725, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (2->3) [2013/11/07 14:24:58.064810, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:58.064889, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:58.064973, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:58.065053, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:58.065157, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:58.065257, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2013/11/07 14:24:58.065369, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (3->4) [2013/11/07 14:24:58.065454, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:58.065534, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:58.065619, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:58.065698, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:58.065804, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:58.065997, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2013/11/07 14:24:58.066094, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (4->5) [2013/11/07 14:24:58.066179, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:58.066261, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:58.066348, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:58.066427, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:58.066550, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2013/11/07 14:24:58.066633, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (5->6) [2013/11/07 14:24:58.066844, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:58.066952, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:58.067040, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:58.067120, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:58.067234, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2013/11/07 14:24:58.067317, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (6->7) [2013/11/07 14:24:58.067403, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:58.067483, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:58.067572, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:58.067651, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:58.067755, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:58.067858, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [sprinter1] [2013/11/07 14:24:58.067960, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (7->8) [2013/11/07 14:24:58.068047, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:58.068128, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:58.068216, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:58.068295, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:58.068463, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:58.068571, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:24:58.068657, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (8->7) [2013/11/07 14:24:58.068741, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (7->6) [2013/11/07 14:24:58.068826, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (6->5) [2013/11/07 14:24:58.068908, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (5->4) [2013/11/07 14:24:58.068991, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (4->3) [2013/11/07 14:24:58.069074, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (3->2) [2013/11/07 14:24:58.069159, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 82 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.069325, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000182-0000-0000-7b52-aa947f2c0000 result : WERR_OK [2013/11/07 14:24:58.069667, 2, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/rpc_client/cli_winreg_spoolss.c:626(winreg_create_printer) winreg_create_printer: Skipping, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1 already exists [2013/11/07 14:24:58.069766, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000182-0000-0000-7b52-aa947f2c0000 [2013/11/07 14:24:58.070060, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 82 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.070208, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 82 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.070355, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:24:58.070437, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (2->1) [2013/11/07 14:24:58.070520, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:24:58.070855, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000181-0000-0000-7b52-aa947f2c0000 [2013/11/07 14:24:58.071135, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 81 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.071282, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 81 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.071429, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:24:58.071510, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (1->0) [2013/11/07 14:24:58.071608, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:24:58.071939, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:416(close_policy_by_pipe) Deleted handle list for RPC connection \winreg [2013/11/07 14:24:58.072039, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) spoolss_OpenPrinterEx: struct spoolss_OpenPrinterEx out: struct spoolss_OpenPrinterEx handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000017e-0000-0000-7b52-aa947f2c0000 result : WERR_OK [2013/11/07 14:24:58.072485, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1417(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2013/11/07 14:24:58.072587, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (2016, 5001) - sec_ctx_stack_ndx = 0 [2013/11/07 14:24:58.072674, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 1436 smbd_smb2_request_pending_queue: req->current_idx = 1 req->in.vector[0].iov_len = 0 req->in.vector[1].iov_len = 0 req->in.vector[2].iov_len = 64 req->in.vector[3].iov_len = 56 req->in.vector[4].iov_len = 1452 req->out.vector[0].iov_len = 4 req->out.vector[1].iov_len = 0 req->out.vector[2].iov_len = 64 req->out.vector[3].iov_len = 8 req->out.vector[4].iov_len = 0 [2013/11/07 14:24:58.073173, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:128(smbd_smb2_ioctl_pipe_write_done) smbd_smb2_ioctl_pipe_write_done: received 1452 [2013/11/07 14:24:58.073257, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:149(smbd_smb2_ioctl_pipe_write_done) smbd_smb2_ioctl_pipe_write_done: issuing np_read_send of size 1024 [2013/11/07 14:24:58.073358, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) name: \spoolss len: 1024 [2013/11/07 14:24:58.073442, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:347(read_from_internal_pipe) read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 24. [2013/11/07 14:24:58.073538, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0030 (48) auth_length : 0x0000 (0) call_id : 0x00000002 (2) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00000018 (24) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=24 [0000] 00 00 00 00 7E 01 00 00 00 00 00 00 7B 52 AA 94 ....~... ....{R.. [0010] 7F 2C 00 00 00 00 00 00 .,...... [2013/11/07 14:24:58.074467, 3, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) free_pipe_context: destroying talloc pool of size 61 [2013/11/07 14:24:58.074560, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 48 bytes. There is no more data outstanding [2013/11/07 14:24:58.074716, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:178(smbd_smb2_ioctl_pipe_read_done) smbd_smb2_ioctl_pipe_read_done: np_read_recv nread = 48 is_data_outstanding = 0, status = NT_STATUS_OK [2013/11/07 14:24:58.074824, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl.c:291(smbd_smb2_request_ioctl_done) smbd_smb2_request_ioctl_done: smbd_smb2_ioctl_recv returned 48 status NT_STATUS_OK [2013/11/07 14:24:58.074908, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[48] dyn[yes:48] at ../source3/smbd/smb2_ioctl.c:358 [2013/11/07 14:24:58.074996, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/218/127 [2013/11/07 14:24:58.075213, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) smbd_smb2_request_incoming: idx[1] of 5 vectors [2013/11/07 14:24:58.075302, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) smb2_validate_sequence_number: clearing id 218 (position 218) from bitmap [2013/11/07 14:24:58.075388, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) smbd_smb2_request_dispatch: opcode[SMB2_OP_IOCTL] mid = 218 [2013/11/07 14:24:58.075492, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2013/11/07 14:24:58.075584, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) mid 218, CreditCharge: 1, NeededCharge: 1 [2013/11/07 14:24:58.075667, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl.c:394(smbd_smb2_ioctl_send) smbd_smb2_ioctl: ctl_code[0x0011c017] spoolss, fnum 1658646469 [2013/11/07 14:24:58.075756, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:59(smb2_ioctl_named_pipe) smbd_smb2_ioctl_send: np_write_send of size 192 [2013/11/07 14:24:58.075838, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 192 [2013/11/07 14:24:58.075920, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 192 [2013/11/07 14:24:58.076001, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 192 [2013/11/07 14:24:58.076083, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) fill_rpc_header: data_to_copy = 192, len_needed_to_complete_hdr = 16, receive_len = 0 [2013/11/07 14:24:58.076166, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 16 [2013/11/07 14:24:58.076246, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 176 [2013/11/07 14:24:58.076326, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 176 [2013/11/07 14:24:58.076451, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 0 [2013/11/07 14:24:58.076532, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 176 [2013/11/07 14:24:58.076628, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 176, incoming data = 176 [2013/11/07 14:24:58.076713, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) PDU is in Little Endian format! [2013/11/07 14:24:58.076802, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x00c0 (192) auth_length : 0x0000 (0) call_id : 0x00000002 (2) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x000000a8 (168) context_id : 0x0000 (0) opnum : 0x0045 (69) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=168 [0000] 00 00 02 00 13 00 00 00 00 00 00 00 13 00 00 00 ........ ........ [0010] 5C 00 5C 00 53 00 4C 00 41 00 56 00 45 00 52 00 \.\.S.L. A.V.E.R. [0020] 5C 00 73 00 70 00 72 00 69 00 6E 00 74 00 65 00 \.s.p.r. i.n.t.e. [0030] 72 00 31 00 00 00 00 00 00 00 00 00 00 00 00 00 r.1..... ........ [0040] 00 00 00 00 00 00 00 00 01 00 00 00 01 00 00 00 ........ ........ [0050] 04 00 02 00 28 00 00 00 08 00 02 00 0C 00 02 00 ....(... ........ [0060] 80 25 00 00 03 00 00 00 00 00 00 00 09 00 00 00 .%...... ........ [0070] 05 00 00 00 00 00 00 00 05 00 00 00 57 00 49 00 ........ ....W.I. [0080] 4E 00 38 00 00 00 00 00 0A 00 00 00 00 00 00 00 N.8..... ........ [0090] 0A 00 00 00 46 00 46 00 46 00 5C 00 74 00 65 00 ....F.F. F.\.t.e. [00A0] 73 00 74 00 38 00 00 00 s.t.8... [2013/11/07 14:24:58.078436, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) Processing packet type 0 [2013/11/07 14:24:58.078519, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1472(dcesrv_auth_request) Checking request auth. [2013/11/07 14:24:58.078604, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(2016, 5001) : sec_ctx_stack_ndx = 1 [2013/11/07 14:24:58.078693, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (2016, 5001) - sec_ctx_stack_ndx = 1 [2013/11/07 14:24:58.078777, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (7): SID[ 0]: S-1-5-21-1094127309-486540266-3527182606-1118 SID[ 1]: S-1-5-21-1094127309-486540266-3527182606-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-32-545 SID[ 6]: S-1-5-32-554 Privileges (0x 800000): Privilege[ 0]: SeChangeNotifyPrivilege Rights (0x 400): Right[ 0]: SeRemoteInteractiveLogonRight [2013/11/07 14:24:58.079260, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 2016 Primary group is 5001 and contains 6 supplementary groups Group[ 0]: 5001 Group[ 1]: 5012 Group[ 2]: 5032 Group[ 3]: 5010 Group[ 4]: 5067 Group[ 5]: 5052 [2013/11/07 14:24:58.079615, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1324(api_pipe_request) Requested \spoolss rpc service [2013/11/07 14:24:58.079700, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1356(api_rpcTNP) api_rpcTNP: \spoolss op 0x45 - api_rpcTNP: rpc command: SPOOLSS_OPENPRINTEREX [2013/11/07 14:24:58.079786, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1390(api_rpcTNP) api_rpc_cmds[69].fn == 0xb7662e70 [2013/11/07 14:24:58.079880, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) spoolss_OpenPrinterEx: struct spoolss_OpenPrinterEx in: struct spoolss_OpenPrinterEx printername : * printername : '\\SLAVER\sprinter1' datatype : NULL devmode_ctr: struct spoolss_DevmodeContainer _ndr_size : 0x00000000 (0) devmode : NULL access_mask : 0x00000000 (0) 0: SERVER_ACCESS_ADMINISTER 0: SERVER_ACCESS_ENUMERATE 0: PRINTER_ACCESS_ADMINISTER 0: PRINTER_ACCESS_USE 0: JOB_ACCESS_ADMINISTER 0: JOB_ACCESS_READ userlevel_ctr: struct spoolss_UserLevelCtr level : 0x00000001 (1) user_info : union spoolss_UserLevel(case 1) level1 : * level1: struct spoolss_UserLevel1 size : 0x00000028 (40) client : * client : 'WIN8' user : * user : 'FFF\test8' build : 0x00002580 (9600) major : UNKNOWN_ENUM_VALUE (3) minor : SPOOLSS_MINOR_VERSION_0 (0) processor : PROCESSOR_ARCHITECTURE_AMD64 (9) checking name: \\SLAVER\sprinter1 [2013/11/07 14:24:58.081106, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:737(open_printer_hnd) open_printer_hnd: name [\\SLAVER\sprinter1] [2013/11/07 14:24:58.081196, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 83 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.081359, 3, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:506(set_printer_hnd_printertype) Setting printer type=\\SLAVER\sprinter1 Printer is a printer [2013/11/07 14:24:58.081477, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:566(set_printer_hnd_name) Setting printer name=\\SLAVER\sprinter1 (len=18) searching for [sprinter1] [2013/11/07 14:24:58.081626, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=tdb] ../source3/lib/gencache.c:275(gencache_set_data_blob) Did not store value for PRINTERNAME/sprinter1, we already got it set_printer_hnd_name: Printer found: sprinter1 -> sprinter1 [2013/11/07 14:24:58.081743, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:773(open_printer_hnd) 2 printer handles active [2013/11/07 14:24:58.081840, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 83 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.081989, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 83 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.082135, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:489(get_printer_snum) short name:sprinter1 [2013/11/07 14:24:58.082238, 3, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/access.c:338(allow_access) Allowed connection from 10.200.7.61 (10.200.7.61) [2013/11/07 14:24:58.082441, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/share_access.c:237(user_ok_token) user_ok_token: share sprinter1 is ok for unix user test8 [2013/11/07 14:24:58.082586, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) Create pipe requested \winreg [2013/11/07 14:24:58.082675, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:221(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \winreg [2013/11/07 14:24:58.082758, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg [2013/11/07 14:24:58.082883, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) Created internal pipe \winreg [2013/11/07 14:24:58.082985, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:24:58.083488, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2013/11/07 14:24:58.083572, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(2016, 5001) : sec_ctx_stack_ndx = 2 [2013/11/07 14:24:58.083660, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:485(push_conn_ctx) push_conn_ctx(2620291195) : conn_ctx_stack_ndx = 0 [2013/11/07 14:24:58.083741, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/11/07 14:24:58.083822, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/11/07 14:24:58.083901, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/11/07 14:24:58.084124, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (2016, 5001) - sec_ctx_stack_ndx = 1 [2013/11/07 14:24:58.084224, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:866(regdb_open) regdb_open: registry db opened. refcount reset (1) [2013/11/07 14:24:58.084310, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2013/11/07 14:24:58.084436, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2013/11/07 14:24:58.084525, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:58.084605, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM] [2013/11/07 14:24:58.084729, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2013/11/07 14:24:58.084832, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:24:58.084917, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 84 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.085071, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000184-0000-0000-7b52-aa947f2c0000 result : WERR_OK [2013/11/07 14:24:58.085439, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000184-0000-0000-7b52-aa947f2c0000 keyname: struct winreg_String name_len : 0x008c (140) name_size : 0x008c (140) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:24:58.086438, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 84 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.086593, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2013/11/07 14:24:58.086691, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (1->2) [2013/11/07 14:24:58.086775, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2013/11/07 14:24:58.086855, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2013/11/07 14:24:58.086938, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:58.087018, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE] [2013/11/07 14:24:58.087129, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2013/11/07 14:24:58.087230, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2013/11/07 14:24:58.087313, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (2->3) [2013/11/07 14:24:58.087397, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:58.087476, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:58.087560, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:58.087639, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:58.087745, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:58.087845, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2013/11/07 14:24:58.087927, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (3->4) [2013/11/07 14:24:58.088011, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:58.088091, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:58.088175, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:58.088254, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:58.088355, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:58.088510, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2013/11/07 14:24:58.088592, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (4->5) [2013/11/07 14:24:58.088677, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:58.088757, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:58.088842, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:58.088921, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:58.089045, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2013/11/07 14:24:58.089129, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (5->6) [2013/11/07 14:24:58.089214, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:58.089324, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:58.089414, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:58.089493, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:58.089607, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2013/11/07 14:24:58.089690, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (6->7) [2013/11/07 14:24:58.089777, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:58.089858, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:58.089947, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:58.090026, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:58.090132, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:58.090250, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [sprinter1] [2013/11/07 14:24:58.090335, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (7->8) [2013/11/07 14:24:58.090421, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:58.090501, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:58.090588, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:58.090667, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:58.090792, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:58.090896, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:24:58.090981, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (8->7) [2013/11/07 14:24:58.091066, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (7->6) [2013/11/07 14:24:58.091150, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (6->5) [2013/11/07 14:24:58.091233, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (5->4) [2013/11/07 14:24:58.091316, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (4->3) [2013/11/07 14:24:58.091399, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (3->2) [2013/11/07 14:24:58.091483, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 85 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.091635, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000185-0000-0000-7b52-aa947f2c0000 result : WERR_OK [2013/11/07 14:24:58.091991, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000185-0000-0000-7b52-aa947f2c0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2013/11/07 14:24:58.092841, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 85 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.092991, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:58.093074, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2013/11/07 14:24:58.093157, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' (ops 0xb6d86bc0) [2013/11/07 14:24:58.093241, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:58.093378, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[0]: name[Attributes] len[4] [2013/11/07 14:24:58.093463, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[1]: name[Description] len[2] [2013/11/07 14:24:58.093547, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[2]: name[Datatype] len[8] [2013/11/07 14:24:58.093632, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[3]: name[Default Priority] len[4] [2013/11/07 14:24:58.093717, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[4]: name[Port] len[38] [2013/11/07 14:24:58.093802, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[5]: name[Name] len[20] [2013/11/07 14:24:58.093886, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[6]: name[Print Processor] len[18] [2013/11/07 14:24:58.093971, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[7]: name[Priority] len[4] [2013/11/07 14:24:58.094071, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[8]: name[Security] len[248] [2013/11/07 14:24:58.094157, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[9]: name[Share Name] len[20] [2013/11/07 14:24:58.094243, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[10]: name[StartTime] len[4] [2013/11/07 14:24:58.094328, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[11]: name[UntilTime] len[4] [2013/11/07 14:24:58.094438, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[12]: name[ChangeID] len[4] [2013/11/07 14:24:58.094526, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : NULL data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x00000000 (0) result : WERR_OK [2013/11/07 14:24:58.095006, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000185-0000-0000-7b52-aa947f2c0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_BINARY (3) data : * data: ARRAY(0) data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x00000000 (0) [2013/11/07 14:24:58.095817, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 85 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.095969, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:58.096051, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2013/11/07 14:24:58.096139, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : * data: ARRAY(248) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0xc4 (196) [55] : 0x00 (0) [56] : 0x07 (7) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x24 (36) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x05 (5) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x15 (21) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0xcd (205) [101] : 0x0e (14) [102] : 0x37 (55) [103] : 0x41 (65) [104] : 0xea (234) [105] : 0x03 (3) [106] : 0x00 (0) [107] : 0x1d (29) [108] : 0x0e (14) [109] : 0x89 (137) [110] : 0x3c (60) [111] : 0xd2 (210) [112] : 0x00 (0) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x02 (2) [118] : 0x24 (36) [119] : 0x00 (0) [120] : 0x0c (12) [121] : 0x00 (0) [122] : 0x0f (15) [123] : 0x10 (16) [124] : 0x01 (1) [125] : 0x05 (5) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x05 (5) [132] : 0x15 (21) [133] : 0x00 (0) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0xcd (205) [137] : 0x0e (14) [138] : 0x37 (55) [139] : 0x41 (65) [140] : 0xea (234) [141] : 0x03 (3) [142] : 0x00 (0) [143] : 0x1d (29) [144] : 0x0e (14) [145] : 0x89 (137) [146] : 0x3c (60) [147] : 0xd2 (210) [148] : 0x00 (0) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x09 (9) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x20 (32) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x02 (2) [178] : 0x18 (24) [179] : 0x00 (0) [180] : 0x0c (12) [181] : 0x00 (0) [182] : 0x0f (15) [183] : 0x10 (16) [184] : 0x01 (1) [185] : 0x02 (2) [186] : 0x00 (0) [187] : 0x00 (0) [188] : 0x00 (0) [189] : 0x00 (0) [190] : 0x00 (0) [191] : 0x05 (5) [192] : 0x20 (32) [193] : 0x00 (0) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x20 (32) [197] : 0x02 (2) [198] : 0x00 (0) [199] : 0x00 (0) [200] : 0x00 (0) [201] : 0x09 (9) [202] : 0x18 (24) [203] : 0x00 (0) [204] : 0x0c (12) [205] : 0x00 (0) [206] : 0x0f (15) [207] : 0x10 (16) [208] : 0x01 (1) [209] : 0x02 (2) [210] : 0x00 (0) [211] : 0x00 (0) [212] : 0x00 (0) [213] : 0x00 (0) [214] : 0x00 (0) [215] : 0x05 (5) [216] : 0x20 (32) [217] : 0x00 (0) [218] : 0x00 (0) [219] : 0x00 (0) [220] : 0x26 (38) [221] : 0x02 (2) [222] : 0x00 (0) [223] : 0x00 (0) [224] : 0x00 (0) [225] : 0x02 (2) [226] : 0x18 (24) [227] : 0x00 (0) [228] : 0x0c (12) [229] : 0x00 (0) [230] : 0x0f (15) [231] : 0x10 (16) [232] : 0x01 (1) [233] : 0x02 (2) [234] : 0x00 (0) [235] : 0x00 (0) [236] : 0x00 (0) [237] : 0x00 (0) [238] : 0x00 (0) [239] : 0x05 (5) [240] : 0x20 (32) [241] : 0x00 (0) [242] : 0x00 (0) [243] : 0x00 (0) [244] : 0x26 (38) [245] : 0x02 (2) [246] : 0x00 (0) [247] : 0x00 (0) data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x000000f8 (248) result : WERR_OK [2013/11/07 14:24:58.106591, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000185-0000-0000-7b52-aa947f2c0000 [2013/11/07 14:24:58.106876, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 85 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.107030, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 85 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.107181, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:24:58.107268, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (2->1) [2013/11/07 14:24:58.107352, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:24:58.107707, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000184-0000-0000-7b52-aa947f2c0000 [2013/11/07 14:24:58.107987, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 84 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.108140, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 84 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.108292, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:24:58.108374, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (1->0) [2013/11/07 14:24:58.108508, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:24:58.108843, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:416(close_policy_by_pipe) Deleted handle list for RPC connection \winreg [2013/11/07 14:24:58.108935, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x20020008 to 0x00020008 [2013/11/07 14:24:58.109016, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2013/11/07 14:24:58.109096, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2013/11/07 14:24:58.109175, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2013/11/07 14:24:58.109255, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2013/11/07 14:24:58.109347, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2013/11/07 14:24:58.109427, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2013/11/07 14:24:58.109510, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/printing/nt_printing.c:1844(print_access_check) access check was SUCCESS [2013/11/07 14:24:58.109608, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:1921(_spoolss_OpenPrinterEx) Setting printer access = PRINTER_ACCESS_USE [2013/11/07 14:24:58.109759, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) Create pipe requested \winreg [2013/11/07 14:24:58.109851, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:221(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \winreg [2013/11/07 14:24:58.109934, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg [2013/11/07 14:24:58.110070, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) Created internal pipe \winreg [2013/11/07 14:24:58.110171, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:24:58.110674, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2013/11/07 14:24:58.110758, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(2016, 5001) : sec_ctx_stack_ndx = 2 [2013/11/07 14:24:58.110905, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:485(push_conn_ctx) push_conn_ctx(2620291195) : conn_ctx_stack_ndx = 0 [2013/11/07 14:24:58.110987, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/11/07 14:24:58.111068, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/11/07 14:24:58.111148, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/11/07 14:24:58.111377, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (2016, 5001) - sec_ctx_stack_ndx = 1 [2013/11/07 14:24:58.111461, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:866(regdb_open) regdb_open: registry db opened. refcount reset (1) [2013/11/07 14:24:58.111546, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2013/11/07 14:24:58.111626, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2013/11/07 14:24:58.111709, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:58.111788, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM] [2013/11/07 14:24:58.111910, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2013/11/07 14:24:58.112027, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:24:58.112113, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 86 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.112267, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000186-0000-0000-7b52-aa947f2c0000 result : WERR_OK [2013/11/07 14:24:58.112673, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000186-0000-0000-7b52-aa947f2c0000 keyname: struct winreg_String name_len : 0x008c (140) name_size : 0x008c (140) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:24:58.113715, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 86 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.113875, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2013/11/07 14:24:58.113958, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (1->2) [2013/11/07 14:24:58.114042, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2013/11/07 14:24:58.114122, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2013/11/07 14:24:58.114206, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:58.114285, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE] [2013/11/07 14:24:58.114411, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2013/11/07 14:24:58.114512, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2013/11/07 14:24:58.114595, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (2->3) [2013/11/07 14:24:58.114679, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:58.114759, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:58.114842, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:58.114921, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:58.115026, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:58.115125, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2013/11/07 14:24:58.115208, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (3->4) [2013/11/07 14:24:58.115293, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:58.115372, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:58.115456, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:58.115535, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:58.115637, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:58.115805, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2013/11/07 14:24:58.115887, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (4->5) [2013/11/07 14:24:58.115972, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:58.116054, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:58.116141, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:58.116234, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:58.116358, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2013/11/07 14:24:58.116475, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (5->6) [2013/11/07 14:24:58.116561, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:58.116642, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:58.116731, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:58.116811, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:58.116919, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2013/11/07 14:24:58.117002, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (6->7) [2013/11/07 14:24:58.117088, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:58.117169, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:58.117256, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:58.117350, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:58.117454, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:58.117558, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [sprinter1] [2013/11/07 14:24:58.117639, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (7->8) [2013/11/07 14:24:58.117725, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:58.117806, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:58.117893, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:58.117986, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:58.118112, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:58.118214, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:24:58.118300, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (8->7) [2013/11/07 14:24:58.118384, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (7->6) [2013/11/07 14:24:58.118468, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (6->5) [2013/11/07 14:24:58.118550, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (5->4) [2013/11/07 14:24:58.118633, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (4->3) [2013/11/07 14:24:58.118716, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (3->2) [2013/11/07 14:24:58.118800, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 87 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.118950, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000187-0000-0000-7b52-aa947f2c0000 result : WERR_OK [2013/11/07 14:24:58.119287, 2, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/rpc_client/cli_winreg_spoolss.c:626(winreg_create_printer) winreg_create_printer: Skipping, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1 already exists [2013/11/07 14:24:58.119385, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000187-0000-0000-7b52-aa947f2c0000 [2013/11/07 14:24:58.119665, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 87 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.119816, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 87 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.119980, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:24:58.120062, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (2->1) [2013/11/07 14:24:58.120144, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:24:58.120516, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000186-0000-0000-7b52-aa947f2c0000 [2013/11/07 14:24:58.120796, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 86 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.120948, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 86 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.121099, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:24:58.121181, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (1->0) [2013/11/07 14:24:58.121290, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:24:58.121625, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:416(close_policy_by_pipe) Deleted handle list for RPC connection \winreg [2013/11/07 14:24:58.121716, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) spoolss_OpenPrinterEx: struct spoolss_OpenPrinterEx out: struct spoolss_OpenPrinterEx handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000183-0000-0000-7b52-aa947f2c0000 result : WERR_OK [2013/11/07 14:24:58.122043, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1417(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2013/11/07 14:24:58.122143, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (2016, 5001) - sec_ctx_stack_ndx = 0 [2013/11/07 14:24:58.122244, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 176 smbd_smb2_request_pending_queue: req->current_idx = 1 req->in.vector[0].iov_len = 0 req->in.vector[1].iov_len = 0 req->in.vector[2].iov_len = 64 req->in.vector[3].iov_len = 56 req->in.vector[4].iov_len = 192 req->out.vector[0].iov_len = 4 req->out.vector[1].iov_len = 0 req->out.vector[2].iov_len = 64 req->out.vector[3].iov_len = 8 req->out.vector[4].iov_len = 0 [2013/11/07 14:24:58.122740, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:128(smbd_smb2_ioctl_pipe_write_done) smbd_smb2_ioctl_pipe_write_done: received 192 [2013/11/07 14:24:58.122823, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:149(smbd_smb2_ioctl_pipe_write_done) smbd_smb2_ioctl_pipe_write_done: issuing np_read_send of size 1024 [2013/11/07 14:24:58.122908, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) name: \spoolss len: 1024 [2013/11/07 14:24:58.122992, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:347(read_from_internal_pipe) read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 24. [2013/11/07 14:24:58.123087, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0030 (48) auth_length : 0x0000 (0) call_id : 0x00000002 (2) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00000018 (24) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=24 [0000] 00 00 00 00 83 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 00 00 00 00 .,...... [2013/11/07 14:24:58.124014, 3, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) free_pipe_context: destroying talloc pool of size 61 [2013/11/07 14:24:58.124106, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 48 bytes. There is no more data outstanding [2013/11/07 14:24:58.124188, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:178(smbd_smb2_ioctl_pipe_read_done) smbd_smb2_ioctl_pipe_read_done: np_read_recv nread = 48 is_data_outstanding = 0, status = NT_STATUS_OK [2013/11/07 14:24:58.124275, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl.c:291(smbd_smb2_request_ioctl_done) smbd_smb2_request_ioctl_done: smbd_smb2_ioctl_recv returned 48 status NT_STATUS_OK [2013/11/07 14:24:58.124358, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[48] dyn[yes:48] at ../source3/smbd/smb2_ioctl.c:358 [2013/11/07 14:24:58.124498, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/219/127 [2013/11/07 14:24:58.124730, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) smbd_smb2_request_incoming: idx[1] of 5 vectors [2013/11/07 14:24:58.124887, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) smb2_validate_sequence_number: clearing id 219 (position 219) from bitmap [2013/11/07 14:24:58.124985, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) smbd_smb2_request_dispatch: opcode[SMB2_OP_CREATE] mid = 219 [2013/11/07 14:24:58.125086, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2013/11/07 14:24:58.125179, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_create.c:451(smbd_smb2_create_send) smbd_smb2_create: name[spoolss] [2013/11/07 14:24:58.125299, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap.c:187(dbwrap_check_lock_order) check lock order 1 for /var/run/samba/smbXsrv_open_global.tdb [2013/11/07 14:24:58.125382, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) lock order: 1:/var/run/samba/smbXsrv_open_global.tdb 2: 3: [2013/11/07 14:24:58.125468, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) Locking key 964CA8E7 [2013/11/07 14:24:58.125558, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap_tdb.c:143(db_tdb_fetch_locked_internal) Allocated locked data 0x0xb7f43218 [2013/11/07 14:24:58.125678, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smbXsrv_open.c:695(smbXsrv_open_global_store) [2013/11/07 14:24:58.125724, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smbXsrv_open.c:697(smbXsrv_open_global_store) smbXsrv_open_global_store: key '964CA8E7' stored [2013/11/07 14:24:58.125806, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) &global_blob: struct smbXsrv_open_globalB version : SMBXSRV_VERSION_0 (0) seqnum : 0x00000001 (1) info : union smbXsrv_open_globalU(case 0) info0 : * info0: struct smbXsrv_open_global0 db_rec : * server_id: struct server_id pid : 0x0000000000002c7f (11391) task_id : 0x00000000 (0) vnn : 0xffffffff (4294967295) unique_id : 0xf0a57ba60aba1420 (-1106342180374834144) open_global_id : 0x964ca8e7 (2521606375) open_persistent_id : 0x00000000964ca8e7 (2521606375) open_volatile_id : 0x000000001e5ad48d (509269133) open_owner : S-1-5-21-1094127309-486540266-3527182606-1118 open_time : Do Nov 7 14:24:58 2013 CET create_guid : 00000000-0000-0000-0000-000000000000 client_guid : 4a76dfb5-4795-11e3-be7a-5254003f141e app_instance_id : 00000000-0000-0000-0000-000000000000 disconnect_time : NTTIME(0) durable_timeout_msec : 0x00000000 (0) durable : 0x00 (0) backend_cookie : DATA_BLOB length=0 [2013/11/07 14:24:58.126809, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) Unlocking key 964CA8E7 [2013/11/07 14:24:58.126894, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor) release lock order 1 for /var/run/samba/smbXsrv_open_global.tdb [2013/11/07 14:24:58.126993, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) lock order: 1: 2: 3: [2013/11/07 14:24:58.127077, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smbXsrv_open.c:862(smbXsrv_open_create) [2013/11/07 14:24:58.127122, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smbXsrv_open.c:870(smbXsrv_open_create) smbXsrv_open_create: global_id (0x964ca8e7) stored [2013/11/07 14:24:58.127201, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) &open_blob: struct smbXsrv_openB version : SMBXSRV_VERSION_0 (0) reserved : 0x00000000 (0) info : union smbXsrv_openU(case 0) info0 : * info0: struct smbXsrv_open table : * db_rec : NULL local_id : 0x1e5ad48d (509269133) global : * global: struct smbXsrv_open_global0 db_rec : NULL server_id: struct server_id pid : 0x0000000000002c7f (11391) task_id : 0x00000000 (0) vnn : 0xffffffff (4294967295) unique_id : 0xf0a57ba60aba1420 (-1106342180374834144) open_global_id : 0x964ca8e7 (2521606375) open_persistent_id : 0x00000000964ca8e7 (2521606375) open_volatile_id : 0x000000001e5ad48d (509269133) open_owner : S-1-5-21-1094127309-486540266-3527182606-1118 open_time : Do Nov 7 14:24:58 2013 CET create_guid : 00000000-0000-0000-0000-000000000000 client_guid : 4a76dfb5-4795-11e3-be7a-5254003f141e app_instance_id : 00000000-0000-0000-0000-000000000000 disconnect_time : NTTIME(0) durable_timeout_msec : 0x00000000 (0) durable : 0x00 (0) backend_cookie : DATA_BLOB length=0 status : NT_STATUS_OK idle_time : Do Nov 7 14:24:58 2013 CET compat : NULL [2013/11/07 14:24:58.128599, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/files.c:125(file_new) allocated file structure fnum 509269133 (3 used) [2013/11/07 14:24:58.128692, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/files.c:713(file_name_hash) file_name_hash: /tmp/spoolss hash 0x7d4e46e5 [2013/11/07 14:24:58.128799, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) Create pipe requested \spoolss [2013/11/07 14:24:58.128889, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 16 for pipe \spoolss [2013/11/07 14:24:58.129033, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) Created internal pipe \spoolss [2013/11/07 14:24:58.129118, 8, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/dosmode.c:631(dos_mode) dos_mode: spoolss [2013/11/07 14:24:58.129218, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_create.c:1053(smbd_smb2_create_send) smbd_smb2_create_send: spoolss - fnum 509269133 [2013/11/07 14:24:58.129355, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[88] dyn[yes:0] at ../source3/smbd/smb2_create.c:369 [2013/11/07 14:24:58.129441, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/220/127 [2013/11/07 14:24:58.129654, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) smbd_smb2_request_incoming: idx[1] of 5 vectors [2013/11/07 14:24:58.129744, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) smb2_validate_sequence_number: clearing id 220 (position 220) from bitmap [2013/11/07 14:24:58.129828, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) smbd_smb2_request_dispatch: opcode[SMB2_OP_IOCTL] mid = 220 [2013/11/07 14:24:58.129925, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2013/11/07 14:24:58.130014, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) mid 220, CreditCharge: 1, NeededCharge: 1 [2013/11/07 14:24:58.130097, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl.c:394(smbd_smb2_ioctl_send) smbd_smb2_ioctl: ctl_code[0x0011c017] spoolss, fnum 3764318751 [2013/11/07 14:24:58.130185, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:59(smb2_ioctl_named_pipe) smbd_smb2_ioctl_send: np_write_send of size 4156 [2013/11/07 14:24:58.130266, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 4156 [2013/11/07 14:24:58.130349, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 4156 [2013/11/07 14:24:58.130430, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 4156 [2013/11/07 14:24:58.130512, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) fill_rpc_header: data_to_copy = 4156, len_needed_to_complete_hdr = 16, receive_len = 0 [2013/11/07 14:24:58.130595, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 16 [2013/11/07 14:24:58.130674, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 4140 [2013/11/07 14:24:58.130800, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 4140 [2013/11/07 14:24:58.130889, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 0 [2013/11/07 14:24:58.130969, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 4140 [2013/11/07 14:24:58.131049, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 4140, incoming data = 4140 [2013/11/07 14:24:58.131150, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) PDU is in Little Endian format! [2013/11/07 14:24:58.131242, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x103c (4156) auth_length : 0x0000 (0) call_id : 0x00000003 (3) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x00001024 (4132) context_id : 0x0000 (0) opnum : 0x0008 (8) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=4132 [0000] 00 00 00 00 7E 01 00 00 00 00 00 00 7B 52 AA 94 ....~... ....{R.. [0010] 7F 2C 00 00 02 00 00 00 00 00 02 00 00 10 00 00 .,...... ........ [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1020] 00 10 00 00 .... [2013/11/07 14:24:58.150001, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) Processing packet type 0 [2013/11/07 14:24:58.150090, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1472(dcesrv_auth_request) Checking request auth. [2013/11/07 14:24:58.150183, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(2016, 5001) : sec_ctx_stack_ndx = 1 [2013/11/07 14:24:58.150273, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (2016, 5001) - sec_ctx_stack_ndx = 1 [2013/11/07 14:24:58.150358, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (7): SID[ 0]: S-1-5-21-1094127309-486540266-3527182606-1118 SID[ 1]: S-1-5-21-1094127309-486540266-3527182606-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-32-545 SID[ 6]: S-1-5-32-554 Privileges (0x 800000): Privilege[ 0]: SeChangeNotifyPrivilege Rights (0x 400): Right[ 0]: SeRemoteInteractiveLogonRight [2013/11/07 14:24:58.150842, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 2016 Primary group is 5001 and contains 6 supplementary groups Group[ 0]: 5001 Group[ 1]: 5012 Group[ 2]: 5032 Group[ 3]: 5010 Group[ 4]: 5067 Group[ 5]: 5052 [2013/11/07 14:24:58.151185, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1324(api_pipe_request) Requested \spoolss rpc service [2013/11/07 14:24:58.151272, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1356(api_rpcTNP) api_rpcTNP: \spoolss op 0x8 - api_rpcTNP: rpc command: SPOOLSS_GETPRINTER [2013/11/07 14:24:58.151358, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1390(api_rpcTNP) api_rpc_cmds[8].fn == 0xb766e000 [2013/11/07 14:24:58.151447, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) spoolss_GetPrinter: struct spoolss_GetPrinter in: struct spoolss_GetPrinter handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000017e-0000-0000-7b52-aa947f2c0000 level : 0x00000002 (2) buffer : * buffer : DATA_BLOB length=4096 [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ offered : 0x00001000 (4096) [2013/11/07 14:24:58.168838, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[1] [0000] 00 00 00 00 7E 01 00 00 00 00 00 00 7B 52 AA 94 ....~... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.168989, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[1] [0000] 00 00 00 00 7E 01 00 00 00 00 00 00 7B 52 AA 94 ....~... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.169137, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:489(get_printer_snum) short name:sprinter1 [2013/11/07 14:24:58.169333, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) Create pipe requested \winreg [2013/11/07 14:24:58.169425, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:221(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \winreg [2013/11/07 14:24:58.169508, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg [2013/11/07 14:24:58.169644, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) Created internal pipe \winreg [2013/11/07 14:24:58.169761, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:24:58.170269, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2013/11/07 14:24:58.170354, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(2016, 5001) : sec_ctx_stack_ndx = 2 [2013/11/07 14:24:58.170441, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:485(push_conn_ctx) push_conn_ctx(2620291195) : conn_ctx_stack_ndx = 0 [2013/11/07 14:24:58.170523, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/11/07 14:24:58.170603, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/11/07 14:24:58.170683, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/11/07 14:24:58.170927, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (2016, 5001) - sec_ctx_stack_ndx = 1 [2013/11/07 14:24:58.171012, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:866(regdb_open) regdb_open: registry db opened. refcount reset (1) [2013/11/07 14:24:58.171098, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2013/11/07 14:24:58.171195, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2013/11/07 14:24:58.171278, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:58.171358, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM] [2013/11/07 14:24:58.171486, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2013/11/07 14:24:58.171590, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:24:58.171782, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 88 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.171941, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000188-0000-0000-7b52-aa947f2c0000 result : WERR_OK [2013/11/07 14:24:58.172309, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000188-0000-0000-7b52-aa947f2c0000 keyname: struct winreg_String name_len : 0x008c (140) name_size : 0x008c (140) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:24:58.173422, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 88 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.173582, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2013/11/07 14:24:58.173665, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (1->2) [2013/11/07 14:24:58.173764, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2013/11/07 14:24:58.173845, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2013/11/07 14:24:58.173929, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:58.174008, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE] [2013/11/07 14:24:58.174123, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2013/11/07 14:24:58.174225, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2013/11/07 14:24:58.174307, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (2->3) [2013/11/07 14:24:58.174391, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:58.174470, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:58.174554, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:58.174633, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:58.174741, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:58.174843, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2013/11/07 14:24:58.174996, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (3->4) [2013/11/07 14:24:58.175085, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:58.175164, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:58.175249, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:58.175328, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:58.175431, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:58.175532, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2013/11/07 14:24:58.175614, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (4->5) [2013/11/07 14:24:58.175714, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:58.175794, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:58.175879, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:58.175957, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:58.176080, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2013/11/07 14:24:58.176163, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (5->6) [2013/11/07 14:24:58.176247, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:58.176327, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:58.176448, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:58.176529, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:58.176636, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2013/11/07 14:24:58.176719, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (6->7) [2013/11/07 14:24:58.176805, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:58.176886, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:58.176974, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:58.177052, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:58.177156, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:58.177257, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [sprinter1] [2013/11/07 14:24:58.177371, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (7->8) [2013/11/07 14:24:58.177457, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:58.177537, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:58.177626, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:58.177706, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:58.177832, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:58.177937, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:24:58.178021, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (8->7) [2013/11/07 14:24:58.178105, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (7->6) [2013/11/07 14:24:58.178189, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (6->5) [2013/11/07 14:24:58.178272, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (5->4) [2013/11/07 14:24:58.178355, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (4->3) [2013/11/07 14:24:58.178437, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (3->2) [2013/11/07 14:24:58.178521, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 89 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.178669, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000189-0000-0000-7b52-aa947f2c0000 result : WERR_OK [2013/11/07 14:24:58.179021, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey in: struct winreg_QueryInfoKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000189-0000-0000-7b52-aa947f2c0000 classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL [2013/11/07 14:24:58.179508, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 89 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.179665, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' (ops 0xb6d86bc0) [2013/11/07 14:24:58.179748, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:58.179867, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[0]: name[Attributes] len[4] [2013/11/07 14:24:58.179952, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[1]: name[Description] len[2] [2013/11/07 14:24:58.180037, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[2]: name[Datatype] len[8] [2013/11/07 14:24:58.180120, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[3]: name[Default Priority] len[4] [2013/11/07 14:24:58.180205, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[4]: name[Port] len[38] [2013/11/07 14:24:58.180290, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[5]: name[Name] len[20] [2013/11/07 14:24:58.180374, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[6]: name[Print Processor] len[18] [2013/11/07 14:24:58.180524, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[7]: name[Priority] len[4] [2013/11/07 14:24:58.180610, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[8]: name[Security] len[248] [2013/11/07 14:24:58.180695, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[9]: name[Share Name] len[20] [2013/11/07 14:24:58.180780, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[10]: name[StartTime] len[4] [2013/11/07 14:24:58.180865, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[11]: name[UntilTime] len[4] [2013/11/07 14:24:58.180950, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[12]: name[ChangeID] len[4] [2013/11/07 14:24:58.181036, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:58.181156, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey out: struct winreg_QueryInfoKey classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL num_subkeys : * num_subkeys : 0x00000003 (3) max_subkeylen : * max_subkeylen : 0x00000022 (34) max_classlen : * max_classlen : 0x00000000 (0) num_values : * num_values : 0x0000000d (13) max_valnamelen : * max_valnamelen : 0x00000022 (34) max_valbufsize : * max_valbufsize : 0x000000f8 (248) secdescsize : * secdescsize : 0x00000078 (120) last_changed_time : * last_changed_time : NTTIME(0) result : WERR_OK [2013/11/07 14:24:58.182163, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000189-0000-0000-7b52-aa947f2c0000 enum_index : 0x00000000 (0) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:58.183013, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 89 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.183165, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:58.183253, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0016 (22) size : 0x0024 (36) name : * name : 'Attributes' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x48 (72) [1] : 0x10 (16) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:58.184143, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000189-0000-0000-7b52-aa947f2c0000 enum_index : 0x00000001 (1) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:58.185041, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 89 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.185190, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:58.185313, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0018 (24) size : 0x0024 (36) name : * name : 'Description' type : * type : REG_SZ (1) value : * value: ARRAY(2) [0] : 0x00 (0) [1] : 0x00 (0) size : * size : 0x00000002 (2) length : * length : 0x00000002 (2) result : WERR_OK [2013/11/07 14:24:58.186103, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000189-0000-0000-7b52-aa947f2c0000 enum_index : 0x00000002 (2) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:58.186957, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 89 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.187108, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:58.187195, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Datatype' type : * type : REG_SZ (1) value : * value: ARRAY(8) [0] : 0x52 (82) [1] : 0x00 (0) [2] : 0x41 (65) [3] : 0x00 (0) [4] : 0x57 (87) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) size : * size : 0x00000008 (8) length : * length : 0x00000008 (8) result : WERR_OK [2013/11/07 14:24:58.188220, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000189-0000-0000-7b52-aa947f2c0000 enum_index : 0x00000003 (3) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:58.189100, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 89 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.189266, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:58.189379, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0022 (34) size : 0x0024 (36) name : * name : 'Default Priority' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:58.190245, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000189-0000-0000-7b52-aa947f2c0000 enum_index : 0x00000004 (4) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:58.191093, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 89 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.191241, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:58.191326, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x000a (10) size : 0x0024 (36) name : * name : 'Port' type : * type : REG_SZ (1) value : * value: ARRAY(38) [0] : 0x53 (83) [1] : 0x00 (0) [2] : 0x61 (97) [3] : 0x00 (0) [4] : 0x6d (109) [5] : 0x00 (0) [6] : 0x62 (98) [7] : 0x00 (0) [8] : 0x61 (97) [9] : 0x00 (0) [10] : 0x20 (32) [11] : 0x00 (0) [12] : 0x50 (80) [13] : 0x00 (0) [14] : 0x72 (114) [15] : 0x00 (0) [16] : 0x69 (105) [17] : 0x00 (0) [18] : 0x6e (110) [19] : 0x00 (0) [20] : 0x74 (116) [21] : 0x00 (0) [22] : 0x65 (101) [23] : 0x00 (0) [24] : 0x72 (114) [25] : 0x00 (0) [26] : 0x20 (32) [27] : 0x00 (0) [28] : 0x50 (80) [29] : 0x00 (0) [30] : 0x6f (111) [31] : 0x00 (0) [32] : 0x72 (114) [33] : 0x00 (0) [34] : 0x74 (116) [35] : 0x00 (0) [36] : 0x00 (0) [37] : 0x00 (0) size : * size : 0x00000026 (38) length : * length : 0x00000026 (38) result : WERR_OK [2013/11/07 14:24:58.193575, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000189-0000-0000-7b52-aa947f2c0000 enum_index : 0x00000005 (5) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:58.194419, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 89 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.194583, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:58.194671, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x000a (10) size : 0x0024 (36) name : * name : 'Name' type : * type : REG_SZ (1) value : * value: ARRAY(20) [0] : 0x73 (115) [1] : 0x00 (0) [2] : 0x70 (112) [3] : 0x00 (0) [4] : 0x72 (114) [5] : 0x00 (0) [6] : 0x69 (105) [7] : 0x00 (0) [8] : 0x6e (110) [9] : 0x00 (0) [10] : 0x74 (116) [11] : 0x00 (0) [12] : 0x65 (101) [13] : 0x00 (0) [14] : 0x72 (114) [15] : 0x00 (0) [16] : 0x31 (49) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) size : * size : 0x00000014 (20) length : * length : 0x00000014 (20) result : WERR_OK [2013/11/07 14:24:58.196143, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000189-0000-0000-7b52-aa947f2c0000 enum_index : 0x00000006 (6) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:58.197022, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 89 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.197170, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:58.197301, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0020 (32) size : 0x0024 (36) name : * name : 'Print Processor' type : * type : REG_SZ (1) value : * value: ARRAY(18) [0] : 0x77 (119) [1] : 0x00 (0) [2] : 0x69 (105) [3] : 0x00 (0) [4] : 0x6e (110) [5] : 0x00 (0) [6] : 0x70 (112) [7] : 0x00 (0) [8] : 0x72 (114) [9] : 0x00 (0) [10] : 0x69 (105) [11] : 0x00 (0) [12] : 0x6e (110) [13] : 0x00 (0) [14] : 0x74 (116) [15] : 0x00 (0) [16] : 0x00 (0) [17] : 0x00 (0) size : * size : 0x00000012 (18) length : * length : 0x00000012 (18) result : WERR_OK [2013/11/07 14:24:58.198708, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000189-0000-0000-7b52-aa947f2c0000 enum_index : 0x00000007 (7) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:58.199553, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 89 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.199703, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:58.199804, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Priority' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:58.200698, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000189-0000-0000-7b52-aa947f2c0000 enum_index : 0x00000008 (8) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:58.201569, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 89 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.201717, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:58.201803, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Security' type : * type : REG_BINARY (3) value : * value: ARRAY(248) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0xc4 (196) [55] : 0x00 (0) [56] : 0x07 (7) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x24 (36) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x05 (5) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x15 (21) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0xcd (205) [101] : 0x0e (14) [102] : 0x37 (55) [103] : 0x41 (65) [104] : 0xea (234) [105] : 0x03 (3) [106] : 0x00 (0) [107] : 0x1d (29) [108] : 0x0e (14) [109] : 0x89 (137) [110] : 0x3c (60) [111] : 0xd2 (210) [112] : 0x00 (0) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x02 (2) [118] : 0x24 (36) [119] : 0x00 (0) [120] : 0x0c (12) [121] : 0x00 (0) [122] : 0x0f (15) [123] : 0x10 (16) [124] : 0x01 (1) [125] : 0x05 (5) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x05 (5) [132] : 0x15 (21) [133] : 0x00 (0) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0xcd (205) [137] : 0x0e (14) [138] : 0x37 (55) [139] : 0x41 (65) [140] : 0xea (234) [141] : 0x03 (3) [142] : 0x00 (0) [143] : 0x1d (29) [144] : 0x0e (14) [145] : 0x89 (137) [146] : 0x3c (60) [147] : 0xd2 (210) [148] : 0x00 (0) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x09 (9) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x20 (32) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x02 (2) [178] : 0x18 (24) [179] : 0x00 (0) [180] : 0x0c (12) [181] : 0x00 (0) [182] : 0x0f (15) [183] : 0x10 (16) [184] : 0x01 (1) [185] : 0x02 (2) [186] : 0x00 (0) [187] : 0x00 (0) [188] : 0x00 (0) [189] : 0x00 (0) [190] : 0x00 (0) [191] : 0x05 (5) [192] : 0x20 (32) [193] : 0x00 (0) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x20 (32) [197] : 0x02 (2) [198] : 0x00 (0) [199] : 0x00 (0) [200] : 0x00 (0) [201] : 0x09 (9) [202] : 0x18 (24) [203] : 0x00 (0) [204] : 0x0c (12) [205] : 0x00 (0) [206] : 0x0f (15) [207] : 0x10 (16) [208] : 0x01 (1) [209] : 0x02 (2) [210] : 0x00 (0) [211] : 0x00 (0) [212] : 0x00 (0) [213] : 0x00 (0) [214] : 0x00 (0) [215] : 0x05 (5) [216] : 0x20 (32) [217] : 0x00 (0) [218] : 0x00 (0) [219] : 0x00 (0) [220] : 0x26 (38) [221] : 0x02 (2) [222] : 0x00 (0) [223] : 0x00 (0) [224] : 0x00 (0) [225] : 0x02 (2) [226] : 0x18 (24) [227] : 0x00 (0) [228] : 0x0c (12) [229] : 0x00 (0) [230] : 0x0f (15) [231] : 0x10 (16) [232] : 0x01 (1) [233] : 0x02 (2) [234] : 0x00 (0) [235] : 0x00 (0) [236] : 0x00 (0) [237] : 0x00 (0) [238] : 0x00 (0) [239] : 0x05 (5) [240] : 0x20 (32) [241] : 0x00 (0) [242] : 0x00 (0) [243] : 0x00 (0) [244] : 0x26 (38) [245] : 0x02 (2) [246] : 0x00 (0) [247] : 0x00 (0) size : * size : 0x000000f8 (248) length : * length : 0x000000f8 (248) result : WERR_OK [2013/11/07 14:24:58.212360, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000189-0000-0000-7b52-aa947f2c0000 enum_index : 0x00000009 (9) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:58.213236, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 89 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.213399, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:58.213486, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0016 (22) size : 0x0024 (36) name : * name : 'Share Name' type : * type : REG_SZ (1) value : * value: ARRAY(20) [0] : 0x73 (115) [1] : 0x00 (0) [2] : 0x70 (112) [3] : 0x00 (0) [4] : 0x72 (114) [5] : 0x00 (0) [6] : 0x69 (105) [7] : 0x00 (0) [8] : 0x6e (110) [9] : 0x00 (0) [10] : 0x74 (116) [11] : 0x00 (0) [12] : 0x65 (101) [13] : 0x00 (0) [14] : 0x72 (114) [15] : 0x00 (0) [16] : 0x31 (49) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) size : * size : 0x00000014 (20) length : * length : 0x00000014 (20) result : WERR_OK [2013/11/07 14:24:58.214991, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000189-0000-0000-7b52-aa947f2c0000 enum_index : 0x0000000a (10) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:58.215897, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 89 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.216047, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:58.216134, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0014 (20) size : 0x0024 (36) name : * name : 'StartTime' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:58.217038, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000189-0000-0000-7b52-aa947f2c0000 enum_index : 0x0000000b (11) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:58.217911, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 89 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.218059, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:58.218145, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0014 (20) size : 0x0024 (36) name : * name : 'UntilTime' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:58.219015, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000189-0000-0000-7b52-aa947f2c0000 enum_index : 0x0000000c (12) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:58.219886, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 89 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.220034, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:58.220119, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'ChangeID' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x33 (51) [1] : 0xac (172) [2] : 0x0e (14) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:58.221088, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000189-0000-0000-7b52-aa947f2c0000 value_name : * value_name: struct winreg_String name_len : 0x0020 (32) name_size : 0x0020 (32) name : * name : 'Default DevMode' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2013/11/07 14:24:58.221908, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 89 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.222059, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:58.222141, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2013/11/07 14:24:58.222230, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:316(_winreg_QueryValue) _winreg_QueryValue: reg_queryvalue failed with: WERR_BADFILE [2013/11/07 14:24:58.222311, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) result : WERR_BADFILE [2013/11/07 14:24:58.222778, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:24:58.223286, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2013/11/07 14:24:58.223370, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (2->3) [2013/11/07 14:24:58.223456, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2013/11/07 14:24:58.223537, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2013/11/07 14:24:58.223620, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:58.223699, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM] [2013/11/07 14:24:58.223821, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2013/11/07 14:24:58.223925, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:24:58.224013, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[3] [0000] 00 00 00 00 8A 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.224267, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000018a-0000-0000-7b52-aa947f2c0000 result : WERR_OK [2013/11/07 14:24:58.224654, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000018a-0000-0000-7b52-aa947f2c0000 keyname: struct winreg_String name_len : 0x008c (140) name_size : 0x008c (140) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:24:58.225749, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 8A 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.225905, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2013/11/07 14:24:58.225987, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (3->4) [2013/11/07 14:24:58.226071, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2013/11/07 14:24:58.226151, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2013/11/07 14:24:58.226235, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:58.226314, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE] [2013/11/07 14:24:58.226428, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2013/11/07 14:24:58.226530, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2013/11/07 14:24:58.226635, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (4->5) [2013/11/07 14:24:58.226720, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:58.226799, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:58.226883, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:58.226961, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:58.227066, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:58.227166, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2013/11/07 14:24:58.227249, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (5->6) [2013/11/07 14:24:58.227334, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:58.227413, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:58.227497, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:58.227576, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:58.227677, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:58.227778, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2013/11/07 14:24:58.227860, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (6->7) [2013/11/07 14:24:58.227944, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:58.228024, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:58.228109, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:58.228187, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:58.228310, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2013/11/07 14:24:58.228437, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (7->8) [2013/11/07 14:24:58.228523, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:58.228603, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:58.228691, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:58.228770, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:58.228878, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2013/11/07 14:24:58.228960, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (8->9) [2013/11/07 14:24:58.229045, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:58.229125, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:58.229213, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:58.229307, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:58.229411, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:58.229513, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [sprinter1] [2013/11/07 14:24:58.229595, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (9->10) [2013/11/07 14:24:58.229680, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:58.229760, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:58.229848, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:58.229927, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:58.230052, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:58.230156, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:24:58.230240, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (10->9) [2013/11/07 14:24:58.230324, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (9->8) [2013/11/07 14:24:58.230407, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (8->7) [2013/11/07 14:24:58.230490, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (7->6) [2013/11/07 14:24:58.230572, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (6->5) [2013/11/07 14:24:58.230654, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (5->4) [2013/11/07 14:24:58.230738, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[4] [0000] 00 00 00 00 8B 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.230887, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000018b-0000-0000-7b52-aa947f2c0000 result : WERR_OK [2013/11/07 14:24:58.231243, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000018b-0000-0000-7b52-aa947f2c0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2013/11/07 14:24:58.232016, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 8B 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.232168, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:58.232265, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2013/11/07 14:24:58.232347, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' (ops 0xb6d86bc0) [2013/11/07 14:24:58.232516, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:58.232629, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[0]: name[Attributes] len[4] [2013/11/07 14:24:58.232714, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[1]: name[Description] len[2] [2013/11/07 14:24:58.232798, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[2]: name[Datatype] len[8] [2013/11/07 14:24:58.232881, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[3]: name[Default Priority] len[4] [2013/11/07 14:24:58.232966, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[4]: name[Port] len[38] [2013/11/07 14:24:58.233050, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[5]: name[Name] len[20] [2013/11/07 14:24:58.233133, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[6]: name[Print Processor] len[18] [2013/11/07 14:24:58.233218, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[7]: name[Priority] len[4] [2013/11/07 14:24:58.233340, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[8]: name[Security] len[248] [2013/11/07 14:24:58.233426, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[9]: name[Share Name] len[20] [2013/11/07 14:24:58.233511, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[10]: name[StartTime] len[4] [2013/11/07 14:24:58.233747, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[11]: name[UntilTime] len[4] [2013/11/07 14:24:58.233835, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[12]: name[ChangeID] len[4] [2013/11/07 14:24:58.233922, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : NULL data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x00000000 (0) result : WERR_OK [2013/11/07 14:24:58.234407, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000018b-0000-0000-7b52-aa947f2c0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_BINARY (3) data : * data: ARRAY(0) data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x00000000 (0) [2013/11/07 14:24:58.235221, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 8B 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.235371, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:58.235453, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2013/11/07 14:24:58.235542, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : * data: ARRAY(248) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0xc4 (196) [55] : 0x00 (0) [56] : 0x07 (7) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x24 (36) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x05 (5) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x15 (21) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0xcd (205) [101] : 0x0e (14) [102] : 0x37 (55) [103] : 0x41 (65) [104] : 0xea (234) [105] : 0x03 (3) [106] : 0x00 (0) [107] : 0x1d (29) [108] : 0x0e (14) [109] : 0x89 (137) [110] : 0x3c (60) [111] : 0xd2 (210) [112] : 0x00 (0) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x02 (2) [118] : 0x24 (36) [119] : 0x00 (0) [120] : 0x0c (12) [121] : 0x00 (0) [122] : 0x0f (15) [123] : 0x10 (16) [124] : 0x01 (1) [125] : 0x05 (5) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x05 (5) [132] : 0x15 (21) [133] : 0x00 (0) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0xcd (205) [137] : 0x0e (14) [138] : 0x37 (55) [139] : 0x41 (65) [140] : 0xea (234) [141] : 0x03 (3) [142] : 0x00 (0) [143] : 0x1d (29) [144] : 0x0e (14) [145] : 0x89 (137) [146] : 0x3c (60) [147] : 0xd2 (210) [148] : 0x00 (0) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x09 (9) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x20 (32) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x02 (2) [178] : 0x18 (24) [179] : 0x00 (0) [180] : 0x0c (12) [181] : 0x00 (0) [182] : 0x0f (15) [183] : 0x10 (16) [184] : 0x01 (1) [185] : 0x02 (2) [186] : 0x00 (0) [187] : 0x00 (0) [188] : 0x00 (0) [189] : 0x00 (0) [190] : 0x00 (0) [191] : 0x05 (5) [192] : 0x20 (32) [193] : 0x00 (0) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x20 (32) [197] : 0x02 (2) [198] : 0x00 (0) [199] : 0x00 (0) [200] : 0x00 (0) [201] : 0x09 (9) [202] : 0x18 (24) [203] : 0x00 (0) [204] : 0x0c (12) [205] : 0x00 (0) [206] : 0x0f (15) [207] : 0x10 (16) [208] : 0x01 (1) [209] : 0x02 (2) [210] : 0x00 (0) [211] : 0x00 (0) [212] : 0x00 (0) [213] : 0x00 (0) [214] : 0x00 (0) [215] : 0x05 (5) [216] : 0x20 (32) [217] : 0x00 (0) [218] : 0x00 (0) [219] : 0x00 (0) [220] : 0x26 (38) [221] : 0x02 (2) [222] : 0x00 (0) [223] : 0x00 (0) [224] : 0x00 (0) [225] : 0x02 (2) [226] : 0x18 (24) [227] : 0x00 (0) [228] : 0x0c (12) [229] : 0x00 (0) [230] : 0x0f (15) [231] : 0x10 (16) [232] : 0x01 (1) [233] : 0x02 (2) [234] : 0x00 (0) [235] : 0x00 (0) [236] : 0x00 (0) [237] : 0x00 (0) [238] : 0x00 (0) [239] : 0x05 (5) [240] : 0x20 (32) [241] : 0x00 (0) [242] : 0x00 (0) [243] : 0x00 (0) [244] : 0x26 (38) [245] : 0x02 (2) [246] : 0x00 (0) [247] : 0x00 (0) data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x000000f8 (248) result : WERR_OK [2013/11/07 14:24:58.245774, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000018b-0000-0000-7b52-aa947f2c0000 [2013/11/07 14:24:58.246060, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 8B 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.246210, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 8B 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.246358, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:24:58.246444, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (4->3) [2013/11/07 14:24:58.246528, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:24:58.246865, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000018a-0000-0000-7b52-aa947f2c0000 [2013/11/07 14:24:58.247144, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 8A 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.247296, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 8A 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.247460, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:24:58.247542, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (3->2) [2013/11/07 14:24:58.247624, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:24:58.247964, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000189-0000-0000-7b52-aa947f2c0000 [2013/11/07 14:24:58.248243, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 89 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.248421, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 89 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.248574, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:24:58.248663, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (2->1) [2013/11/07 14:24:58.248747, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:24:58.249082, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000188-0000-0000-7b52-aa947f2c0000 [2013/11/07 14:24:58.249375, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 88 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.249522, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 88 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.249682, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:24:58.249765, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (1->0) [2013/11/07 14:24:58.249871, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:24:58.250207, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:416(close_policy_by_pipe) Deleted handle list for RPC connection \winreg [2013/11/07 14:24:58.250430, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) spoolss_GetPrinter: struct spoolss_GetPrinter out: struct spoolss_GetPrinter info : * info : union spoolss_PrinterInfo(case 2) info2: struct spoolss_PrinterInfo2 servername : * servername : '\\SLAVER' printername : * printername : '\\SLAVER\sprinter1' sharename : * sharename : 'sprinter1' portname : * portname : 'Samba Printer Port' drivername : * drivername : '' comment : * comment : '' location : * location : '' devmode : * devmode: struct spoolss_DeviceMode devicename : '\\SLAVER\sprinter1' specversion : DMSPEC_NT4_AND_ABOVE (1025) driverversion : 0x0400 (1024) size : 0x00dc (220) __driverextra_length : 0x0000 (0) fields : 0x00014713 (83731) 1: DEVMODE_ORIENTATION 1: DEVMODE_PAPERSIZE 0: DEVMODE_PAPERLENGTH 0: DEVMODE_PAPERWIDTH 1: DEVMODE_SCALE 0: DEVMODE_POSITION 0: DEVMODE_NUP 1: DEVMODE_COPIES 1: DEVMODE_DEFAULTSOURCE 1: DEVMODE_PRINTQUALITY 0: DEVMODE_COLOR 0: DEVMODE_DUPLEX 0: DEVMODE_YRESOLUTION 1: DEVMODE_TTOPTION 0: DEVMODE_COLLATE 1: DEVMODE_FORMNAME 0: DEVMODE_LOGPIXELS 0: DEVMODE_BITSPERPEL 0: DEVMODE_PELSWIDTH 0: DEVMODE_PELSHEIGHT 0: DEVMODE_DISPLAYFLAGS 0: DEVMODE_DISPLAYFREQUENCY 0: DEVMODE_ICMMETHOD 0: DEVMODE_ICMINTENT 0: DEVMODE_MEDIATYPE 0: DEVMODE_DITHERTYPE 0: DEVMODE_PANNINGWIDTH 0: DEVMODE_PANNINGHEIGHT orientation : DMORIENT_PORTRAIT (1) papersize : DMPAPER_LETTER (1) paperlength : 0x0000 (0) paperwidth : 0x0000 (0) scale : 0x0064 (100) copies : 0x0001 (1) defaultsource : DMBIN_FORMSOURCE (15) printquality : DMRES_HIGH (65532) color : DMRES_MONOCHROME (1) duplex : DMDUP_SIMPLEX (1) yresolution : 0x0000 (0) ttoption : DMTT_SUBDEV (3) collate : DMCOLLATE_FALSE (0) formname : 'Letter' logpixels : 0x0000 (0) bitsperpel : 0x00000000 (0) pelswidth : 0x00000000 (0) pelsheight : 0x00000000 (0) displayflags : UNKNOWN_ENUM_VALUE (0) displayfrequency : 0x00000000 (0) icmmethod : UNKNOWN_ENUM_VALUE (0) icmintent : UNKNOWN_ENUM_VALUE (0) mediatype : UNKNOWN_ENUM_VALUE (0) dithertype : UNKNOWN_ENUM_VALUE (0) reserved1 : 0x00000000 (0) reserved2 : 0x00000000 (0) panningwidth : 0x00000000 (0) panningheight : 0x00000000 (0) driverextra_data : DATA_BLOB length=0 sepfile : * sepfile : '' printprocessor : * printprocessor : 'winprint' datatype : * datatype : 'RAW' parameters : * parameters : '' secdesc : * secdesc: struct security_descriptor revision : SECURITY_DESCRIPTOR_REVISION_1 (1) type : 0x8004 (32772) 0: SEC_DESC_OWNER_DEFAULTED 0: SEC_DESC_GROUP_DEFAULTED 1: SEC_DESC_DACL_PRESENT 0: SEC_DESC_DACL_DEFAULTED 0: SEC_DESC_SACL_PRESENT 0: SEC_DESC_SACL_DEFAULTED 0: SEC_DESC_DACL_TRUSTED 0: SEC_DESC_SERVER_SECURITY 0: SEC_DESC_DACL_AUTO_INHERIT_REQ 0: SEC_DESC_SACL_AUTO_INHERIT_REQ 0: SEC_DESC_DACL_AUTO_INHERITED 0: SEC_DESC_SACL_AUTO_INHERITED 0: SEC_DESC_DACL_PROTECTED 0: SEC_DESC_SACL_PROTECTED 0: SEC_DESC_RM_CONTROL_VALID 1: SEC_DESC_SELF_RELATIVE owner_sid : * owner_sid : S-1-5-32-544 group_sid : * group_sid : S-1-5-32-544 sacl : NULL dacl : * dacl: struct security_acl revision : SECURITY_ACL_REVISION_NT4 (2) size : 0x00c4 (196) num_aces : 0x00000007 (7) aces: ARRAY(7) aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0014 (20) access_mask : 0x20020008 (537001992) object : union security_ace_object_ctr(case 0) trustee : S-1-1-0 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x09 (9) 1: SEC_ACE_FLAG_OBJECT_INHERIT 0: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 1: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0024 (36) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-21-1094127309-486540266-3527182606-512 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0024 (36) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-21-1094127309-486540266-3527182606-512 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x09 (9) 1: SEC_ACE_FLAG_OBJECT_INHERIT 0: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 1: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-544 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-544 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x09 (9) 1: SEC_ACE_FLAG_OBJECT_INHERIT 0: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 1: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-550 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-550 attributes : 0x00001048 (4168) 0: PRINTER_ATTRIBUTE_QUEUED 0: PRINTER_ATTRIBUTE_DIRECT 0: PRINTER_ATTRIBUTE_DEFAULT 1: PRINTER_ATTRIBUTE_SHARED 0: PRINTER_ATTRIBUTE_NETWORK 0: PRINTER_ATTRIBUTE_HIDDEN 1: PRINTER_ATTRIBUTE_LOCAL 0: PRINTER_ATTRIBUTE_ENABLE_DEVQ 0: PRINTER_ATTRIBUTE_KEEPPRINTEDJOBS 0: PRINTER_ATTRIBUTE_DO_COMPLETE_FIRST 0: PRINTER_ATTRIBUTE_WORK_OFFLINE 0: PRINTER_ATTRIBUTE_ENABLE_BIDI 1: PRINTER_ATTRIBUTE_RAW_ONLY 0: PRINTER_ATTRIBUTE_PUBLISHED 0: PRINTER_ATTRIBUTE_FAX 0: PRINTER_ATTRIBUTE_TS priority : 0x00000001 (1) defaultpriority : 0x00000001 (1) starttime : 0x00000000 (0) untiltime : 0x00000000 (0) status : 0x00000000 (0) 0: PRINTER_STATUS_PAUSED 0: PRINTER_STATUS_ERROR 0: PRINTER_STATUS_PENDING_DELETION 0: PRINTER_STATUS_PAPER_JAM 0: PRINTER_STATUS_PAPER_OUT 0: PRINTER_STATUS_MANUAL_FEED 0: PRINTER_STATUS_PAPER_PROBLEM 0: PRINTER_STATUS_OFFLINE 0: PRINTER_STATUS_IO_ACTIVE 0: PRINTER_STATUS_BUSY 0: PRINTER_STATUS_PRINTING 0: PRINTER_STATUS_OUTPUT_BIN_FULL 0: PRINTER_STATUS_NOT_AVAILABLE 0: PRINTER_STATUS_WAITING 0: PRINTER_STATUS_PROCESSING 0: PRINTER_STATUS_INITIALIZING 0: PRINTER_STATUS_WARMING_UP 0: PRINTER_STATUS_TONER_LOW 0: PRINTER_STATUS_NO_TONER 0: PRINTER_STATUS_PAGE_PUNT 0: PRINTER_STATUS_USER_INTERVENTION 0: PRINTER_STATUS_OUT_OF_MEMORY 0: PRINTER_STATUS_DOOR_OPEN 0: PRINTER_STATUS_SERVER_UNKNOWN 0: PRINTER_STATUS_POWER_SAVE cjobs : 0x00000000 (0) averageppm : 0x00000000 (0) needed : * needed : 0x000002f0 (752) result : WERR_OK [2013/11/07 14:24:58.262123, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1417(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2013/11/07 14:24:58.262252, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (2016, 5001) - sec_ctx_stack_ndx = 0 [2013/11/07 14:24:58.262341, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 4140 smbd_smb2_request_pending_queue: req->current_idx = 1 req->in.vector[0].iov_len = 0 req->in.vector[1].iov_len = 0 req->in.vector[2].iov_len = 64 req->in.vector[3].iov_len = 56 req->in.vector[4].iov_len = 4156 req->out.vector[0].iov_len = 4 req->out.vector[1].iov_len = 0 req->out.vector[2].iov_len = 64 req->out.vector[3].iov_len = 8 req->out.vector[4].iov_len = 0 [2013/11/07 14:24:58.262845, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:128(smbd_smb2_ioctl_pipe_write_done) smbd_smb2_ioctl_pipe_write_done: received 4156 [2013/11/07 14:24:58.262928, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:149(smbd_smb2_ioctl_pipe_write_done) smbd_smb2_ioctl_pipe_write_done: issuing np_read_send of size 1024 [2013/11/07 14:24:58.263013, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) name: \spoolss len: 1024 [2013/11/07 14:24:58.263096, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:347(read_from_internal_pipe) read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 4112. [2013/11/07 14:24:58.263195, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x1028 (4136) auth_length : 0x0000 (0) call_id : 0x00000003 (3) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00001010 (4112) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=4112 [0000] 04 00 02 00 00 10 00 00 EE 0F 00 00 C8 0F 00 00 ........ ........ [0010] B4 0F 00 00 8E 0F 00 00 8C 0F 00 00 8A 0F 00 00 ........ ........ [0020] 88 0F 00 00 8C 0E 00 00 86 0F 00 00 74 0F 00 00 ........ ....t... [0030] 6C 0F 00 00 6A 0F 00 00 94 0D 00 00 48 10 00 00 l...j... ....H... [0040] 01 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 01 00 04 80 ........ ........ [0DA0] D8 00 00 00 E8 00 00 00 00 00 00 00 14 00 00 00 ........ ........ [0DB0] 02 00 C4 00 07 00 00 00 00 02 14 00 08 00 02 20 ........ ....... [0DC0] 01 01 00 00 00 00 00 01 00 00 00 00 00 09 24 00 ........ ......$. [0DD0] 0C 00 0F 10 01 05 00 00 00 00 00 05 15 00 00 00 ........ ........ [0DE0] CD 0E 37 41 EA 03 00 1D 0E 89 3C D2 00 02 00 00 ..7A.... ..<..... [0DF0] 00 02 24 00 0C 00 0F 10 01 05 00 00 00 00 00 05 ..$..... ........ [0E00] 15 00 00 00 CD 0E 37 41 EA 03 00 1D 0E 89 3C D2 ......7A ......<. [0E10] 00 02 00 00 00 09 18 00 0C 00 0F 10 01 02 00 00 ........ ........ [0E20] 00 00 00 05 20 00 00 00 20 02 00 00 00 02 18 00 .... ... ....... [0E30] 0C 00 0F 10 01 02 00 00 00 00 00 05 20 00 00 00 ........ .... ... [0E40] 20 02 00 00 00 09 18 00 0C 00 0F 10 01 02 00 00 ....... ........ [0E50] 00 00 00 05 20 00 00 00 26 02 00 00 00 02 18 00 .... ... &....... [0E60] 0C 00 0F 10 01 02 00 00 00 00 00 05 20 00 00 00 ........ .... ... [0E70] 26 02 00 00 01 02 00 00 00 00 00 05 20 00 00 00 &....... .... ... [0E80] 20 02 00 00 01 02 00 00 00 00 00 05 20 00 00 00 ....... .... ... [0E90] 20 02 00 00 5C 00 5C 00 53 00 4C 00 41 00 56 00 ...\.\. S.L.A.V. [0EA0] 45 00 52 00 5C 00 73 00 70 00 72 00 69 00 6E 00 E.R.\.s. p.r.i.n. [0EB0] 74 00 65 00 72 00 31 00 00 00 00 00 00 00 00 00 t.e.r.1. ........ [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0ED0] 00 00 00 00 01 04 00 04 DC 00 00 00 13 47 01 00 ........ .....G.. [0EE0] 01 00 01 00 00 00 00 00 64 00 01 00 0F 00 FC FF ........ d....... [0EF0] 01 00 01 00 00 00 03 00 00 00 4C 00 65 00 74 00 ........ ..L.e.t. [0F00] 74 00 65 00 72 00 00 00 00 00 00 00 00 00 00 00 t.e.r... ........ [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F70] 00 00 00 00 52 00 41 00 57 00 00 00 77 00 69 00 ....R.A. W...w.i. [0F80] 6E 00 70 00 72 00 69 00 6E 00 74 00 00 00 00 00 n.p.r.i. n.t..... [0F90] 00 00 00 00 00 00 53 00 61 00 6D 00 62 00 61 00 ......S. a.m.b.a. [0FA0] 20 00 50 00 72 00 69 00 6E 00 74 00 65 00 72 00 .P.r.i. n.t.e.r. [0FB0] 20 00 50 00 6F 00 72 00 74 00 00 00 73 00 70 00 .P.o.r. t...s.p. [0FC0] 72 00 69 00 6E 00 74 00 65 00 72 00 31 00 00 00 r.i.n.t. e.r.1... [0FD0] 5C 00 5C 00 53 00 4C 00 41 00 56 00 45 00 52 00 \.\.S.L. A.V.E.R. [0FE0] 5C 00 73 00 70 00 72 00 69 00 6E 00 74 00 65 00 \.s.p.r. i.n.t.e. [0FF0] 72 00 31 00 00 00 5C 00 5C 00 53 00 4C 00 41 00 r.1...\. \.S.L.A. [1000] 56 00 45 00 52 00 00 00 F0 02 00 00 00 00 00 00 V.E.R... ........ [2013/11/07 14:24:58.281697, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 1024 bytes. There is more data outstanding [2013/11/07 14:24:58.281782, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:178(smbd_smb2_ioctl_pipe_read_done) smbd_smb2_ioctl_pipe_read_done: np_read_recv nread = 1024 is_data_outstanding = 1, status = NT_STATUS_OK [2013/11/07 14:24:58.281870, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl.c:291(smbd_smb2_request_ioctl_done) smbd_smb2_request_ioctl_done: smbd_smb2_ioctl_recv returned 1024 status STATUS_BUFFER_OVERFLOW [2013/11/07 14:24:58.281955, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) smbd_smb2_request_done_ex: idx[1] status[STATUS_BUFFER_OVERFLOW] body[48] dyn[yes:1024] at ../source3/smbd/smb2_ioctl.c:358 [2013/11/07 14:24:58.282042, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/221/127 [2013/11/07 14:24:58.282273, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) smbd_smb2_request_incoming: idx[1] of 5 vectors [2013/11/07 14:24:58.282376, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) smb2_validate_sequence_number: clearing id 221 (position 221) from bitmap [2013/11/07 14:24:58.282461, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) smbd_smb2_request_dispatch: opcode[SMB2_OP_WRITE] mid = 221 [2013/11/07 14:24:58.282566, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2013/11/07 14:24:58.282659, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) mid 221, CreditCharge: 1, NeededCharge: 1 [2013/11/07 14:24:58.282742, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_write.c:271(smbd_smb2_write_send) smbd_smb2_write: spoolss - fnum 509269133 [2013/11/07 14:24:58.282831, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 160 [2013/11/07 14:24:58.282913, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 160 [2013/11/07 14:24:58.282994, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 160 [2013/11/07 14:24:58.283075, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) fill_rpc_header: data_to_copy = 160, len_needed_to_complete_hdr = 16, receive_len = 0 [2013/11/07 14:24:58.283158, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 16 [2013/11/07 14:24:58.283237, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 144 [2013/11/07 14:24:58.283316, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 144 [2013/11/07 14:24:58.283399, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 0 [2013/11/07 14:24:58.283495, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 144 [2013/11/07 14:24:58.283574, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 144, incoming data = 144 [2013/11/07 14:24:58.283658, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) PDU is in Little Endian format! [2013/11/07 14:24:58.283749, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_BIND (11) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x00a0 (160) auth_length : 0x0000 (0) call_id : 0x00000002 (2) u : union dcerpc_payload(case 11) bind: struct dcerpc_bind max_xmit_frag : 0x10b8 (4280) max_recv_frag : 0x10b8 (4280) assoc_group_id : 0x00000000 (0) num_contexts : 0x03 (3) ctx_list: ARRAY(3) ctx_list: struct dcerpc_ctx_list context_id : 0x0000 (0) num_transfer_syntaxes : 0x01 (1) abstract_syntax: struct ndr_syntax_id uuid : 12345678-1234-abcd-ef00-0123456789ab if_version : 0x00000001 (1) transfer_syntaxes: ARRAY(1) transfer_syntaxes: struct ndr_syntax_id uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 if_version : 0x00000002 (2) ctx_list: struct dcerpc_ctx_list context_id : 0x0001 (1) num_transfer_syntaxes : 0x01 (1) abstract_syntax: struct ndr_syntax_id uuid : 12345678-1234-abcd-ef00-0123456789ab if_version : 0x00000001 (1) transfer_syntaxes: ARRAY(1) transfer_syntaxes: struct ndr_syntax_id uuid : 71710533-beba-4937-8319-b5dbef9ccc36 if_version : 0x00000001 (1) ctx_list: struct dcerpc_ctx_list context_id : 0x0002 (2) num_transfer_syntaxes : 0x01 (1) abstract_syntax: struct ndr_syntax_id uuid : 12345678-1234-abcd-ef00-0123456789ab if_version : 0x00000001 (1) transfer_syntaxes: ARRAY(1) transfer_syntaxes: struct ndr_syntax_id uuid : 6cb71c2c-9812-4540-0300-000000000000 if_version : 0x00000001 (1) auth_info : DATA_BLOB length=0 [2013/11/07 14:24:58.285818, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) Processing packet type 11 [2013/11/07 14:24:58.285903, 3, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:693(api_pipe_bind_req) api_pipe_bind_req: spoolss -> spoolss rpc service [2013/11/07 14:24:58.286001, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:724(api_pipe_bind_req) api_pipe_bind_req: make response. 724 [2013/11/07 14:24:58.286082, 3, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:342(check_bind_req) check_bind_req for \spoolss [2013/11/07 14:24:58.286167, 3, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:349(check_bind_req) check_bind_req: spoolss -> spoolss rpc service [2013/11/07 14:24:58.286250, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 17 for pipe \spoolss [2013/11/07 14:24:58.286352, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_BIND_ACK (12) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0044 (68) auth_length : 0x0000 (0) call_id : 0x00000002 (2) u : union dcerpc_payload(case 12) bind_ack: struct dcerpc_bind_ack max_xmit_frag : 0x10b8 (4280) max_recv_frag : 0x10b8 (4280) assoc_group_id : 0x000053f0 (21488) secondary_address_size : 0x000e (14) secondary_address : '\PIPE\spoolss' _pad1 : DATA_BLOB length=0 num_results : 0x01 (1) ctx_list: ARRAY(1) ctx_list: struct dcerpc_ack_ctx result : 0x0000 (0) reason : 0x0000 (0) syntax: struct ndr_syntax_id uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 if_version : 0x00000002 (2) auth_info : DATA_BLOB length=0 [2013/11/07 14:24:58.287531, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 144 smbd_smb2_request_pending_queue: req->current_idx = 1 req->in.vector[0].iov_len = 0 req->in.vector[1].iov_len = 0 req->in.vector[2].iov_len = 64 req->in.vector[3].iov_len = 48 req->in.vector[4].iov_len = 160 req->out.vector[0].iov_len = 4 req->out.vector[1].iov_len = 0 req->out.vector[2].iov_len = 64 req->out.vector[3].iov_len = 8 req->out.vector[4].iov_len = 0 [2013/11/07 14:24:58.288014, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[16] dyn[yes:0] at ../source3/smbd/smb2_write.c:150 [2013/11/07 14:24:58.288101, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/222/127 [2013/11/07 14:24:58.288268, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) smbd_smb2_request_incoming: idx[1] of 5 vectors [2013/11/07 14:24:58.288355, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) smb2_validate_sequence_number: clearing id 222 (position 222) from bitmap [2013/11/07 14:24:58.288483, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) smbd_smb2_request_dispatch: opcode[SMB2_OP_CREATE] mid = 222 [2013/11/07 14:24:58.288579, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2013/11/07 14:24:58.288669, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_create.c:451(smbd_smb2_create_send) smbd_smb2_create: name[spoolss] [2013/11/07 14:24:58.288763, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap.c:187(dbwrap_check_lock_order) check lock order 1 for /var/run/samba/smbXsrv_open_global.tdb [2013/11/07 14:24:58.288844, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) lock order: 1:/var/run/samba/smbXsrv_open_global.tdb 2: 3: [2013/11/07 14:24:58.288930, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) Locking key 4B307A49 [2013/11/07 14:24:58.289025, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap_tdb.c:143(db_tdb_fetch_locked_internal) Allocated locked data 0x0xb82df1f0 [2013/11/07 14:24:58.289194, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smbXsrv_open.c:695(smbXsrv_open_global_store) [2013/11/07 14:24:58.289242, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smbXsrv_open.c:697(smbXsrv_open_global_store) smbXsrv_open_global_store: key '4B307A49' stored [2013/11/07 14:24:58.289351, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) &global_blob: struct smbXsrv_open_globalB version : SMBXSRV_VERSION_0 (0) seqnum : 0x00000001 (1) info : union smbXsrv_open_globalU(case 0) info0 : * info0: struct smbXsrv_open_global0 db_rec : * server_id: struct server_id pid : 0x0000000000002c7f (11391) task_id : 0x00000000 (0) vnn : 0xffffffff (4294967295) unique_id : 0xf0a57ba60aba1420 (-1106342180374834144) open_global_id : 0x4b307a49 (1261468233) open_persistent_id : 0x000000004b307a49 (1261468233) open_volatile_id : 0x00000000b73710b4 (3073839284) open_owner : S-1-5-21-1094127309-486540266-3527182606-1118 open_time : Do Nov 7 14:24:58 2013 CET create_guid : 00000000-0000-0000-0000-000000000000 client_guid : 4a76dfb5-4795-11e3-be7a-5254003f141e app_instance_id : 00000000-0000-0000-0000-000000000000 disconnect_time : NTTIME(0) durable_timeout_msec : 0x00000000 (0) durable : 0x00 (0) backend_cookie : DATA_BLOB length=0 [2013/11/07 14:24:58.290355, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) Unlocking key 4B307A49 [2013/11/07 14:24:58.290441, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor) release lock order 1 for /var/run/samba/smbXsrv_open_global.tdb [2013/11/07 14:24:58.290521, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) lock order: 1: 2: 3: [2013/11/07 14:24:58.290605, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smbXsrv_open.c:862(smbXsrv_open_create) [2013/11/07 14:24:58.290650, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smbXsrv_open.c:870(smbXsrv_open_create) smbXsrv_open_create: global_id (0x4b307a49) stored [2013/11/07 14:24:58.290745, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) &open_blob: struct smbXsrv_openB version : SMBXSRV_VERSION_0 (0) reserved : 0x00000000 (0) info : union smbXsrv_openU(case 0) info0 : * info0: struct smbXsrv_open table : * db_rec : NULL local_id : 0xb73710b4 (3073839284) global : * global: struct smbXsrv_open_global0 db_rec : NULL server_id: struct server_id pid : 0x0000000000002c7f (11391) task_id : 0x00000000 (0) vnn : 0xffffffff (4294967295) unique_id : 0xf0a57ba60aba1420 (-1106342180374834144) open_global_id : 0x4b307a49 (1261468233) open_persistent_id : 0x000000004b307a49 (1261468233) open_volatile_id : 0x00000000b73710b4 (3073839284) open_owner : S-1-5-21-1094127309-486540266-3527182606-1118 open_time : Do Nov 7 14:24:58 2013 CET create_guid : 00000000-0000-0000-0000-000000000000 client_guid : 4a76dfb5-4795-11e3-be7a-5254003f141e app_instance_id : 00000000-0000-0000-0000-000000000000 disconnect_time : NTTIME(0) durable_timeout_msec : 0x00000000 (0) durable : 0x00 (0) backend_cookie : DATA_BLOB length=0 status : NT_STATUS_OK idle_time : Do Nov 7 14:24:58 2013 CET compat : NULL [2013/11/07 14:24:58.292062, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/files.c:125(file_new) allocated file structure fnum 3073839284 (4 used) [2013/11/07 14:24:58.292152, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/files.c:713(file_name_hash) file_name_hash: /tmp/spoolss hash 0x7d4e46e5 [2013/11/07 14:24:58.292261, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) Create pipe requested \spoolss [2013/11/07 14:24:58.292351, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 18 for pipe \spoolss [2013/11/07 14:24:58.292531, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) Created internal pipe \spoolss [2013/11/07 14:24:58.292616, 8, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/dosmode.c:631(dos_mode) dos_mode: spoolss [2013/11/07 14:24:58.292716, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_create.c:1053(smbd_smb2_create_send) smbd_smb2_create_send: spoolss - fnum 3073839284 [2013/11/07 14:24:58.292821, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[88] dyn[yes:0] at ../source3/smbd/smb2_create.c:369 [2013/11/07 14:24:58.292908, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/223/127 [2013/11/07 14:24:58.294612, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) smbd_smb2_request_incoming: idx[1] of 5 vectors [2013/11/07 14:24:58.295012, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) smb2_validate_sequence_number: clearing id 223 (position 223) from bitmap [2013/11/07 14:24:58.295229, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) smbd_smb2_request_dispatch: opcode[SMB2_OP_READ] mid = 223 [2013/11/07 14:24:58.295533, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2013/11/07 14:24:58.295753, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) mid 223, CreditCharge: 1, NeededCharge: 1 [2013/11/07 14:24:58.295959, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_read.c:400(smbd_smb2_read_send) smbd_smb2_read: spoolss - fnum 509269133 [2013/11/07 14:24:58.296179, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) name: \spoolss len: 1024 [2013/11/07 14:24:58.296457, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:326(read_from_internal_pipe) read_from_pipe: \spoolss: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. [2013/11/07 14:24:58.296683, 3, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) free_pipe_context: destroying talloc pool of size 25 smbd_smb2_request_pending_queue: req->current_idx = 1 req->in.vector[0].iov_len = 0 req->in.vector[1].iov_len = 0 req->in.vector[2].iov_len = 64 req->in.vector[3].iov_len = 48 req->in.vector[4].iov_len = 1 req->out.vector[0].iov_len = 4 req->out.vector[1].iov_len = 0 req->out.vector[2].iov_len = 64 req->out.vector[3].iov_len = 8 req->out.vector[4].iov_len = 0 [2013/11/07 14:24:58.297916, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 68 bytes. There is no more data outstanding [2013/11/07 14:24:58.298126, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[16] dyn[yes:68] at ../source3/smbd/smb2_read.c:154 [2013/11/07 14:24:58.298340, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/224/127 [2013/11/07 14:24:58.298748, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) smbd_smb2_request_incoming: idx[1] of 5 vectors [2013/11/07 14:24:58.298960, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) smb2_validate_sequence_number: clearing id 224 (position 224) from bitmap [2013/11/07 14:24:58.299166, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) smbd_smb2_request_dispatch: opcode[SMB2_OP_READ] mid = 224 [2013/11/07 14:24:58.299395, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2013/11/07 14:24:58.299605, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) mid 224, CreditCharge: 1, NeededCharge: 1 [2013/11/07 14:24:58.299924, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_read.c:400(smbd_smb2_read_send) smbd_smb2_read: spoolss - fnum 3764318751 [2013/11/07 14:24:58.300150, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) name: \spoolss len: 3112 [2013/11/07 14:24:58.300358, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:326(read_from_internal_pipe) read_from_pipe: \spoolss: current_pdu_len = 4136, current_pdu_sent = 1024 returning 3112 bytes. [2013/11/07 14:24:58.300649, 3, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) free_pipe_context: destroying talloc pool of size 1258 smbd_smb2_request_pending_queue: req->current_idx = 1 req->in.vector[0].iov_len = 0 req->in.vector[1].iov_len = 0 req->in.vector[2].iov_len = 64 req->in.vector[3].iov_len = 48 req->in.vector[4].iov_len = 1 req->out.vector[0].iov_len = 4 req->out.vector[1].iov_len = 0 req->out.vector[2].iov_len = 64 req->out.vector[3].iov_len = 8 req->out.vector[4].iov_len = 0 [2013/11/07 14:24:58.301924, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 3112 bytes. There is more data outstanding [2013/11/07 14:24:58.302134, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[16] dyn[yes:3112] at ../source3/smbd/smb2_read.c:154 [2013/11/07 14:24:58.302365, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/225/127 [2013/11/07 14:24:58.302776, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) smbd_smb2_request_incoming: idx[1] of 5 vectors [2013/11/07 14:24:58.303004, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) smb2_validate_sequence_number: clearing id 225 (position 225) from bitmap [2013/11/07 14:24:58.303211, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) smbd_smb2_request_dispatch: opcode[SMB2_OP_WRITE] mid = 225 [2013/11/07 14:24:58.303442, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2013/11/07 14:24:58.303655, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) mid 225, CreditCharge: 1, NeededCharge: 1 [2013/11/07 14:24:58.303860, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_write.c:271(smbd_smb2_write_send) smbd_smb2_write: spoolss - fnum 3073839284 [2013/11/07 14:24:58.304150, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 160 [2013/11/07 14:24:58.304355, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 160 [2013/11/07 14:24:58.304624, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 160 [2013/11/07 14:24:58.304827, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) fill_rpc_header: data_to_copy = 160, len_needed_to_complete_hdr = 16, receive_len = 0 [2013/11/07 14:24:58.305032, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 16 [2013/11/07 14:24:58.305270, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 144 [2013/11/07 14:24:58.305422, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 144 [2013/11/07 14:24:58.305505, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 0 [2013/11/07 14:24:58.305584, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 144 [2013/11/07 14:24:58.305663, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 144, incoming data = 144 [2013/11/07 14:24:58.305747, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) PDU is in Little Endian format! [2013/11/07 14:24:58.305871, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_BIND (11) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x00a0 (160) auth_length : 0x0000 (0) call_id : 0x00000002 (2) u : union dcerpc_payload(case 11) bind: struct dcerpc_bind max_xmit_frag : 0x10b8 (4280) max_recv_frag : 0x10b8 (4280) assoc_group_id : 0x00000000 (0) num_contexts : 0x03 (3) ctx_list: ARRAY(3) ctx_list: struct dcerpc_ctx_list context_id : 0x0000 (0) num_transfer_syntaxes : 0x01 (1) abstract_syntax: struct ndr_syntax_id uuid : 12345678-1234-abcd-ef00-0123456789ab if_version : 0x00000001 (1) transfer_syntaxes: ARRAY(1) transfer_syntaxes: struct ndr_syntax_id uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 if_version : 0x00000002 (2) ctx_list: struct dcerpc_ctx_list context_id : 0x0001 (1) num_transfer_syntaxes : 0x01 (1) abstract_syntax: struct ndr_syntax_id uuid : 12345678-1234-abcd-ef00-0123456789ab if_version : 0x00000001 (1) transfer_syntaxes: ARRAY(1) transfer_syntaxes: struct ndr_syntax_id uuid : 71710533-beba-4937-8319-b5dbef9ccc36 if_version : 0x00000001 (1) ctx_list: struct dcerpc_ctx_list context_id : 0x0002 (2) num_transfer_syntaxes : 0x01 (1) abstract_syntax: struct ndr_syntax_id uuid : 12345678-1234-abcd-ef00-0123456789ab if_version : 0x00000001 (1) transfer_syntaxes: ARRAY(1) transfer_syntaxes: struct ndr_syntax_id uuid : 6cb71c2c-9812-4540-0300-000000000000 if_version : 0x00000001 (1) auth_info : DATA_BLOB length=0 [2013/11/07 14:24:58.307967, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) Processing packet type 11 [2013/11/07 14:24:58.308051, 3, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:693(api_pipe_bind_req) api_pipe_bind_req: spoolss -> spoolss rpc service [2013/11/07 14:24:58.308142, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:724(api_pipe_bind_req) api_pipe_bind_req: make response. 724 [2013/11/07 14:24:58.308223, 3, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:342(check_bind_req) check_bind_req for \spoolss [2013/11/07 14:24:58.308307, 3, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:349(check_bind_req) check_bind_req: spoolss -> spoolss rpc service [2013/11/07 14:24:58.308414, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 19 for pipe \spoolss [2013/11/07 14:24:58.308529, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_BIND_ACK (12) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0044 (68) auth_length : 0x0000 (0) call_id : 0x00000002 (2) u : union dcerpc_payload(case 12) bind_ack: struct dcerpc_bind_ack max_xmit_frag : 0x10b8 (4280) max_recv_frag : 0x10b8 (4280) assoc_group_id : 0x000053f0 (21488) secondary_address_size : 0x000e (14) secondary_address : '\PIPE\spoolss' _pad1 : DATA_BLOB length=0 num_results : 0x01 (1) ctx_list: ARRAY(1) ctx_list: struct dcerpc_ack_ctx result : 0x0000 (0) reason : 0x0000 (0) syntax: struct ndr_syntax_id uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 if_version : 0x00000002 (2) auth_info : DATA_BLOB length=0 [2013/11/07 14:24:58.309726, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 144 smbd_smb2_request_pending_queue: req->current_idx = 1 req->in.vector[0].iov_len = 0 req->in.vector[1].iov_len = 0 req->in.vector[2].iov_len = 64 req->in.vector[3].iov_len = 48 req->in.vector[4].iov_len = 160 req->out.vector[0].iov_len = 4 req->out.vector[1].iov_len = 0 req->out.vector[2].iov_len = 64 req->out.vector[3].iov_len = 8 req->out.vector[4].iov_len = 0 [2013/11/07 14:24:58.310209, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[16] dyn[yes:0] at ../source3/smbd/smb2_write.c:150 [2013/11/07 14:24:58.310310, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/226/127 [2013/11/07 14:24:58.310477, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) smbd_smb2_request_incoming: idx[1] of 5 vectors [2013/11/07 14:24:58.310563, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) smb2_validate_sequence_number: clearing id 226 (position 226) from bitmap [2013/11/07 14:24:58.310645, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) smbd_smb2_request_dispatch: opcode[SMB2_OP_IOCTL] mid = 226 [2013/11/07 14:24:58.310740, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2013/11/07 14:24:58.310826, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) mid 226, CreditCharge: 1, NeededCharge: 1 [2013/11/07 14:24:58.310908, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl.c:394(smbd_smb2_ioctl_send) smbd_smb2_ioctl: ctl_code[0x0011c017] spoolss, fnum 509269133 [2013/11/07 14:24:58.310994, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:59(smb2_ioctl_named_pipe) smbd_smb2_ioctl_send: np_write_send of size 192 [2013/11/07 14:24:58.311075, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 192 [2013/11/07 14:24:58.311156, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 192 [2013/11/07 14:24:58.311235, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 192 [2013/11/07 14:24:58.311316, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) fill_rpc_header: data_to_copy = 192, len_needed_to_complete_hdr = 16, receive_len = 0 [2013/11/07 14:24:58.311397, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 16 [2013/11/07 14:24:58.311476, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 176 [2013/11/07 14:24:58.311554, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 176 [2013/11/07 14:24:58.311637, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 0 [2013/11/07 14:24:58.311751, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 176 [2013/11/07 14:24:58.311830, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 176, incoming data = 176 [2013/11/07 14:24:58.311912, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) PDU is in Little Endian format! [2013/11/07 14:24:58.312018, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x00c0 (192) auth_length : 0x0000 (0) call_id : 0x00000002 (2) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x000000a8 (168) context_id : 0x0000 (0) opnum : 0x0045 (69) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=168 [0000] 00 00 02 00 13 00 00 00 00 00 00 00 13 00 00 00 ........ ........ [0010] 5C 00 5C 00 53 00 4C 00 41 00 56 00 45 00 52 00 \.\.S.L. A.V.E.R. [0020] 5C 00 73 00 70 00 72 00 69 00 6E 00 74 00 65 00 \.s.p.r. i.n.t.e. [0030] 72 00 31 00 00 00 00 00 00 00 00 00 00 00 00 00 r.1..... ........ [0040] 00 00 00 00 00 00 00 00 01 00 00 00 01 00 00 00 ........ ........ [0050] 04 00 02 00 28 00 00 00 08 00 02 00 0C 00 02 00 ....(... ........ [0060] 80 25 00 00 03 00 00 00 00 00 00 00 09 00 00 00 .%...... ........ [0070] 05 00 00 00 00 00 00 00 05 00 00 00 57 00 49 00 ........ ....W.I. [0080] 4E 00 38 00 00 00 00 00 0A 00 00 00 00 00 00 00 N.8..... ........ [0090] 0A 00 00 00 46 00 46 00 46 00 5C 00 74 00 65 00 ....F.F. F.\.t.e. [00A0] 73 00 74 00 38 00 00 00 s.t.8... [2013/11/07 14:24:58.313666, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) Processing packet type 0 [2013/11/07 14:24:58.313748, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1472(dcesrv_auth_request) Checking request auth. [2013/11/07 14:24:58.313832, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(2016, 5001) : sec_ctx_stack_ndx = 1 [2013/11/07 14:24:58.313924, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (2016, 5001) - sec_ctx_stack_ndx = 1 [2013/11/07 14:24:58.314008, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (7): SID[ 0]: S-1-5-21-1094127309-486540266-3527182606-1118 SID[ 1]: S-1-5-21-1094127309-486540266-3527182606-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-32-545 SID[ 6]: S-1-5-32-554 Privileges (0x 800000): Privilege[ 0]: SeChangeNotifyPrivilege Rights (0x 400): Right[ 0]: SeRemoteInteractiveLogonRight [2013/11/07 14:24:58.314490, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 2016 Primary group is 5001 and contains 6 supplementary groups Group[ 0]: 5001 Group[ 1]: 5012 Group[ 2]: 5032 Group[ 3]: 5010 Group[ 4]: 5067 Group[ 5]: 5052 [2013/11/07 14:24:58.314836, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1324(api_pipe_request) Requested \spoolss rpc service [2013/11/07 14:24:58.314921, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1356(api_rpcTNP) api_rpcTNP: \spoolss op 0x45 - api_rpcTNP: rpc command: SPOOLSS_OPENPRINTEREX [2013/11/07 14:24:58.315020, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1390(api_rpcTNP) api_rpc_cmds[69].fn == 0xb7662e70 [2013/11/07 14:24:58.315117, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) spoolss_OpenPrinterEx: struct spoolss_OpenPrinterEx in: struct spoolss_OpenPrinterEx printername : * printername : '\\SLAVER\sprinter1' datatype : NULL devmode_ctr: struct spoolss_DevmodeContainer _ndr_size : 0x00000000 (0) devmode : NULL access_mask : 0x00000000 (0) 0: SERVER_ACCESS_ADMINISTER 0: SERVER_ACCESS_ENUMERATE 0: PRINTER_ACCESS_ADMINISTER 0: PRINTER_ACCESS_USE 0: JOB_ACCESS_ADMINISTER 0: JOB_ACCESS_READ userlevel_ctr: struct spoolss_UserLevelCtr level : 0x00000001 (1) user_info : union spoolss_UserLevel(case 1) level1 : * level1: struct spoolss_UserLevel1 size : 0x00000028 (40) client : * client : 'WIN8' user : * user : 'FFF\test8' build : 0x00002580 (9600) major : UNKNOWN_ENUM_VALUE (3) minor : SPOOLSS_MINOR_VERSION_0 (0) processor : PROCESSOR_ARCHITECTURE_AMD64 (9) checking name: \\SLAVER\sprinter1 [2013/11/07 14:24:58.316379, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:737(open_printer_hnd) open_printer_hnd: name [\\SLAVER\sprinter1] [2013/11/07 14:24:58.316524, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[3] [0000] 00 00 00 00 8C 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.316675, 3, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:506(set_printer_hnd_printertype) Setting printer type=\\SLAVER\sprinter1 Printer is a printer [2013/11/07 14:24:58.316793, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:566(set_printer_hnd_name) Setting printer name=\\SLAVER\sprinter1 (len=18) searching for [sprinter1] [2013/11/07 14:24:58.316948, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=tdb] ../source3/lib/gencache.c:275(gencache_set_data_blob) Did not store value for PRINTERNAME/sprinter1, we already got it set_printer_hnd_name: Printer found: sprinter1 -> sprinter1 [2013/11/07 14:24:58.317065, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:773(open_printer_hnd) 3 printer handles active [2013/11/07 14:24:58.317148, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 8C 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.317327, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 8C 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.317492, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:489(get_printer_snum) short name:sprinter1 [2013/11/07 14:24:58.317598, 3, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/access.c:338(allow_access) Allowed connection from 10.200.7.61 (10.200.7.61) [2013/11/07 14:24:58.317816, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/share_access.c:237(user_ok_token) user_ok_token: share sprinter1 is ok for unix user test8 [2013/11/07 14:24:58.317973, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) Create pipe requested \winreg [2013/11/07 14:24:58.318063, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:221(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \winreg [2013/11/07 14:24:58.318145, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg [2013/11/07 14:24:58.318273, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) Created internal pipe \winreg [2013/11/07 14:24:58.318379, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:24:58.318886, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2013/11/07 14:24:58.318971, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(2016, 5001) : sec_ctx_stack_ndx = 2 [2013/11/07 14:24:58.319058, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:485(push_conn_ctx) push_conn_ctx(2620291195) : conn_ctx_stack_ndx = 0 [2013/11/07 14:24:58.319140, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/11/07 14:24:58.319220, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/11/07 14:24:58.319299, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/11/07 14:24:58.319537, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (2016, 5001) - sec_ctx_stack_ndx = 1 [2013/11/07 14:24:58.319623, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:866(regdb_open) regdb_open: registry db opened. refcount reset (1) [2013/11/07 14:24:58.319710, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2013/11/07 14:24:58.319790, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2013/11/07 14:24:58.319890, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:58.319970, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM] [2013/11/07 14:24:58.320096, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2013/11/07 14:24:58.320199, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:24:58.320285, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 8D 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.320494, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000018d-0000-0000-7b52-aa947f2c0000 result : WERR_OK [2013/11/07 14:24:58.320852, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000018d-0000-0000-7b52-aa947f2c0000 keyname: struct winreg_String name_len : 0x008c (140) name_size : 0x008c (140) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:24:58.321870, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 8D 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.322026, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2013/11/07 14:24:58.322108, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (1->2) [2013/11/07 14:24:58.322192, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2013/11/07 14:24:58.322286, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2013/11/07 14:24:58.322370, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:58.322449, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE] [2013/11/07 14:24:58.322562, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2013/11/07 14:24:58.322666, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2013/11/07 14:24:58.322749, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (2->3) [2013/11/07 14:24:58.322832, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:58.322912, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:58.322995, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:58.323074, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:58.323181, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:58.323281, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2013/11/07 14:24:58.323364, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (3->4) [2013/11/07 14:24:58.323448, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:58.323527, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:58.323610, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:58.323689, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:58.323791, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:58.323892, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2013/11/07 14:24:58.323973, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (4->5) [2013/11/07 14:24:58.324060, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:58.324153, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:58.324238, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:58.324317, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:58.324476, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2013/11/07 14:24:58.324562, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (5->6) [2013/11/07 14:24:58.324649, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:58.324730, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:58.324818, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:58.324897, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:58.325006, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2013/11/07 14:24:58.325088, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (6->7) [2013/11/07 14:24:58.325174, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:58.325332, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:58.325422, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:58.325501, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:58.325609, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:58.325713, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [sprinter1] [2013/11/07 14:24:58.325795, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (7->8) [2013/11/07 14:24:58.325881, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:58.325976, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:58.326064, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:58.326143, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:58.326270, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:58.326375, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:24:58.326461, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (8->7) [2013/11/07 14:24:58.326545, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (7->6) [2013/11/07 14:24:58.326628, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (6->5) [2013/11/07 14:24:58.326711, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (5->4) [2013/11/07 14:24:58.326795, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (4->3) [2013/11/07 14:24:58.326878, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (3->2) [2013/11/07 14:24:58.326963, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 8E 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.327114, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000018e-0000-0000-7b52-aa947f2c0000 result : WERR_OK [2013/11/07 14:24:58.327470, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000018e-0000-0000-7b52-aa947f2c0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2013/11/07 14:24:58.328252, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 8E 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.328458, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:58.328544, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2013/11/07 14:24:58.328627, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' (ops 0xb6d86bc0) [2013/11/07 14:24:58.328710, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:58.328830, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[0]: name[Attributes] len[4] [2013/11/07 14:24:58.328915, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[1]: name[Description] len[2] [2013/11/07 14:24:58.328998, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[2]: name[Datatype] len[8] [2013/11/07 14:24:58.329082, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[3]: name[Default Priority] len[4] [2013/11/07 14:24:58.329166, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[4]: name[Port] len[38] [2013/11/07 14:24:58.329251, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[5]: name[Name] len[20] [2013/11/07 14:24:58.329363, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[6]: name[Print Processor] len[18] [2013/11/07 14:24:58.329449, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[7]: name[Priority] len[4] [2013/11/07 14:24:58.329533, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[8]: name[Security] len[248] [2013/11/07 14:24:58.329618, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[9]: name[Share Name] len[20] [2013/11/07 14:24:58.329703, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[10]: name[StartTime] len[4] [2013/11/07 14:24:58.329803, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[11]: name[UntilTime] len[4] [2013/11/07 14:24:58.329888, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[12]: name[ChangeID] len[4] [2013/11/07 14:24:58.329975, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : NULL data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x00000000 (0) result : WERR_OK [2013/11/07 14:24:58.330434, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000018e-0000-0000-7b52-aa947f2c0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_BINARY (3) data : * data: ARRAY(0) data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x00000000 (0) [2013/11/07 14:24:58.331242, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 8E 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.331393, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:58.331475, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2013/11/07 14:24:58.331563, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : * data: ARRAY(248) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0xc4 (196) [55] : 0x00 (0) [56] : 0x07 (7) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x24 (36) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x05 (5) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x15 (21) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0xcd (205) [101] : 0x0e (14) [102] : 0x37 (55) [103] : 0x41 (65) [104] : 0xea (234) [105] : 0x03 (3) [106] : 0x00 (0) [107] : 0x1d (29) [108] : 0x0e (14) [109] : 0x89 (137) [110] : 0x3c (60) [111] : 0xd2 (210) [112] : 0x00 (0) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x02 (2) [118] : 0x24 (36) [119] : 0x00 (0) [120] : 0x0c (12) [121] : 0x00 (0) [122] : 0x0f (15) [123] : 0x10 (16) [124] : 0x01 (1) [125] : 0x05 (5) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x05 (5) [132] : 0x15 (21) [133] : 0x00 (0) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0xcd (205) [137] : 0x0e (14) [138] : 0x37 (55) [139] : 0x41 (65) [140] : 0xea (234) [141] : 0x03 (3) [142] : 0x00 (0) [143] : 0x1d (29) [144] : 0x0e (14) [145] : 0x89 (137) [146] : 0x3c (60) [147] : 0xd2 (210) [148] : 0x00 (0) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x09 (9) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x20 (32) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x02 (2) [178] : 0x18 (24) [179] : 0x00 (0) [180] : 0x0c (12) [181] : 0x00 (0) [182] : 0x0f (15) [183] : 0x10 (16) [184] : 0x01 (1) [185] : 0x02 (2) [186] : 0x00 (0) [187] : 0x00 (0) [188] : 0x00 (0) [189] : 0x00 (0) [190] : 0x00 (0) [191] : 0x05 (5) [192] : 0x20 (32) [193] : 0x00 (0) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x20 (32) [197] : 0x02 (2) [198] : 0x00 (0) [199] : 0x00 (0) [200] : 0x00 (0) [201] : 0x09 (9) [202] : 0x18 (24) [203] : 0x00 (0) [204] : 0x0c (12) [205] : 0x00 (0) [206] : 0x0f (15) [207] : 0x10 (16) [208] : 0x01 (1) [209] : 0x02 (2) [210] : 0x00 (0) [211] : 0x00 (0) [212] : 0x00 (0) [213] : 0x00 (0) [214] : 0x00 (0) [215] : 0x05 (5) [216] : 0x20 (32) [217] : 0x00 (0) [218] : 0x00 (0) [219] : 0x00 (0) [220] : 0x26 (38) [221] : 0x02 (2) [222] : 0x00 (0) [223] : 0x00 (0) [224] : 0x00 (0) [225] : 0x02 (2) [226] : 0x18 (24) [227] : 0x00 (0) [228] : 0x0c (12) [229] : 0x00 (0) [230] : 0x0f (15) [231] : 0x10 (16) [232] : 0x01 (1) [233] : 0x02 (2) [234] : 0x00 (0) [235] : 0x00 (0) [236] : 0x00 (0) [237] : 0x00 (0) [238] : 0x00 (0) [239] : 0x05 (5) [240] : 0x20 (32) [241] : 0x00 (0) [242] : 0x00 (0) [243] : 0x00 (0) [244] : 0x26 (38) [245] : 0x02 (2) [246] : 0x00 (0) [247] : 0x00 (0) data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x000000f8 (248) result : WERR_OK [2013/11/07 14:24:58.342085, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000018e-0000-0000-7b52-aa947f2c0000 [2013/11/07 14:24:58.342375, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 8E 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.342528, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 8E 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.342679, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:24:58.342766, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (2->1) [2013/11/07 14:24:58.342850, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:24:58.343187, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000018d-0000-0000-7b52-aa947f2c0000 [2013/11/07 14:24:58.343480, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 8D 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.343634, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 8D 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.343786, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:24:58.343868, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (1->0) [2013/11/07 14:24:58.343970, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:24:58.344303, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:416(close_policy_by_pipe) Deleted handle list for RPC connection \winreg [2013/11/07 14:24:58.344446, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x20020008 to 0x00020008 [2013/11/07 14:24:58.344531, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2013/11/07 14:24:58.344611, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2013/11/07 14:24:58.344691, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2013/11/07 14:24:58.344771, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2013/11/07 14:24:58.344851, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2013/11/07 14:24:58.344931, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2013/11/07 14:24:58.345013, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/printing/nt_printing.c:1844(print_access_check) access check was SUCCESS [2013/11/07 14:24:58.345097, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:1921(_spoolss_OpenPrinterEx) Setting printer access = PRINTER_ACCESS_USE [2013/11/07 14:24:58.345248, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) Create pipe requested \winreg [2013/11/07 14:24:58.345351, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:221(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \winreg [2013/11/07 14:24:58.345449, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg [2013/11/07 14:24:58.345578, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) Created internal pipe \winreg [2013/11/07 14:24:58.345679, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:24:58.346182, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2013/11/07 14:24:58.346267, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(2016, 5001) : sec_ctx_stack_ndx = 2 [2013/11/07 14:24:58.346354, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:485(push_conn_ctx) push_conn_ctx(2620291195) : conn_ctx_stack_ndx = 0 [2013/11/07 14:24:58.346436, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/11/07 14:24:58.346516, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/11/07 14:24:58.346596, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/11/07 14:24:58.346827, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (2016, 5001) - sec_ctx_stack_ndx = 1 [2013/11/07 14:24:58.346911, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:866(regdb_open) regdb_open: registry db opened. refcount reset (1) [2013/11/07 14:24:58.346997, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2013/11/07 14:24:58.347076, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2013/11/07 14:24:58.347159, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:58.347238, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM] [2013/11/07 14:24:58.347361, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2013/11/07 14:24:58.347462, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:24:58.347549, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 8F 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.347720, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000018f-0000-0000-7b52-aa947f2c0000 result : WERR_OK [2013/11/07 14:24:58.348067, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000018f-0000-0000-7b52-aa947f2c0000 keyname: struct winreg_String name_len : 0x008c (140) name_size : 0x008c (140) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:24:58.349185, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 8F 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.349356, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2013/11/07 14:24:58.349440, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (1->2) [2013/11/07 14:24:58.349524, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2013/11/07 14:24:58.349604, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2013/11/07 14:24:58.349688, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:58.349767, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE] [2013/11/07 14:24:58.349880, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2013/11/07 14:24:58.349981, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2013/11/07 14:24:58.350064, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (2->3) [2013/11/07 14:24:58.350165, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:58.350245, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:58.350328, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:58.350407, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:58.350512, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:58.350611, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2013/11/07 14:24:58.350693, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (3->4) [2013/11/07 14:24:58.350779, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:58.350859, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:58.350943, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:58.351021, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:58.351123, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:58.351224, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2013/11/07 14:24:58.351306, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (4->5) [2013/11/07 14:24:58.351391, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:58.351471, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:58.351557, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:58.351635, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:58.351759, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2013/11/07 14:24:58.351854, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (5->6) [2013/11/07 14:24:58.351942, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:58.352022, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:58.352110, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:58.352189, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:58.352298, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2013/11/07 14:24:58.352379, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (6->7) [2013/11/07 14:24:58.352520, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:58.352603, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:58.352692, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:58.352772, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:58.352878, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:58.352981, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [sprinter1] [2013/11/07 14:24:58.353063, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (7->8) [2013/11/07 14:24:58.353149, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:58.353229, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:58.353344, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:58.353424, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:58.353553, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:58.353674, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:24:58.353759, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (8->7) [2013/11/07 14:24:58.353843, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (7->6) [2013/11/07 14:24:58.353927, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (6->5) [2013/11/07 14:24:58.354009, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (5->4) [2013/11/07 14:24:58.354092, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (4->3) [2013/11/07 14:24:58.354175, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (3->2) [2013/11/07 14:24:58.354260, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 90 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.354410, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000190-0000-0000-7b52-aa947f2c0000 result : WERR_OK [2013/11/07 14:24:58.354750, 2, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/rpc_client/cli_winreg_spoolss.c:626(winreg_create_printer) winreg_create_printer: Skipping, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1 already exists [2013/11/07 14:24:58.354849, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000190-0000-0000-7b52-aa947f2c0000 [2013/11/07 14:24:58.355128, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 90 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.355276, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 90 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.355423, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:24:58.355505, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (2->1) [2013/11/07 14:24:58.355601, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:24:58.355938, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000018f-0000-0000-7b52-aa947f2c0000 [2013/11/07 14:24:58.356218, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 8F 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.356370, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 8F 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.356562, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:24:58.356645, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (1->0) [2013/11/07 14:24:58.356743, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:24:58.357075, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:416(close_policy_by_pipe) Deleted handle list for RPC connection \winreg [2013/11/07 14:24:58.357167, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) spoolss_OpenPrinterEx: struct spoolss_OpenPrinterEx out: struct spoolss_OpenPrinterEx handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000018c-0000-0000-7b52-aa947f2c0000 result : WERR_OK [2013/11/07 14:24:58.357508, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1417(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2013/11/07 14:24:58.357608, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (2016, 5001) - sec_ctx_stack_ndx = 0 [2013/11/07 14:24:58.357695, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 176 smbd_smb2_request_pending_queue: req->current_idx = 1 req->in.vector[0].iov_len = 0 req->in.vector[1].iov_len = 0 req->in.vector[2].iov_len = 64 req->in.vector[3].iov_len = 56 req->in.vector[4].iov_len = 192 req->out.vector[0].iov_len = 4 req->out.vector[1].iov_len = 0 req->out.vector[2].iov_len = 64 req->out.vector[3].iov_len = 8 req->out.vector[4].iov_len = 0 [2013/11/07 14:24:58.358204, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:128(smbd_smb2_ioctl_pipe_write_done) smbd_smb2_ioctl_pipe_write_done: received 192 [2013/11/07 14:24:58.358287, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:149(smbd_smb2_ioctl_pipe_write_done) smbd_smb2_ioctl_pipe_write_done: issuing np_read_send of size 1024 [2013/11/07 14:24:58.358372, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) name: \spoolss len: 1024 [2013/11/07 14:24:58.358456, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:347(read_from_internal_pipe) read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 24. [2013/11/07 14:24:58.358552, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0030 (48) auth_length : 0x0000 (0) call_id : 0x00000002 (2) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00000018 (24) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=24 [0000] 00 00 00 00 8C 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 00 00 00 00 .,...... [2013/11/07 14:24:58.359481, 3, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) free_pipe_context: destroying talloc pool of size 61 [2013/11/07 14:24:58.359573, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 48 bytes. There is no more data outstanding [2013/11/07 14:24:58.359654, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:178(smbd_smb2_ioctl_pipe_read_done) smbd_smb2_ioctl_pipe_read_done: np_read_recv nread = 48 is_data_outstanding = 0, status = NT_STATUS_OK [2013/11/07 14:24:58.359741, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl.c:291(smbd_smb2_request_ioctl_done) smbd_smb2_request_ioctl_done: smbd_smb2_ioctl_recv returned 48 status NT_STATUS_OK [2013/11/07 14:24:58.359824, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[48] dyn[yes:48] at ../source3/smbd/smb2_ioctl.c:358 [2013/11/07 14:24:58.359909, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/227/127 [2013/11/07 14:24:58.360107, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) smbd_smb2_request_incoming: idx[1] of 5 vectors [2013/11/07 14:24:58.360207, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) smb2_validate_sequence_number: clearing id 227 (position 227) from bitmap [2013/11/07 14:24:58.360307, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) smbd_smb2_request_dispatch: opcode[SMB2_OP_IOCTL] mid = 227 [2013/11/07 14:24:58.360447, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2013/11/07 14:24:58.360544, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) mid 227, CreditCharge: 1, NeededCharge: 1 [2013/11/07 14:24:58.360626, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl.c:394(smbd_smb2_ioctl_send) smbd_smb2_ioctl: ctl_code[0x0011c017] spoolss, fnum 3764318751 [2013/11/07 14:24:58.360716, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:59(smb2_ioctl_named_pipe) smbd_smb2_ioctl_send: np_write_send of size 4156 [2013/11/07 14:24:58.360797, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 4156 [2013/11/07 14:24:58.360879, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 4156 [2013/11/07 14:24:58.360958, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 4156 [2013/11/07 14:24:58.361040, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) fill_rpc_header: data_to_copy = 4156, len_needed_to_complete_hdr = 16, receive_len = 0 [2013/11/07 14:24:58.361123, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 16 [2013/11/07 14:24:58.361202, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 4140 [2013/11/07 14:24:58.361294, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 4140 [2013/11/07 14:24:58.361382, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 0 [2013/11/07 14:24:58.361462, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 4140 [2013/11/07 14:24:58.361541, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 4140, incoming data = 4140 [2013/11/07 14:24:58.361627, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) PDU is in Little Endian format! [2013/11/07 14:24:58.361718, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x103c (4156) auth_length : 0x0000 (0) call_id : 0x00000004 (4) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x00001024 (4132) context_id : 0x0000 (0) opnum : 0x0008 (8) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=4132 [0000] 00 00 00 00 7E 01 00 00 00 00 00 00 7B 52 AA 94 ....~... ....{R.. [0010] 7F 2C 00 00 02 00 00 00 00 00 02 00 00 10 00 00 .,...... ........ [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1020] 00 10 00 00 .... [2013/11/07 14:24:58.380229, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) Processing packet type 0 [2013/11/07 14:24:58.380316, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1472(dcesrv_auth_request) Checking request auth. [2013/11/07 14:24:58.380467, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(2016, 5001) : sec_ctx_stack_ndx = 1 [2013/11/07 14:24:58.380560, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (2016, 5001) - sec_ctx_stack_ndx = 1 [2013/11/07 14:24:58.380644, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (7): SID[ 0]: S-1-5-21-1094127309-486540266-3527182606-1118 SID[ 1]: S-1-5-21-1094127309-486540266-3527182606-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-32-545 SID[ 6]: S-1-5-32-554 Privileges (0x 800000): Privilege[ 0]: SeChangeNotifyPrivilege Rights (0x 400): Right[ 0]: SeRemoteInteractiveLogonRight [2013/11/07 14:24:58.381127, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 2016 Primary group is 5001 and contains 6 supplementary groups Group[ 0]: 5001 Group[ 1]: 5012 Group[ 2]: 5032 Group[ 3]: 5010 Group[ 4]: 5067 Group[ 5]: 5052 [2013/11/07 14:24:58.381484, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1324(api_pipe_request) Requested \spoolss rpc service [2013/11/07 14:24:58.381570, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1356(api_rpcTNP) api_rpcTNP: \spoolss op 0x8 - api_rpcTNP: rpc command: SPOOLSS_GETPRINTER [2013/11/07 14:24:58.381656, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1390(api_rpcTNP) api_rpc_cmds[8].fn == 0xb766e000 [2013/11/07 14:24:58.381745, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) spoolss_GetPrinter: struct spoolss_GetPrinter in: struct spoolss_GetPrinter handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000017e-0000-0000-7b52-aa947f2c0000 level : 0x00000002 (2) buffer : * buffer : DATA_BLOB length=4096 [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ offered : 0x00001000 (4096) [2013/11/07 14:24:58.399623, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[2] [0000] 00 00 00 00 7E 01 00 00 00 00 00 00 7B 52 AA 94 ....~... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.399777, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[2] [0000] 00 00 00 00 7E 01 00 00 00 00 00 00 7B 52 AA 94 ....~... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.399924, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:489(get_printer_snum) short name:sprinter1 [2013/11/07 14:24:58.400101, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) Create pipe requested \winreg [2013/11/07 14:24:58.400208, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:221(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \winreg [2013/11/07 14:24:58.400291, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg [2013/11/07 14:24:58.400472, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) Created internal pipe \winreg [2013/11/07 14:24:58.400590, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:24:58.401099, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2013/11/07 14:24:58.401184, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(2016, 5001) : sec_ctx_stack_ndx = 2 [2013/11/07 14:24:58.401272, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:485(push_conn_ctx) push_conn_ctx(2620291195) : conn_ctx_stack_ndx = 0 [2013/11/07 14:24:58.401383, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/11/07 14:24:58.401463, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/11/07 14:24:58.401542, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/11/07 14:24:58.401786, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (2016, 5001) - sec_ctx_stack_ndx = 1 [2013/11/07 14:24:58.401870, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:866(regdb_open) regdb_open: registry db opened. refcount reset (1) [2013/11/07 14:24:58.401957, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2013/11/07 14:24:58.402037, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2013/11/07 14:24:58.402120, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:58.402200, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM] [2013/11/07 14:24:58.402326, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2013/11/07 14:24:58.402428, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:24:58.402530, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 91 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.402689, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000191-0000-0000-7b52-aa947f2c0000 result : WERR_OK [2013/11/07 14:24:58.403049, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000191-0000-0000-7b52-aa947f2c0000 keyname: struct winreg_String name_len : 0x008c (140) name_size : 0x008c (140) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:24:58.404047, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 91 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.404202, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2013/11/07 14:24:58.404284, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (1->2) [2013/11/07 14:24:58.404369, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2013/11/07 14:24:58.404560, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2013/11/07 14:24:58.404646, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:58.404725, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE] [2013/11/07 14:24:58.404840, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2013/11/07 14:24:58.404942, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2013/11/07 14:24:58.405040, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (2->3) [2013/11/07 14:24:58.405125, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:58.405204, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:58.405301, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:58.405381, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:58.405486, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:58.405586, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2013/11/07 14:24:58.405669, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (3->4) [2013/11/07 14:24:58.405755, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:58.405835, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:58.405919, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:58.405998, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:58.406100, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:58.406201, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2013/11/07 14:24:58.406283, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (4->5) [2013/11/07 14:24:58.406369, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:58.406449, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:58.406534, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:58.406613, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:58.406736, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2013/11/07 14:24:58.406832, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (5->6) [2013/11/07 14:24:58.406918, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:58.406999, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:58.407087, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:58.407166, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:58.407274, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2013/11/07 14:24:58.407356, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (6->7) [2013/11/07 14:24:58.407442, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:58.407523, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:58.407611, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:58.407690, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:58.407795, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:58.407897, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [sprinter1] [2013/11/07 14:24:58.407980, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (7->8) [2013/11/07 14:24:58.408065, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:58.408146, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:58.408234, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:58.408312, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:58.408489, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:58.408597, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:24:58.408683, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (8->7) [2013/11/07 14:24:58.408766, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (7->6) [2013/11/07 14:24:58.408850, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (6->5) [2013/11/07 14:24:58.408933, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (5->4) [2013/11/07 14:24:58.409015, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (4->3) [2013/11/07 14:24:58.409098, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (3->2) [2013/11/07 14:24:58.409182, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 92 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.409345, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000192-0000-0000-7b52-aa947f2c0000 result : WERR_OK [2013/11/07 14:24:58.409698, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey in: struct winreg_QueryInfoKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000192-0000-0000-7b52-aa947f2c0000 classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL [2013/11/07 14:24:58.410172, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 92 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.410329, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' (ops 0xb6d86bc0) [2013/11/07 14:24:58.410413, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:58.410547, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[0]: name[Attributes] len[4] [2013/11/07 14:24:58.410633, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[1]: name[Description] len[2] [2013/11/07 14:24:58.410717, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[2]: name[Datatype] len[8] [2013/11/07 14:24:58.410800, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[3]: name[Default Priority] len[4] [2013/11/07 14:24:58.410885, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[4]: name[Port] len[38] [2013/11/07 14:24:58.410969, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[5]: name[Name] len[20] [2013/11/07 14:24:58.411053, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[6]: name[Print Processor] len[18] [2013/11/07 14:24:58.411138, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[7]: name[Priority] len[4] [2013/11/07 14:24:58.411223, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[8]: name[Security] len[248] [2013/11/07 14:24:58.411308, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[9]: name[Share Name] len[20] [2013/11/07 14:24:58.411392, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[10]: name[StartTime] len[4] [2013/11/07 14:24:58.411478, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[11]: name[UntilTime] len[4] [2013/11/07 14:24:58.411562, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[12]: name[ChangeID] len[4] [2013/11/07 14:24:58.411648, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:58.411753, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey out: struct winreg_QueryInfoKey classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL num_subkeys : * num_subkeys : 0x00000003 (3) max_subkeylen : * max_subkeylen : 0x00000022 (34) max_classlen : * max_classlen : 0x00000000 (0) num_values : * num_values : 0x0000000d (13) max_valnamelen : * max_valnamelen : 0x00000022 (34) max_valbufsize : * max_valbufsize : 0x000000f8 (248) secdescsize : * secdescsize : 0x00000078 (120) last_changed_time : * last_changed_time : NTTIME(0) result : WERR_OK [2013/11/07 14:24:58.412791, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000192-0000-0000-7b52-aa947f2c0000 enum_index : 0x00000000 (0) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:58.413675, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 92 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.413825, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:58.413917, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0016 (22) size : 0x0024 (36) name : * name : 'Attributes' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x48 (72) [1] : 0x10 (16) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:58.414786, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000192-0000-0000-7b52-aa947f2c0000 enum_index : 0x00000001 (1) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:58.415645, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 92 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.415797, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:58.415884, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0018 (24) size : 0x0024 (36) name : * name : 'Description' type : * type : REG_SZ (1) value : * value: ARRAY(2) [0] : 0x00 (0) [1] : 0x00 (0) size : * size : 0x00000002 (2) length : * length : 0x00000002 (2) result : WERR_OK [2013/11/07 14:24:58.416772, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000192-0000-0000-7b52-aa947f2c0000 enum_index : 0x00000002 (2) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:58.417632, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 92 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.417784, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:58.417885, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Datatype' type : * type : REG_SZ (1) value : * value: ARRAY(8) [0] : 0x52 (82) [1] : 0x00 (0) [2] : 0x41 (65) [3] : 0x00 (0) [4] : 0x57 (87) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) size : * size : 0x00000008 (8) length : * length : 0x00000008 (8) result : WERR_OK [2013/11/07 14:24:58.418914, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000192-0000-0000-7b52-aa947f2c0000 enum_index : 0x00000003 (3) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:58.419760, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 92 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.419912, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:58.419999, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0022 (34) size : 0x0024 (36) name : * name : 'Default Priority' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:58.420912, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000192-0000-0000-7b52-aa947f2c0000 enum_index : 0x00000004 (4) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:58.421769, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 92 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.421918, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:58.422005, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x000a (10) size : 0x0024 (36) name : * name : 'Port' type : * type : REG_SZ (1) value : * value: ARRAY(38) [0] : 0x53 (83) [1] : 0x00 (0) [2] : 0x61 (97) [3] : 0x00 (0) [4] : 0x6d (109) [5] : 0x00 (0) [6] : 0x62 (98) [7] : 0x00 (0) [8] : 0x61 (97) [9] : 0x00 (0) [10] : 0x20 (32) [11] : 0x00 (0) [12] : 0x50 (80) [13] : 0x00 (0) [14] : 0x72 (114) [15] : 0x00 (0) [16] : 0x69 (105) [17] : 0x00 (0) [18] : 0x6e (110) [19] : 0x00 (0) [20] : 0x74 (116) [21] : 0x00 (0) [22] : 0x65 (101) [23] : 0x00 (0) [24] : 0x72 (114) [25] : 0x00 (0) [26] : 0x20 (32) [27] : 0x00 (0) [28] : 0x50 (80) [29] : 0x00 (0) [30] : 0x6f (111) [31] : 0x00 (0) [32] : 0x72 (114) [33] : 0x00 (0) [34] : 0x74 (116) [35] : 0x00 (0) [36] : 0x00 (0) [37] : 0x00 (0) size : * size : 0x00000026 (38) length : * length : 0x00000026 (38) result : WERR_OK [2013/11/07 14:24:58.424213, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000192-0000-0000-7b52-aa947f2c0000 enum_index : 0x00000005 (5) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:58.425092, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 92 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.425241, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:58.425359, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x000a (10) size : 0x0024 (36) name : * name : 'Name' type : * type : REG_SZ (1) value : * value: ARRAY(20) [0] : 0x73 (115) [1] : 0x00 (0) [2] : 0x70 (112) [3] : 0x00 (0) [4] : 0x72 (114) [5] : 0x00 (0) [6] : 0x69 (105) [7] : 0x00 (0) [8] : 0x6e (110) [9] : 0x00 (0) [10] : 0x74 (116) [11] : 0x00 (0) [12] : 0x65 (101) [13] : 0x00 (0) [14] : 0x72 (114) [15] : 0x00 (0) [16] : 0x31 (49) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) size : * size : 0x00000014 (20) length : * length : 0x00000014 (20) result : WERR_OK [2013/11/07 14:24:58.426934, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000192-0000-0000-7b52-aa947f2c0000 enum_index : 0x00000006 (6) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:58.427786, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 92 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.427935, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:58.428023, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0020 (32) size : 0x0024 (36) name : * name : 'Print Processor' type : * type : REG_SZ (1) value : * value: ARRAY(18) [0] : 0x77 (119) [1] : 0x00 (0) [2] : 0x69 (105) [3] : 0x00 (0) [4] : 0x6e (110) [5] : 0x00 (0) [6] : 0x70 (112) [7] : 0x00 (0) [8] : 0x72 (114) [9] : 0x00 (0) [10] : 0x69 (105) [11] : 0x00 (0) [12] : 0x6e (110) [13] : 0x00 (0) [14] : 0x74 (116) [15] : 0x00 (0) [16] : 0x00 (0) [17] : 0x00 (0) size : * size : 0x00000012 (18) length : * length : 0x00000012 (18) result : WERR_OK [2013/11/07 14:24:58.429497, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000192-0000-0000-7b52-aa947f2c0000 enum_index : 0x00000007 (7) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:58.430352, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 92 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.430502, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:58.430589, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Priority' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:58.431484, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000192-0000-0000-7b52-aa947f2c0000 enum_index : 0x00000008 (8) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:58.432328, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 92 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.432507, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:58.432595, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Security' type : * type : REG_BINARY (3) value : * value: ARRAY(248) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0xc4 (196) [55] : 0x00 (0) [56] : 0x07 (7) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x24 (36) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x05 (5) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x15 (21) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0xcd (205) [101] : 0x0e (14) [102] : 0x37 (55) [103] : 0x41 (65) [104] : 0xea (234) [105] : 0x03 (3) [106] : 0x00 (0) [107] : 0x1d (29) [108] : 0x0e (14) [109] : 0x89 (137) [110] : 0x3c (60) [111] : 0xd2 (210) [112] : 0x00 (0) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x02 (2) [118] : 0x24 (36) [119] : 0x00 (0) [120] : 0x0c (12) [121] : 0x00 (0) [122] : 0x0f (15) [123] : 0x10 (16) [124] : 0x01 (1) [125] : 0x05 (5) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x05 (5) [132] : 0x15 (21) [133] : 0x00 (0) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0xcd (205) [137] : 0x0e (14) [138] : 0x37 (55) [139] : 0x41 (65) [140] : 0xea (234) [141] : 0x03 (3) [142] : 0x00 (0) [143] : 0x1d (29) [144] : 0x0e (14) [145] : 0x89 (137) [146] : 0x3c (60) [147] : 0xd2 (210) [148] : 0x00 (0) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x09 (9) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x20 (32) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x02 (2) [178] : 0x18 (24) [179] : 0x00 (0) [180] : 0x0c (12) [181] : 0x00 (0) [182] : 0x0f (15) [183] : 0x10 (16) [184] : 0x01 (1) [185] : 0x02 (2) [186] : 0x00 (0) [187] : 0x00 (0) [188] : 0x00 (0) [189] : 0x00 (0) [190] : 0x00 (0) [191] : 0x05 (5) [192] : 0x20 (32) [193] : 0x00 (0) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x20 (32) [197] : 0x02 (2) [198] : 0x00 (0) [199] : 0x00 (0) [200] : 0x00 (0) [201] : 0x09 (9) [202] : 0x18 (24) [203] : 0x00 (0) [204] : 0x0c (12) [205] : 0x00 (0) [206] : 0x0f (15) [207] : 0x10 (16) [208] : 0x01 (1) [209] : 0x02 (2) [210] : 0x00 (0) [211] : 0x00 (0) [212] : 0x00 (0) [213] : 0x00 (0) [214] : 0x00 (0) [215] : 0x05 (5) [216] : 0x20 (32) [217] : 0x00 (0) [218] : 0x00 (0) [219] : 0x00 (0) [220] : 0x26 (38) [221] : 0x02 (2) [222] : 0x00 (0) [223] : 0x00 (0) [224] : 0x00 (0) [225] : 0x02 (2) [226] : 0x18 (24) [227] : 0x00 (0) [228] : 0x0c (12) [229] : 0x00 (0) [230] : 0x0f (15) [231] : 0x10 (16) [232] : 0x01 (1) [233] : 0x02 (2) [234] : 0x00 (0) [235] : 0x00 (0) [236] : 0x00 (0) [237] : 0x00 (0) [238] : 0x00 (0) [239] : 0x05 (5) [240] : 0x20 (32) [241] : 0x00 (0) [242] : 0x00 (0) [243] : 0x00 (0) [244] : 0x26 (38) [245] : 0x02 (2) [246] : 0x00 (0) [247] : 0x00 (0) size : * size : 0x000000f8 (248) length : * length : 0x000000f8 (248) result : WERR_OK [2013/11/07 14:24:58.443199, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000192-0000-0000-7b52-aa947f2c0000 enum_index : 0x00000009 (9) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:58.444056, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 92 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.444207, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:58.444295, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0016 (22) size : 0x0024 (36) name : * name : 'Share Name' type : * type : REG_SZ (1) value : * value: ARRAY(20) [0] : 0x73 (115) [1] : 0x00 (0) [2] : 0x70 (112) [3] : 0x00 (0) [4] : 0x72 (114) [5] : 0x00 (0) [6] : 0x69 (105) [7] : 0x00 (0) [8] : 0x6e (110) [9] : 0x00 (0) [10] : 0x74 (116) [11] : 0x00 (0) [12] : 0x65 (101) [13] : 0x00 (0) [14] : 0x72 (114) [15] : 0x00 (0) [16] : 0x31 (49) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) size : * size : 0x00000014 (20) length : * length : 0x00000014 (20) result : WERR_OK [2013/11/07 14:24:58.445849, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000192-0000-0000-7b52-aa947f2c0000 enum_index : 0x0000000a (10) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:58.446700, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 92 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.446849, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:58.446935, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0014 (20) size : 0x0024 (36) name : * name : 'StartTime' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:58.447809, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000192-0000-0000-7b52-aa947f2c0000 enum_index : 0x0000000b (11) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:58.448703, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 92 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.448852, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:58.448938, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0014 (20) size : 0x0024 (36) name : * name : 'UntilTime' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:58.449841, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000192-0000-0000-7b52-aa947f2c0000 enum_index : 0x0000000c (12) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:58.450702, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 92 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.450851, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:58.450938, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'ChangeID' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x33 (51) [1] : 0xac (172) [2] : 0x0e (14) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:58.451854, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000192-0000-0000-7b52-aa947f2c0000 value_name : * value_name: struct winreg_String name_len : 0x0020 (32) name_size : 0x0020 (32) name : * name : 'Default DevMode' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2013/11/07 14:24:58.452656, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 92 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.452806, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:58.452888, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2013/11/07 14:24:58.452977, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:316(_winreg_QueryValue) _winreg_QueryValue: reg_queryvalue failed with: WERR_BADFILE [2013/11/07 14:24:58.453072, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) result : WERR_BADFILE [2013/11/07 14:24:58.453545, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:24:58.454051, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2013/11/07 14:24:58.454135, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (2->3) [2013/11/07 14:24:58.454220, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2013/11/07 14:24:58.454300, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2013/11/07 14:24:58.454383, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:58.454462, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM] [2013/11/07 14:24:58.454581, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2013/11/07 14:24:58.454684, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:24:58.454772, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[3] [0000] 00 00 00 00 93 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.454925, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000193-0000-0000-7b52-aa947f2c0000 result : WERR_OK [2013/11/07 14:24:58.455269, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000193-0000-0000-7b52-aa947f2c0000 keyname: struct winreg_String name_len : 0x008c (140) name_size : 0x008c (140) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:24:58.456283, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 93 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.456466, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2013/11/07 14:24:58.456548, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (3->4) [2013/11/07 14:24:58.456632, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2013/11/07 14:24:58.456711, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2013/11/07 14:24:58.456795, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:58.456874, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE] [2013/11/07 14:24:58.456984, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2013/11/07 14:24:58.457084, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2013/11/07 14:24:58.457166, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (4->5) [2013/11/07 14:24:58.457250, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:58.457341, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:58.457426, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:58.457505, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:58.457623, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:58.457724, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2013/11/07 14:24:58.457806, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (5->6) [2013/11/07 14:24:58.457890, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:58.457969, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:58.458054, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:58.458133, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:58.458234, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:58.458335, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2013/11/07 14:24:58.458434, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (6->7) [2013/11/07 14:24:58.458519, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:58.458614, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:58.458701, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:58.458780, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:58.458920, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2013/11/07 14:24:58.459003, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (7->8) [2013/11/07 14:24:58.459088, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:58.459169, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:58.459256, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:58.459335, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:58.459459, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2013/11/07 14:24:58.459542, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (8->9) [2013/11/07 14:24:58.459627, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:58.459708, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:58.459796, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:58.459875, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:58.459981, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:58.460085, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [sprinter1] [2013/11/07 14:24:58.460167, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (9->10) [2013/11/07 14:24:58.460253, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:58.460333, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:58.460454, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:58.460534, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:58.460648, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:58.460751, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:24:58.460836, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (10->9) [2013/11/07 14:24:58.460920, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (9->8) [2013/11/07 14:24:58.461004, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (8->7) [2013/11/07 14:24:58.461100, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (7->6) [2013/11/07 14:24:58.461182, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (6->5) [2013/11/07 14:24:58.461266, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (5->4) [2013/11/07 14:24:58.461372, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[4] [0000] 00 00 00 00 94 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.461522, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000194-0000-0000-7b52-aa947f2c0000 result : WERR_OK [2013/11/07 14:24:58.461878, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000194-0000-0000-7b52-aa947f2c0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2013/11/07 14:24:58.462649, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 94 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.462797, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:58.462879, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2013/11/07 14:24:58.462961, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' (ops 0xb6d86bc0) [2013/11/07 14:24:58.463044, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:58.463152, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[0]: name[Attributes] len[4] [2013/11/07 14:24:58.463250, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[1]: name[Description] len[2] [2013/11/07 14:24:58.463334, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[2]: name[Datatype] len[8] [2013/11/07 14:24:58.463417, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[3]: name[Default Priority] len[4] [2013/11/07 14:24:58.463502, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[4]: name[Port] len[38] [2013/11/07 14:24:58.463586, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[5]: name[Name] len[20] [2013/11/07 14:24:58.463670, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[6]: name[Print Processor] len[18] [2013/11/07 14:24:58.463754, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[7]: name[Priority] len[4] [2013/11/07 14:24:58.463839, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[8]: name[Security] len[248] [2013/11/07 14:24:58.463924, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[9]: name[Share Name] len[20] [2013/11/07 14:24:58.464009, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[10]: name[StartTime] len[4] [2013/11/07 14:24:58.464094, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[11]: name[UntilTime] len[4] [2013/11/07 14:24:58.464179, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[12]: name[ChangeID] len[4] [2013/11/07 14:24:58.464266, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : NULL data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x00000000 (0) result : WERR_OK [2013/11/07 14:24:58.464747, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000194-0000-0000-7b52-aa947f2c0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_BINARY (3) data : * data: ARRAY(0) data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x00000000 (0) [2013/11/07 14:24:58.465582, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 94 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.465731, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:58.465812, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2013/11/07 14:24:58.465900, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : * data: ARRAY(248) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0xc4 (196) [55] : 0x00 (0) [56] : 0x07 (7) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x24 (36) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x05 (5) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x15 (21) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0xcd (205) [101] : 0x0e (14) [102] : 0x37 (55) [103] : 0x41 (65) [104] : 0xea (234) [105] : 0x03 (3) [106] : 0x00 (0) [107] : 0x1d (29) [108] : 0x0e (14) [109] : 0x89 (137) [110] : 0x3c (60) [111] : 0xd2 (210) [112] : 0x00 (0) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x02 (2) [118] : 0x24 (36) [119] : 0x00 (0) [120] : 0x0c (12) [121] : 0x00 (0) [122] : 0x0f (15) [123] : 0x10 (16) [124] : 0x01 (1) [125] : 0x05 (5) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x05 (5) [132] : 0x15 (21) [133] : 0x00 (0) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0xcd (205) [137] : 0x0e (14) [138] : 0x37 (55) [139] : 0x41 (65) [140] : 0xea (234) [141] : 0x03 (3) [142] : 0x00 (0) [143] : 0x1d (29) [144] : 0x0e (14) [145] : 0x89 (137) [146] : 0x3c (60) [147] : 0xd2 (210) [148] : 0x00 (0) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x09 (9) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x20 (32) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x02 (2) [178] : 0x18 (24) [179] : 0x00 (0) [180] : 0x0c (12) [181] : 0x00 (0) [182] : 0x0f (15) [183] : 0x10 (16) [184] : 0x01 (1) [185] : 0x02 (2) [186] : 0x00 (0) [187] : 0x00 (0) [188] : 0x00 (0) [189] : 0x00 (0) [190] : 0x00 (0) [191] : 0x05 (5) [192] : 0x20 (32) [193] : 0x00 (0) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x20 (32) [197] : 0x02 (2) [198] : 0x00 (0) [199] : 0x00 (0) [200] : 0x00 (0) [201] : 0x09 (9) [202] : 0x18 (24) [203] : 0x00 (0) [204] : 0x0c (12) [205] : 0x00 (0) [206] : 0x0f (15) [207] : 0x10 (16) [208] : 0x01 (1) [209] : 0x02 (2) [210] : 0x00 (0) [211] : 0x00 (0) [212] : 0x00 (0) [213] : 0x00 (0) [214] : 0x00 (0) [215] : 0x05 (5) [216] : 0x20 (32) [217] : 0x00 (0) [218] : 0x00 (0) [219] : 0x00 (0) [220] : 0x26 (38) [221] : 0x02 (2) [222] : 0x00 (0) [223] : 0x00 (0) [224] : 0x00 (0) [225] : 0x02 (2) [226] : 0x18 (24) [227] : 0x00 (0) [228] : 0x0c (12) [229] : 0x00 (0) [230] : 0x0f (15) [231] : 0x10 (16) [232] : 0x01 (1) [233] : 0x02 (2) [234] : 0x00 (0) [235] : 0x00 (0) [236] : 0x00 (0) [237] : 0x00 (0) [238] : 0x00 (0) [239] : 0x05 (5) [240] : 0x20 (32) [241] : 0x00 (0) [242] : 0x00 (0) [243] : 0x00 (0) [244] : 0x26 (38) [245] : 0x02 (2) [246] : 0x00 (0) [247] : 0x00 (0) data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x000000f8 (248) result : WERR_OK [2013/11/07 14:24:58.476184, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000194-0000-0000-7b52-aa947f2c0000 [2013/11/07 14:24:58.476496, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 94 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.476646, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 94 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.476793, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:24:58.476880, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (4->3) [2013/11/07 14:24:58.476963, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:24:58.477308, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000193-0000-0000-7b52-aa947f2c0000 [2013/11/07 14:24:58.477588, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 93 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.477740, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 93 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.477891, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:24:58.477973, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (3->2) [2013/11/07 14:24:58.478055, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:24:58.478393, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000192-0000-0000-7b52-aa947f2c0000 [2013/11/07 14:24:58.478685, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 92 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.478833, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 92 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.478980, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:24:58.479067, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (2->1) [2013/11/07 14:24:58.479151, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:24:58.479484, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000191-0000-0000-7b52-aa947f2c0000 [2013/11/07 14:24:58.479761, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 91 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.479909, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 91 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.480055, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:24:58.480137, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (1->0) [2013/11/07 14:24:58.480242, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:24:58.480694, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:416(close_policy_by_pipe) Deleted handle list for RPC connection \winreg [2013/11/07 14:24:58.480925, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) spoolss_GetPrinter: struct spoolss_GetPrinter out: struct spoolss_GetPrinter info : * info : union spoolss_PrinterInfo(case 2) info2: struct spoolss_PrinterInfo2 servername : * servername : '\\SLAVER' printername : * printername : '\\SLAVER\sprinter1' sharename : * sharename : 'sprinter1' portname : * portname : 'Samba Printer Port' drivername : * drivername : '' comment : * comment : '' location : * location : '' devmode : * devmode: struct spoolss_DeviceMode devicename : '\\SLAVER\sprinter1' specversion : DMSPEC_NT4_AND_ABOVE (1025) driverversion : 0x0400 (1024) size : 0x00dc (220) __driverextra_length : 0x0000 (0) fields : 0x00014713 (83731) 1: DEVMODE_ORIENTATION 1: DEVMODE_PAPERSIZE 0: DEVMODE_PAPERLENGTH 0: DEVMODE_PAPERWIDTH 1: DEVMODE_SCALE 0: DEVMODE_POSITION 0: DEVMODE_NUP 1: DEVMODE_COPIES 1: DEVMODE_DEFAULTSOURCE 1: DEVMODE_PRINTQUALITY 0: DEVMODE_COLOR 0: DEVMODE_DUPLEX 0: DEVMODE_YRESOLUTION 1: DEVMODE_TTOPTION 0: DEVMODE_COLLATE 1: DEVMODE_FORMNAME 0: DEVMODE_LOGPIXELS 0: DEVMODE_BITSPERPEL 0: DEVMODE_PELSWIDTH 0: DEVMODE_PELSHEIGHT 0: DEVMODE_DISPLAYFLAGS 0: DEVMODE_DISPLAYFREQUENCY 0: DEVMODE_ICMMETHOD 0: DEVMODE_ICMINTENT 0: DEVMODE_MEDIATYPE 0: DEVMODE_DITHERTYPE 0: DEVMODE_PANNINGWIDTH 0: DEVMODE_PANNINGHEIGHT orientation : DMORIENT_PORTRAIT (1) papersize : DMPAPER_LETTER (1) paperlength : 0x0000 (0) paperwidth : 0x0000 (0) scale : 0x0064 (100) copies : 0x0001 (1) defaultsource : DMBIN_FORMSOURCE (15) printquality : DMRES_HIGH (65532) color : DMRES_MONOCHROME (1) duplex : DMDUP_SIMPLEX (1) yresolution : 0x0000 (0) ttoption : DMTT_SUBDEV (3) collate : DMCOLLATE_FALSE (0) formname : 'Letter' logpixels : 0x0000 (0) bitsperpel : 0x00000000 (0) pelswidth : 0x00000000 (0) pelsheight : 0x00000000 (0) displayflags : UNKNOWN_ENUM_VALUE (0) displayfrequency : 0x00000000 (0) icmmethod : UNKNOWN_ENUM_VALUE (0) icmintent : UNKNOWN_ENUM_VALUE (0) mediatype : UNKNOWN_ENUM_VALUE (0) dithertype : UNKNOWN_ENUM_VALUE (0) reserved1 : 0x00000000 (0) reserved2 : 0x00000000 (0) panningwidth : 0x00000000 (0) panningheight : 0x00000000 (0) driverextra_data : DATA_BLOB length=0 sepfile : * sepfile : '' printprocessor : * printprocessor : 'winprint' datatype : * datatype : 'RAW' parameters : * parameters : '' secdesc : * secdesc: struct security_descriptor revision : SECURITY_DESCRIPTOR_REVISION_1 (1) type : 0x8004 (32772) 0: SEC_DESC_OWNER_DEFAULTED 0: SEC_DESC_GROUP_DEFAULTED 1: SEC_DESC_DACL_PRESENT 0: SEC_DESC_DACL_DEFAULTED 0: SEC_DESC_SACL_PRESENT 0: SEC_DESC_SACL_DEFAULTED 0: SEC_DESC_DACL_TRUSTED 0: SEC_DESC_SERVER_SECURITY 0: SEC_DESC_DACL_AUTO_INHERIT_REQ 0: SEC_DESC_SACL_AUTO_INHERIT_REQ 0: SEC_DESC_DACL_AUTO_INHERITED 0: SEC_DESC_SACL_AUTO_INHERITED 0: SEC_DESC_DACL_PROTECTED 0: SEC_DESC_SACL_PROTECTED 0: SEC_DESC_RM_CONTROL_VALID 1: SEC_DESC_SELF_RELATIVE owner_sid : * owner_sid : S-1-5-32-544 group_sid : * group_sid : S-1-5-32-544 sacl : NULL dacl : * dacl: struct security_acl revision : SECURITY_ACL_REVISION_NT4 (2) size : 0x00c4 (196) num_aces : 0x00000007 (7) aces: ARRAY(7) aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0014 (20) access_mask : 0x20020008 (537001992) object : union security_ace_object_ctr(case 0) trustee : S-1-1-0 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x09 (9) 1: SEC_ACE_FLAG_OBJECT_INHERIT 0: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 1: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0024 (36) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-21-1094127309-486540266-3527182606-512 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0024 (36) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-21-1094127309-486540266-3527182606-512 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x09 (9) 1: SEC_ACE_FLAG_OBJECT_INHERIT 0: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 1: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-544 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-544 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x09 (9) 1: SEC_ACE_FLAG_OBJECT_INHERIT 0: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 1: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-550 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-550 attributes : 0x00001048 (4168) 0: PRINTER_ATTRIBUTE_QUEUED 0: PRINTER_ATTRIBUTE_DIRECT 0: PRINTER_ATTRIBUTE_DEFAULT 1: PRINTER_ATTRIBUTE_SHARED 0: PRINTER_ATTRIBUTE_NETWORK 0: PRINTER_ATTRIBUTE_HIDDEN 1: PRINTER_ATTRIBUTE_LOCAL 0: PRINTER_ATTRIBUTE_ENABLE_DEVQ 0: PRINTER_ATTRIBUTE_KEEPPRINTEDJOBS 0: PRINTER_ATTRIBUTE_DO_COMPLETE_FIRST 0: PRINTER_ATTRIBUTE_WORK_OFFLINE 0: PRINTER_ATTRIBUTE_ENABLE_BIDI 1: PRINTER_ATTRIBUTE_RAW_ONLY 0: PRINTER_ATTRIBUTE_PUBLISHED 0: PRINTER_ATTRIBUTE_FAX 0: PRINTER_ATTRIBUTE_TS priority : 0x00000001 (1) defaultpriority : 0x00000001 (1) starttime : 0x00000000 (0) untiltime : 0x00000000 (0) status : 0x00000000 (0) 0: PRINTER_STATUS_PAUSED 0: PRINTER_STATUS_ERROR 0: PRINTER_STATUS_PENDING_DELETION 0: PRINTER_STATUS_PAPER_JAM 0: PRINTER_STATUS_PAPER_OUT 0: PRINTER_STATUS_MANUAL_FEED 0: PRINTER_STATUS_PAPER_PROBLEM 0: PRINTER_STATUS_OFFLINE 0: PRINTER_STATUS_IO_ACTIVE 0: PRINTER_STATUS_BUSY 0: PRINTER_STATUS_PRINTING 0: PRINTER_STATUS_OUTPUT_BIN_FULL 0: PRINTER_STATUS_NOT_AVAILABLE 0: PRINTER_STATUS_WAITING 0: PRINTER_STATUS_PROCESSING 0: PRINTER_STATUS_INITIALIZING 0: PRINTER_STATUS_WARMING_UP 0: PRINTER_STATUS_TONER_LOW 0: PRINTER_STATUS_NO_TONER 0: PRINTER_STATUS_PAGE_PUNT 0: PRINTER_STATUS_USER_INTERVENTION 0: PRINTER_STATUS_OUT_OF_MEMORY 0: PRINTER_STATUS_DOOR_OPEN 0: PRINTER_STATUS_SERVER_UNKNOWN 0: PRINTER_STATUS_POWER_SAVE cjobs : 0x00000000 (0) averageppm : 0x00000000 (0) needed : * needed : 0x000002f0 (752) result : WERR_OK [2013/11/07 14:24:58.492413, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1417(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2013/11/07 14:24:58.492540, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (2016, 5001) - sec_ctx_stack_ndx = 0 [2013/11/07 14:24:58.492628, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 4140 smbd_smb2_request_pending_queue: req->current_idx = 1 req->in.vector[0].iov_len = 0 req->in.vector[1].iov_len = 0 req->in.vector[2].iov_len = 64 req->in.vector[3].iov_len = 56 req->in.vector[4].iov_len = 4156 req->out.vector[0].iov_len = 4 req->out.vector[1].iov_len = 0 req->out.vector[2].iov_len = 64 req->out.vector[3].iov_len = 8 req->out.vector[4].iov_len = 0 [2013/11/07 14:24:58.493130, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:128(smbd_smb2_ioctl_pipe_write_done) smbd_smb2_ioctl_pipe_write_done: received 4156 [2013/11/07 14:24:58.493214, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:149(smbd_smb2_ioctl_pipe_write_done) smbd_smb2_ioctl_pipe_write_done: issuing np_read_send of size 4136 [2013/11/07 14:24:58.493310, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) name: \spoolss len: 4136 [2013/11/07 14:24:58.493394, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:347(read_from_internal_pipe) read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 4112. [2013/11/07 14:24:58.493492, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x1028 (4136) auth_length : 0x0000 (0) call_id : 0x00000004 (4) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00001010 (4112) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=4112 [0000] 04 00 02 00 00 10 00 00 EE 0F 00 00 C8 0F 00 00 ........ ........ [0010] B4 0F 00 00 8E 0F 00 00 8C 0F 00 00 8A 0F 00 00 ........ ........ [0020] 88 0F 00 00 8C 0E 00 00 86 0F 00 00 74 0F 00 00 ........ ....t... [0030] 6C 0F 00 00 6A 0F 00 00 94 0D 00 00 48 10 00 00 l...j... ....H... [0040] 01 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 01 00 04 80 ........ ........ [0DA0] D8 00 00 00 E8 00 00 00 00 00 00 00 14 00 00 00 ........ ........ [0DB0] 02 00 C4 00 07 00 00 00 00 02 14 00 08 00 02 20 ........ ....... [0DC0] 01 01 00 00 00 00 00 01 00 00 00 00 00 09 24 00 ........ ......$. [0DD0] 0C 00 0F 10 01 05 00 00 00 00 00 05 15 00 00 00 ........ ........ [0DE0] CD 0E 37 41 EA 03 00 1D 0E 89 3C D2 00 02 00 00 ..7A.... ..<..... [0DF0] 00 02 24 00 0C 00 0F 10 01 05 00 00 00 00 00 05 ..$..... ........ [0E00] 15 00 00 00 CD 0E 37 41 EA 03 00 1D 0E 89 3C D2 ......7A ......<. [0E10] 00 02 00 00 00 09 18 00 0C 00 0F 10 01 02 00 00 ........ ........ [0E20] 00 00 00 05 20 00 00 00 20 02 00 00 00 02 18 00 .... ... ....... [0E30] 0C 00 0F 10 01 02 00 00 00 00 00 05 20 00 00 00 ........ .... ... [0E40] 20 02 00 00 00 09 18 00 0C 00 0F 10 01 02 00 00 ....... ........ [0E50] 00 00 00 05 20 00 00 00 26 02 00 00 00 02 18 00 .... ... &....... [0E60] 0C 00 0F 10 01 02 00 00 00 00 00 05 20 00 00 00 ........ .... ... [0E70] 26 02 00 00 01 02 00 00 00 00 00 05 20 00 00 00 &....... .... ... [0E80] 20 02 00 00 01 02 00 00 00 00 00 05 20 00 00 00 ....... .... ... [0E90] 20 02 00 00 5C 00 5C 00 53 00 4C 00 41 00 56 00 ...\.\. S.L.A.V. [0EA0] 45 00 52 00 5C 00 73 00 70 00 72 00 69 00 6E 00 E.R.\.s. p.r.i.n. [0EB0] 74 00 65 00 72 00 31 00 00 00 00 00 00 00 00 00 t.e.r.1. ........ [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0ED0] 00 00 00 00 01 04 00 04 DC 00 00 00 13 47 01 00 ........ .....G.. [0EE0] 01 00 01 00 00 00 00 00 64 00 01 00 0F 00 FC FF ........ d....... [0EF0] 01 00 01 00 00 00 03 00 00 00 4C 00 65 00 74 00 ........ ..L.e.t. [0F00] 74 00 65 00 72 00 00 00 00 00 00 00 00 00 00 00 t.e.r... ........ [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F70] 00 00 00 00 52 00 41 00 57 00 00 00 77 00 69 00 ....R.A. W...w.i. [0F80] 6E 00 70 00 72 00 69 00 6E 00 74 00 00 00 00 00 n.p.r.i. n.t..... [0F90] 00 00 00 00 00 00 53 00 61 00 6D 00 62 00 61 00 ......S. a.m.b.a. [0FA0] 20 00 50 00 72 00 69 00 6E 00 74 00 65 00 72 00 .P.r.i. n.t.e.r. [0FB0] 20 00 50 00 6F 00 72 00 74 00 00 00 73 00 70 00 .P.o.r. t...s.p. [0FC0] 72 00 69 00 6E 00 74 00 65 00 72 00 31 00 00 00 r.i.n.t. e.r.1... [0FD0] 5C 00 5C 00 53 00 4C 00 41 00 56 00 45 00 52 00 \.\.S.L. A.V.E.R. [0FE0] 5C 00 73 00 70 00 72 00 69 00 6E 00 74 00 65 00 \.s.p.r. i.n.t.e. [0FF0] 72 00 31 00 00 00 5C 00 5C 00 53 00 4C 00 41 00 r.1...\. \.S.L.A. [1000] 56 00 45 00 52 00 00 00 F0 02 00 00 00 00 00 00 V.E.R... ........ [2013/11/07 14:24:58.511954, 3, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) free_pipe_context: destroying talloc pool of size 1258 [2013/11/07 14:24:58.512073, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 4136 bytes. There is no more data outstanding [2013/11/07 14:24:58.512156, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:178(smbd_smb2_ioctl_pipe_read_done) smbd_smb2_ioctl_pipe_read_done: np_read_recv nread = 4136 is_data_outstanding = 0, status = NT_STATUS_OK [2013/11/07 14:24:58.512244, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl.c:291(smbd_smb2_request_ioctl_done) smbd_smb2_request_ioctl_done: smbd_smb2_ioctl_recv returned 4136 status NT_STATUS_OK [2013/11/07 14:24:58.512327, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[48] dyn[yes:4136] at ../source3/smbd/smb2_ioctl.c:358 [2013/11/07 14:24:58.512455, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/228/127 [2013/11/07 14:24:58.512711, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) smbd_smb2_request_incoming: idx[1] of 5 vectors [2013/11/07 14:24:58.512803, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) smb2_validate_sequence_number: clearing id 228 (position 228) from bitmap [2013/11/07 14:24:58.512888, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) smbd_smb2_request_dispatch: opcode[SMB2_OP_READ] mid = 228 [2013/11/07 14:24:58.512993, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2013/11/07 14:24:58.513086, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) mid 228, CreditCharge: 1, NeededCharge: 1 [2013/11/07 14:24:58.513168, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_read.c:400(smbd_smb2_read_send) smbd_smb2_read: spoolss - fnum 3073839284 [2013/11/07 14:24:58.513259, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) name: \spoolss len: 1024 [2013/11/07 14:24:58.513358, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:326(read_from_internal_pipe) read_from_pipe: \spoolss: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. [2013/11/07 14:24:58.513443, 3, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) free_pipe_context: destroying talloc pool of size 25 smbd_smb2_request_pending_queue: req->current_idx = 1 req->in.vector[0].iov_len = 0 req->in.vector[1].iov_len = 0 req->in.vector[2].iov_len = 64 req->in.vector[3].iov_len = 48 req->in.vector[4].iov_len = 1 req->out.vector[0].iov_len = 4 req->out.vector[1].iov_len = 0 req->out.vector[2].iov_len = 64 req->out.vector[3].iov_len = 8 req->out.vector[4].iov_len = 0 [2013/11/07 14:24:58.513978, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 68 bytes. There is no more data outstanding [2013/11/07 14:24:58.514063, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[16] dyn[yes:68] at ../source3/smbd/smb2_read.c:154 [2013/11/07 14:24:58.514147, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/229/127 [2013/11/07 14:24:58.514334, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) smbd_smb2_request_incoming: idx[1] of 5 vectors [2013/11/07 14:24:58.514424, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) smb2_validate_sequence_number: clearing id 229 (position 229) from bitmap [2013/11/07 14:24:58.514506, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) smbd_smb2_request_dispatch: opcode[SMB2_OP_CREATE] mid = 229 [2013/11/07 14:24:58.514599, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2013/11/07 14:24:58.514708, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_create.c:451(smbd_smb2_create_send) smbd_smb2_create: name[spoolss] [2013/11/07 14:24:58.514802, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap.c:187(dbwrap_check_lock_order) check lock order 1 for /var/run/samba/smbXsrv_open_global.tdb [2013/11/07 14:24:58.514883, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) lock order: 1:/var/run/samba/smbXsrv_open_global.tdb 2: 3: [2013/11/07 14:24:58.514969, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) Locking key BF5E0B1C [2013/11/07 14:24:58.515062, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap_tdb.c:143(db_tdb_fetch_locked_internal) Allocated locked data 0x0xb8230c88 [2013/11/07 14:24:58.515213, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smbXsrv_open.c:695(smbXsrv_open_global_store) [2013/11/07 14:24:58.515260, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smbXsrv_open.c:697(smbXsrv_open_global_store) smbXsrv_open_global_store: key 'BF5E0B1C' stored [2013/11/07 14:24:58.515342, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) &global_blob: struct smbXsrv_open_globalB version : SMBXSRV_VERSION_0 (0) seqnum : 0x00000001 (1) info : union smbXsrv_open_globalU(case 0) info0 : * info0: struct smbXsrv_open_global0 db_rec : * server_id: struct server_id pid : 0x0000000000002c7f (11391) task_id : 0x00000000 (0) vnn : 0xffffffff (4294967295) unique_id : 0xf0a57ba60aba1420 (-1106342180374834144) open_global_id : 0xbf5e0b1c (3210611484) open_persistent_id : 0x00000000bf5e0b1c (3210611484) open_volatile_id : 0x0000000024cca6c9 (617391817) open_owner : S-1-5-21-1094127309-486540266-3527182606-1118 open_time : Do Nov 7 14:24:59 2013 CET create_guid : 00000000-0000-0000-0000-000000000000 client_guid : 4a76dfb5-4795-11e3-be7a-5254003f141e app_instance_id : 00000000-0000-0000-0000-000000000000 disconnect_time : NTTIME(0) durable_timeout_msec : 0x00000000 (0) durable : 0x00 (0) backend_cookie : DATA_BLOB length=0 [2013/11/07 14:24:58.516476, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) Unlocking key BF5E0B1C [2013/11/07 14:24:58.516563, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor) release lock order 1 for /var/run/samba/smbXsrv_open_global.tdb [2013/11/07 14:24:58.516644, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) lock order: 1: 2: 3: [2013/11/07 14:24:58.516727, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smbXsrv_open.c:862(smbXsrv_open_create) [2013/11/07 14:24:58.516772, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smbXsrv_open.c:870(smbXsrv_open_create) smbXsrv_open_create: global_id (0xbf5e0b1c) stored [2013/11/07 14:24:58.516852, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) &open_blob: struct smbXsrv_openB version : SMBXSRV_VERSION_0 (0) reserved : 0x00000000 (0) info : union smbXsrv_openU(case 0) info0 : * info0: struct smbXsrv_open table : * db_rec : NULL local_id : 0x24cca6c9 (617391817) global : * global: struct smbXsrv_open_global0 db_rec : NULL server_id: struct server_id pid : 0x0000000000002c7f (11391) task_id : 0x00000000 (0) vnn : 0xffffffff (4294967295) unique_id : 0xf0a57ba60aba1420 (-1106342180374834144) open_global_id : 0xbf5e0b1c (3210611484) open_persistent_id : 0x00000000bf5e0b1c (3210611484) open_volatile_id : 0x0000000024cca6c9 (617391817) open_owner : S-1-5-21-1094127309-486540266-3527182606-1118 open_time : Do Nov 7 14:24:59 2013 CET create_guid : 00000000-0000-0000-0000-000000000000 client_guid : 4a76dfb5-4795-11e3-be7a-5254003f141e app_instance_id : 00000000-0000-0000-0000-000000000000 disconnect_time : NTTIME(0) durable_timeout_msec : 0x00000000 (0) durable : 0x00 (0) backend_cookie : DATA_BLOB length=0 status : NT_STATUS_OK idle_time : Do Nov 7 14:24:59 2013 CET compat : NULL [2013/11/07 14:24:58.518207, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/files.c:125(file_new) allocated file structure fnum 617391817 (5 used) [2013/11/07 14:24:58.518300, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/files.c:713(file_name_hash) file_name_hash: /tmp/spoolss hash 0x7d4e46e5 [2013/11/07 14:24:58.518409, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) Create pipe requested \spoolss [2013/11/07 14:24:58.518500, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 20 for pipe \spoolss [2013/11/07 14:24:58.518652, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) Created internal pipe \spoolss [2013/11/07 14:24:58.518738, 8, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/dosmode.c:631(dos_mode) dos_mode: spoolss [2013/11/07 14:24:58.518838, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_create.c:1053(smbd_smb2_create_send) smbd_smb2_create_send: spoolss - fnum 617391817 [2013/11/07 14:24:58.518942, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[88] dyn[yes:0] at ../source3/smbd/smb2_create.c:369 [2013/11/07 14:24:58.519028, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/230/127 [2013/11/07 14:24:58.519205, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) smbd_smb2_request_incoming: idx[1] of 5 vectors [2013/11/07 14:24:58.519291, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) smb2_validate_sequence_number: clearing id 230 (position 230) from bitmap [2013/11/07 14:24:58.519391, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) smbd_smb2_request_dispatch: opcode[SMB2_OP_IOCTL] mid = 230 [2013/11/07 14:24:58.519487, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2013/11/07 14:24:58.519575, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) mid 230, CreditCharge: 1, NeededCharge: 1 [2013/11/07 14:24:58.519658, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl.c:394(smbd_smb2_ioctl_send) smbd_smb2_ioctl: ctl_code[0x0011c017] spoolss, fnum 3073839284 [2013/11/07 14:24:58.519745, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:59(smb2_ioctl_named_pipe) smbd_smb2_ioctl_send: np_write_send of size 192 [2013/11/07 14:24:58.519827, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 192 [2013/11/07 14:24:58.519909, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 192 [2013/11/07 14:24:58.519990, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 192 [2013/11/07 14:24:58.520072, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) fill_rpc_header: data_to_copy = 192, len_needed_to_complete_hdr = 16, receive_len = 0 [2013/11/07 14:24:58.520155, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 16 [2013/11/07 14:24:58.520235, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 176 [2013/11/07 14:24:58.520314, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 176 [2013/11/07 14:24:58.520430, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 0 [2013/11/07 14:24:58.520514, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 176 [2013/11/07 14:24:58.520594, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 176, incoming data = 176 [2013/11/07 14:24:58.520678, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) PDU is in Little Endian format! [2013/11/07 14:24:58.520768, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x00c0 (192) auth_length : 0x0000 (0) call_id : 0x00000002 (2) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x000000a8 (168) context_id : 0x0000 (0) opnum : 0x0045 (69) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=168 [0000] 00 00 02 00 13 00 00 00 00 00 00 00 13 00 00 00 ........ ........ [0010] 5C 00 5C 00 53 00 4C 00 41 00 56 00 45 00 52 00 \.\.S.L. A.V.E.R. [0020] 5C 00 73 00 70 00 72 00 69 00 6E 00 74 00 65 00 \.s.p.r. i.n.t.e. [0030] 72 00 31 00 00 00 00 00 00 00 00 00 00 00 00 00 r.1..... ........ [0040] 00 00 00 00 00 00 00 00 01 00 00 00 01 00 00 00 ........ ........ [0050] 04 00 02 00 28 00 00 00 08 00 02 00 0C 00 02 00 ....(... ........ [0060] 80 25 00 00 03 00 00 00 00 00 00 00 09 00 00 00 .%...... ........ [0070] 05 00 00 00 00 00 00 00 05 00 00 00 57 00 49 00 ........ ....W.I. [0080] 4E 00 38 00 00 00 00 00 0A 00 00 00 00 00 00 00 N.8..... ........ [0090] 0A 00 00 00 46 00 46 00 46 00 5C 00 74 00 65 00 ....F.F. F.\.t.e. [00A0] 73 00 74 00 38 00 00 00 s.t.8... [2013/11/07 14:24:58.522483, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) Processing packet type 0 [2013/11/07 14:24:58.522565, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1472(dcesrv_auth_request) Checking request auth. [2013/11/07 14:24:58.522651, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(2016, 5001) : sec_ctx_stack_ndx = 1 [2013/11/07 14:24:58.522742, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (2016, 5001) - sec_ctx_stack_ndx = 1 [2013/11/07 14:24:58.522826, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (7): SID[ 0]: S-1-5-21-1094127309-486540266-3527182606-1118 SID[ 1]: S-1-5-21-1094127309-486540266-3527182606-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-32-545 SID[ 6]: S-1-5-32-554 Privileges (0x 800000): Privilege[ 0]: SeChangeNotifyPrivilege Rights (0x 400): Right[ 0]: SeRemoteInteractiveLogonRight [2013/11/07 14:24:58.523309, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 2016 Primary group is 5001 and contains 6 supplementary groups Group[ 0]: 5001 Group[ 1]: 5012 Group[ 2]: 5032 Group[ 3]: 5010 Group[ 4]: 5067 Group[ 5]: 5052 [2013/11/07 14:24:58.523652, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1324(api_pipe_request) Requested \spoolss rpc service [2013/11/07 14:24:58.523737, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1356(api_rpcTNP) api_rpcTNP: \spoolss op 0x45 - api_rpcTNP: rpc command: SPOOLSS_OPENPRINTEREX [2013/11/07 14:24:58.523851, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1390(api_rpcTNP) api_rpc_cmds[69].fn == 0xb7662e70 [2013/11/07 14:24:58.523945, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) spoolss_OpenPrinterEx: struct spoolss_OpenPrinterEx in: struct spoolss_OpenPrinterEx printername : * printername : '\\SLAVER\sprinter1' datatype : NULL devmode_ctr: struct spoolss_DevmodeContainer _ndr_size : 0x00000000 (0) devmode : NULL access_mask : 0x00000000 (0) 0: SERVER_ACCESS_ADMINISTER 0: SERVER_ACCESS_ENUMERATE 0: PRINTER_ACCESS_ADMINISTER 0: PRINTER_ACCESS_USE 0: JOB_ACCESS_ADMINISTER 0: JOB_ACCESS_READ userlevel_ctr: struct spoolss_UserLevelCtr level : 0x00000001 (1) user_info : union spoolss_UserLevel(case 1) level1 : * level1: struct spoolss_UserLevel1 size : 0x00000028 (40) client : * client : 'WIN8' user : * user : 'FFF\test8' build : 0x00002580 (9600) major : UNKNOWN_ENUM_VALUE (3) minor : SPOOLSS_MINOR_VERSION_0 (0) processor : PROCESSOR_ARCHITECTURE_AMD64 (9) checking name: \\SLAVER\sprinter1 [2013/11/07 14:24:58.525262, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:737(open_printer_hnd) open_printer_hnd: name [\\SLAVER\sprinter1] [2013/11/07 14:24:58.525374, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[4] [0000] 00 00 00 00 95 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.525529, 3, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:506(set_printer_hnd_printertype) Setting printer type=\\SLAVER\sprinter1 Printer is a printer [2013/11/07 14:24:58.525647, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:566(set_printer_hnd_name) Setting printer name=\\SLAVER\sprinter1 (len=18) searching for [sprinter1] [2013/11/07 14:24:58.525859, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=tdb] ../source3/lib/gencache.c:275(gencache_set_data_blob) Did not store value for PRINTERNAME/sprinter1, we already got it set_printer_hnd_name: Printer found: sprinter1 -> sprinter1 [2013/11/07 14:24:58.525978, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:773(open_printer_hnd) 4 printer handles active [2013/11/07 14:24:58.526060, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 95 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.526212, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 95 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.526362, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:489(get_printer_snum) short name:sprinter1 [2013/11/07 14:24:58.526464, 3, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/access.c:338(allow_access) Allowed connection from 10.200.7.61 (10.200.7.61) [2013/11/07 14:24:58.526674, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/share_access.c:237(user_ok_token) user_ok_token: share sprinter1 is ok for unix user test8 [2013/11/07 14:24:58.526844, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) Create pipe requested \winreg [2013/11/07 14:24:58.526934, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:221(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \winreg [2013/11/07 14:24:58.527017, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg [2013/11/07 14:24:58.527135, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) Created internal pipe \winreg [2013/11/07 14:24:58.527240, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:24:58.527746, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2013/11/07 14:24:58.527832, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(2016, 5001) : sec_ctx_stack_ndx = 2 [2013/11/07 14:24:58.527919, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:485(push_conn_ctx) push_conn_ctx(2620291195) : conn_ctx_stack_ndx = 0 [2013/11/07 14:24:58.528001, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/11/07 14:24:58.528081, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/11/07 14:24:58.528161, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/11/07 14:24:58.528439, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (2016, 5001) - sec_ctx_stack_ndx = 1 [2013/11/07 14:24:58.528530, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:866(regdb_open) regdb_open: registry db opened. refcount reset (1) [2013/11/07 14:24:58.528617, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2013/11/07 14:24:58.528697, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2013/11/07 14:24:58.528781, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:58.528860, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM] [2013/11/07 14:24:58.528986, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2013/11/07 14:24:58.529104, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:24:58.529191, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 96 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.529360, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000196-0000-0000-7b52-aa947f2c0000 result : WERR_OK [2013/11/07 14:24:58.529716, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000196-0000-0000-7b52-aa947f2c0000 keyname: struct winreg_String name_len : 0x008c (140) name_size : 0x008c (140) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:24:58.530724, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 96 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.530879, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2013/11/07 14:24:58.530961, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (1->2) [2013/11/07 14:24:58.531045, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2013/11/07 14:24:58.531125, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2013/11/07 14:24:58.531209, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:58.531288, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE] [2013/11/07 14:24:58.531399, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2013/11/07 14:24:58.531514, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2013/11/07 14:24:58.531597, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (2->3) [2013/11/07 14:24:58.531681, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:58.531761, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:58.531845, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:58.531924, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:58.532029, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:58.532128, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2013/11/07 14:24:58.532210, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (3->4) [2013/11/07 14:24:58.532294, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:58.532374, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:58.532499, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:58.532579, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:58.532681, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:58.532783, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2013/11/07 14:24:58.532866, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (4->5) [2013/11/07 14:24:58.532951, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:58.533030, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:58.533115, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:58.533194, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:58.533370, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2013/11/07 14:24:58.533454, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (5->6) [2013/11/07 14:24:58.533538, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:58.533619, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:58.533707, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:58.533786, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:58.533894, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2013/11/07 14:24:58.533976, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (6->7) [2013/11/07 14:24:58.534063, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:58.534143, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:58.534231, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:58.534457, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:58.534566, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:58.534670, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [sprinter1] [2013/11/07 14:24:58.534752, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (7->8) [2013/11/07 14:24:58.534838, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:58.534920, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:58.535010, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:58.535104, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:58.535231, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:58.535335, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:24:58.535420, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (8->7) [2013/11/07 14:24:58.535504, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (7->6) [2013/11/07 14:24:58.535588, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (6->5) [2013/11/07 14:24:58.535671, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (5->4) [2013/11/07 14:24:58.535754, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (4->3) [2013/11/07 14:24:58.535837, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (3->2) [2013/11/07 14:24:58.535921, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 97 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.536071, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000197-0000-0000-7b52-aa947f2c0000 result : WERR_OK [2013/11/07 14:24:58.536467, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000197-0000-0000-7b52-aa947f2c0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2013/11/07 14:24:58.537243, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 97 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.537428, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:58.537510, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2013/11/07 14:24:58.537593, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' (ops 0xb6d86bc0) [2013/11/07 14:24:58.537677, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:58.537796, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[0]: name[Attributes] len[4] [2013/11/07 14:24:58.537881, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[1]: name[Description] len[2] [2013/11/07 14:24:58.537965, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[2]: name[Datatype] len[8] [2013/11/07 14:24:58.538049, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[3]: name[Default Priority] len[4] [2013/11/07 14:24:58.538133, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[4]: name[Port] len[38] [2013/11/07 14:24:58.538217, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[5]: name[Name] len[20] [2013/11/07 14:24:58.538301, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[6]: name[Print Processor] len[18] [2013/11/07 14:24:58.538385, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[7]: name[Priority] len[4] [2013/11/07 14:24:58.538470, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[8]: name[Security] len[248] [2013/11/07 14:24:58.538554, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[9]: name[Share Name] len[20] [2013/11/07 14:24:58.538639, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[10]: name[StartTime] len[4] [2013/11/07 14:24:58.538724, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[11]: name[UntilTime] len[4] [2013/11/07 14:24:58.538809, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[12]: name[ChangeID] len[4] [2013/11/07 14:24:58.538909, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : NULL data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x00000000 (0) result : WERR_OK [2013/11/07 14:24:58.539358, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000197-0000-0000-7b52-aa947f2c0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_BINARY (3) data : * data: ARRAY(0) data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x00000000 (0) [2013/11/07 14:24:58.540164, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 97 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.540313, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:58.540426, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2013/11/07 14:24:58.540519, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : * data: ARRAY(248) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0xc4 (196) [55] : 0x00 (0) [56] : 0x07 (7) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x24 (36) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x05 (5) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x15 (21) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0xcd (205) [101] : 0x0e (14) [102] : 0x37 (55) [103] : 0x41 (65) [104] : 0xea (234) [105] : 0x03 (3) [106] : 0x00 (0) [107] : 0x1d (29) [108] : 0x0e (14) [109] : 0x89 (137) [110] : 0x3c (60) [111] : 0xd2 (210) [112] : 0x00 (0) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x02 (2) [118] : 0x24 (36) [119] : 0x00 (0) [120] : 0x0c (12) [121] : 0x00 (0) [122] : 0x0f (15) [123] : 0x10 (16) [124] : 0x01 (1) [125] : 0x05 (5) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x05 (5) [132] : 0x15 (21) [133] : 0x00 (0) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0xcd (205) [137] : 0x0e (14) [138] : 0x37 (55) [139] : 0x41 (65) [140] : 0xea (234) [141] : 0x03 (3) [142] : 0x00 (0) [143] : 0x1d (29) [144] : 0x0e (14) [145] : 0x89 (137) [146] : 0x3c (60) [147] : 0xd2 (210) [148] : 0x00 (0) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x09 (9) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x20 (32) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x02 (2) [178] : 0x18 (24) [179] : 0x00 (0) [180] : 0x0c (12) [181] : 0x00 (0) [182] : 0x0f (15) [183] : 0x10 (16) [184] : 0x01 (1) [185] : 0x02 (2) [186] : 0x00 (0) [187] : 0x00 (0) [188] : 0x00 (0) [189] : 0x00 (0) [190] : 0x00 (0) [191] : 0x05 (5) [192] : 0x20 (32) [193] : 0x00 (0) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x20 (32) [197] : 0x02 (2) [198] : 0x00 (0) [199] : 0x00 (0) [200] : 0x00 (0) [201] : 0x09 (9) [202] : 0x18 (24) [203] : 0x00 (0) [204] : 0x0c (12) [205] : 0x00 (0) [206] : 0x0f (15) [207] : 0x10 (16) [208] : 0x01 (1) [209] : 0x02 (2) [210] : 0x00 (0) [211] : 0x00 (0) [212] : 0x00 (0) [213] : 0x00 (0) [214] : 0x00 (0) [215] : 0x05 (5) [216] : 0x20 (32) [217] : 0x00 (0) [218] : 0x00 (0) [219] : 0x00 (0) [220] : 0x26 (38) [221] : 0x02 (2) [222] : 0x00 (0) [223] : 0x00 (0) [224] : 0x00 (0) [225] : 0x02 (2) [226] : 0x18 (24) [227] : 0x00 (0) [228] : 0x0c (12) [229] : 0x00 (0) [230] : 0x0f (15) [231] : 0x10 (16) [232] : 0x01 (1) [233] : 0x02 (2) [234] : 0x00 (0) [235] : 0x00 (0) [236] : 0x00 (0) [237] : 0x00 (0) [238] : 0x00 (0) [239] : 0x05 (5) [240] : 0x20 (32) [241] : 0x00 (0) [242] : 0x00 (0) [243] : 0x00 (0) [244] : 0x26 (38) [245] : 0x02 (2) [246] : 0x00 (0) [247] : 0x00 (0) data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x000000f8 (248) result : WERR_OK [2013/11/07 14:24:58.550685, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000197-0000-0000-7b52-aa947f2c0000 [2013/11/07 14:24:58.550969, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 97 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.551120, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 97 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.551270, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:24:58.551356, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (2->1) [2013/11/07 14:24:58.551440, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:24:58.551776, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000196-0000-0000-7b52-aa947f2c0000 [2013/11/07 14:24:58.552055, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 96 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.552220, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 96 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.552370, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:24:58.552479, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (1->0) [2013/11/07 14:24:58.552579, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:24:58.552913, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:416(close_policy_by_pipe) Deleted handle list for RPC connection \winreg [2013/11/07 14:24:58.553004, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x20020008 to 0x00020008 [2013/11/07 14:24:58.553085, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2013/11/07 14:24:58.553165, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2013/11/07 14:24:58.553245, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2013/11/07 14:24:58.553337, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2013/11/07 14:24:58.553417, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2013/11/07 14:24:58.553497, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2013/11/07 14:24:58.553579, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/printing/nt_printing.c:1844(print_access_check) access check was SUCCESS [2013/11/07 14:24:58.553663, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:1921(_spoolss_OpenPrinterEx) Setting printer access = PRINTER_ACCESS_USE [2013/11/07 14:24:58.553810, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) Create pipe requested \winreg [2013/11/07 14:24:58.553902, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:221(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \winreg [2013/11/07 14:24:58.553985, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg [2013/11/07 14:24:58.554115, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) Created internal pipe \winreg [2013/11/07 14:24:58.554215, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:24:58.554729, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2013/11/07 14:24:58.554813, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(2016, 5001) : sec_ctx_stack_ndx = 2 [2013/11/07 14:24:58.554901, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:485(push_conn_ctx) push_conn_ctx(2620291195) : conn_ctx_stack_ndx = 0 [2013/11/07 14:24:58.554983, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/11/07 14:24:58.555063, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/11/07 14:24:58.555142, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/11/07 14:24:58.555364, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (2016, 5001) - sec_ctx_stack_ndx = 1 [2013/11/07 14:24:58.555447, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:866(regdb_open) regdb_open: registry db opened. refcount reset (1) [2013/11/07 14:24:58.555532, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2013/11/07 14:24:58.555612, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2013/11/07 14:24:58.555693, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:58.555773, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM] [2013/11/07 14:24:58.555892, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2013/11/07 14:24:58.555993, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:24:58.556080, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 98 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.556231, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000198-0000-0000-7b52-aa947f2c0000 result : WERR_OK [2013/11/07 14:24:58.556659, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000198-0000-0000-7b52-aa947f2c0000 keyname: struct winreg_String name_len : 0x008c (140) name_size : 0x008c (140) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:24:58.557696, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 98 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.557857, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2013/11/07 14:24:58.557941, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (1->2) [2013/11/07 14:24:58.558025, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2013/11/07 14:24:58.558104, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2013/11/07 14:24:58.558188, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:58.558269, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE] [2013/11/07 14:24:58.558381, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2013/11/07 14:24:58.558482, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2013/11/07 14:24:58.558564, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (2->3) [2013/11/07 14:24:58.558648, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:58.558727, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:58.558810, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:58.558903, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:58.559008, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:58.559107, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2013/11/07 14:24:58.559190, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (3->4) [2013/11/07 14:24:58.559275, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:58.559354, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:58.559438, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:58.559517, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:58.559619, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:58.559719, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2013/11/07 14:24:58.559800, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (4->5) [2013/11/07 14:24:58.559887, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:58.559966, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:58.560051, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:58.560130, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:58.560252, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2013/11/07 14:24:58.560335, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (5->6) [2013/11/07 14:24:58.560532, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:58.560615, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:58.560716, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:58.560795, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:58.560905, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2013/11/07 14:24:58.560987, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (6->7) [2013/11/07 14:24:58.561072, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:58.561154, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:58.561243, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:58.561338, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:58.561444, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:58.561546, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [sprinter1] [2013/11/07 14:24:58.561628, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (7->8) [2013/11/07 14:24:58.561715, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:58.561796, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:58.561883, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:58.561962, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:58.562087, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:58.562190, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:24:58.562274, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (8->7) [2013/11/07 14:24:58.562370, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (7->6) [2013/11/07 14:24:58.562454, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (6->5) [2013/11/07 14:24:58.562537, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (5->4) [2013/11/07 14:24:58.562621, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (4->3) [2013/11/07 14:24:58.562703, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (3->2) [2013/11/07 14:24:58.562788, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 99 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.562937, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000199-0000-0000-7b52-aa947f2c0000 result : WERR_OK [2013/11/07 14:24:58.563276, 2, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/rpc_client/cli_winreg_spoolss.c:626(winreg_create_printer) winreg_create_printer: Skipping, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1 already exists [2013/11/07 14:24:58.563373, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000199-0000-0000-7b52-aa947f2c0000 [2013/11/07 14:24:58.563653, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 99 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.563800, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 99 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.563947, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:24:58.564028, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (2->1) [2013/11/07 14:24:58.564110, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:24:58.564480, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000198-0000-0000-7b52-aa947f2c0000 [2013/11/07 14:24:58.564773, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 98 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.564924, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 98 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.565074, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:24:58.565155, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (1->0) [2013/11/07 14:24:58.565252, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:24:58.565599, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:416(close_policy_by_pipe) Deleted handle list for RPC connection \winreg [2013/11/07 14:24:58.565689, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) spoolss_OpenPrinterEx: struct spoolss_OpenPrinterEx out: struct spoolss_OpenPrinterEx handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000195-0000-0000-7b52-aa947f2c0000 result : WERR_OK [2013/11/07 14:24:58.566016, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1417(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2013/11/07 14:24:58.566114, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (2016, 5001) - sec_ctx_stack_ndx = 0 [2013/11/07 14:24:58.566201, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 176 smbd_smb2_request_pending_queue: req->current_idx = 1 req->in.vector[0].iov_len = 0 req->in.vector[1].iov_len = 0 req->in.vector[2].iov_len = 64 req->in.vector[3].iov_len = 56 req->in.vector[4].iov_len = 192 req->out.vector[0].iov_len = 4 req->out.vector[1].iov_len = 0 req->out.vector[2].iov_len = 64 req->out.vector[3].iov_len = 8 req->out.vector[4].iov_len = 0 [2013/11/07 14:24:58.566695, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:128(smbd_smb2_ioctl_pipe_write_done) smbd_smb2_ioctl_pipe_write_done: received 192 [2013/11/07 14:24:58.566778, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:149(smbd_smb2_ioctl_pipe_write_done) smbd_smb2_ioctl_pipe_write_done: issuing np_read_send of size 1024 [2013/11/07 14:24:58.566863, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) name: \spoolss len: 1024 [2013/11/07 14:24:58.566961, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:347(read_from_internal_pipe) read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 24. [2013/11/07 14:24:58.567056, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0030 (48) auth_length : 0x0000 (0) call_id : 0x00000002 (2) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00000018 (24) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=24 [0000] 00 00 00 00 95 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 00 00 00 00 .,...... [2013/11/07 14:24:58.567992, 3, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) free_pipe_context: destroying talloc pool of size 61 [2013/11/07 14:24:58.568084, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 48 bytes. There is no more data outstanding [2013/11/07 14:24:58.568166, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:178(smbd_smb2_ioctl_pipe_read_done) smbd_smb2_ioctl_pipe_read_done: np_read_recv nread = 48 is_data_outstanding = 0, status = NT_STATUS_OK [2013/11/07 14:24:58.568253, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl.c:291(smbd_smb2_request_ioctl_done) smbd_smb2_request_ioctl_done: smbd_smb2_ioctl_recv returned 48 status NT_STATUS_OK [2013/11/07 14:24:58.568336, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[48] dyn[yes:48] at ../source3/smbd/smb2_ioctl.c:358 [2013/11/07 14:24:58.568474, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/231/127 [2013/11/07 14:24:58.568661, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) smbd_smb2_request_incoming: idx[1] of 5 vectors [2013/11/07 14:24:58.568761, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) smb2_validate_sequence_number: clearing id 231 (position 231) from bitmap [2013/11/07 14:24:58.568845, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) smbd_smb2_request_dispatch: opcode[SMB2_OP_WRITE] mid = 231 [2013/11/07 14:24:58.568948, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2013/11/07 14:24:58.569040, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) mid 231, CreditCharge: 1, NeededCharge: 1 [2013/11/07 14:24:58.569139, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_write.c:271(smbd_smb2_write_send) smbd_smb2_write: spoolss - fnum 617391817 [2013/11/07 14:24:58.569227, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 160 [2013/11/07 14:24:58.569338, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 160 [2013/11/07 14:24:58.569420, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 160 [2013/11/07 14:24:58.569501, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) fill_rpc_header: data_to_copy = 160, len_needed_to_complete_hdr = 16, receive_len = 0 [2013/11/07 14:24:58.569583, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 16 [2013/11/07 14:24:58.569662, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 144 [2013/11/07 14:24:58.569742, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 144 [2013/11/07 14:24:58.569825, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 0 [2013/11/07 14:24:58.569904, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 144 [2013/11/07 14:24:58.569983, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 144, incoming data = 144 [2013/11/07 14:24:58.570067, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) PDU is in Little Endian format! [2013/11/07 14:24:58.570157, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_BIND (11) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x00a0 (160) auth_length : 0x0000 (0) call_id : 0x00000002 (2) u : union dcerpc_payload(case 11) bind: struct dcerpc_bind max_xmit_frag : 0x10b8 (4280) max_recv_frag : 0x10b8 (4280) assoc_group_id : 0x00000000 (0) num_contexts : 0x03 (3) ctx_list: ARRAY(3) ctx_list: struct dcerpc_ctx_list context_id : 0x0000 (0) num_transfer_syntaxes : 0x01 (1) abstract_syntax: struct ndr_syntax_id uuid : 12345678-1234-abcd-ef00-0123456789ab if_version : 0x00000001 (1) transfer_syntaxes: ARRAY(1) transfer_syntaxes: struct ndr_syntax_id uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 if_version : 0x00000002 (2) ctx_list: struct dcerpc_ctx_list context_id : 0x0001 (1) num_transfer_syntaxes : 0x01 (1) abstract_syntax: struct ndr_syntax_id uuid : 12345678-1234-abcd-ef00-0123456789ab if_version : 0x00000001 (1) transfer_syntaxes: ARRAY(1) transfer_syntaxes: struct ndr_syntax_id uuid : 71710533-beba-4937-8319-b5dbef9ccc36 if_version : 0x00000001 (1) ctx_list: struct dcerpc_ctx_list context_id : 0x0002 (2) num_transfer_syntaxes : 0x01 (1) abstract_syntax: struct ndr_syntax_id uuid : 12345678-1234-abcd-ef00-0123456789ab if_version : 0x00000001 (1) transfer_syntaxes: ARRAY(1) transfer_syntaxes: struct ndr_syntax_id uuid : 6cb71c2c-9812-4540-0300-000000000000 if_version : 0x00000001 (1) auth_info : DATA_BLOB length=0 [2013/11/07 14:24:58.572189, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) Processing packet type 11 [2013/11/07 14:24:58.572274, 3, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:693(api_pipe_bind_req) api_pipe_bind_req: spoolss -> spoolss rpc service [2013/11/07 14:24:58.572357, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:724(api_pipe_bind_req) api_pipe_bind_req: make response. 724 [2013/11/07 14:24:58.572483, 3, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:342(check_bind_req) check_bind_req for \spoolss [2013/11/07 14:24:58.572568, 3, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:349(check_bind_req) check_bind_req: spoolss -> spoolss rpc service [2013/11/07 14:24:58.572651, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 21 for pipe \spoolss [2013/11/07 14:24:58.572751, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_BIND_ACK (12) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0044 (68) auth_length : 0x0000 (0) call_id : 0x00000002 (2) u : union dcerpc_payload(case 12) bind_ack: struct dcerpc_bind_ack max_xmit_frag : 0x10b8 (4280) max_recv_frag : 0x10b8 (4280) assoc_group_id : 0x000053f0 (21488) secondary_address_size : 0x000e (14) secondary_address : '\PIPE\spoolss' _pad1 : DATA_BLOB length=0 num_results : 0x01 (1) ctx_list: ARRAY(1) ctx_list: struct dcerpc_ack_ctx result : 0x0000 (0) reason : 0x0000 (0) syntax: struct ndr_syntax_id uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 if_version : 0x00000002 (2) auth_info : DATA_BLOB length=0 [2013/11/07 14:24:58.573962, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 144 smbd_smb2_request_pending_queue: req->current_idx = 1 req->in.vector[0].iov_len = 0 req->in.vector[1].iov_len = 0 req->in.vector[2].iov_len = 64 req->in.vector[3].iov_len = 48 req->in.vector[4].iov_len = 160 req->out.vector[0].iov_len = 4 req->out.vector[1].iov_len = 0 req->out.vector[2].iov_len = 64 req->out.vector[3].iov_len = 8 req->out.vector[4].iov_len = 0 [2013/11/07 14:24:58.574445, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[16] dyn[yes:0] at ../source3/smbd/smb2_write.c:150 [2013/11/07 14:24:58.574531, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/232/127 [2013/11/07 14:24:58.574705, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) smbd_smb2_request_incoming: idx[1] of 5 vectors [2013/11/07 14:24:58.574793, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) smb2_validate_sequence_number: clearing id 232 (position 232) from bitmap [2013/11/07 14:24:58.574875, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) smbd_smb2_request_dispatch: opcode[SMB2_OP_IOCTL] mid = 232 [2013/11/07 14:24:58.574970, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2013/11/07 14:24:58.575057, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) mid 232, CreditCharge: 1, NeededCharge: 1 [2013/11/07 14:24:58.575140, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl.c:394(smbd_smb2_ioctl_send) smbd_smb2_ioctl: ctl_code[0x0011c017] spoolss, fnum 3764318751 [2013/11/07 14:24:58.575227, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:59(smb2_ioctl_named_pipe) smbd_smb2_ioctl_send: np_write_send of size 4156 [2013/11/07 14:24:58.575308, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 4156 [2013/11/07 14:24:58.575390, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 4156 [2013/11/07 14:24:58.575470, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 4156 [2013/11/07 14:24:58.575552, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) fill_rpc_header: data_to_copy = 4156, len_needed_to_complete_hdr = 16, receive_len = 0 [2013/11/07 14:24:58.575634, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 16 [2013/11/07 14:24:58.575767, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 4140 [2013/11/07 14:24:58.575933, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 4140 [2013/11/07 14:24:58.576021, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 0 [2013/11/07 14:24:58.576101, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 4140 [2013/11/07 14:24:58.576180, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 4140, incoming data = 4140 [2013/11/07 14:24:58.576264, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) PDU is in Little Endian format! [2013/11/07 14:24:58.576353, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x103c (4156) auth_length : 0x0000 (0) call_id : 0x00000005 (5) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x00001024 (4132) context_id : 0x0000 (0) opnum : 0x0008 (8) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=4132 [0000] 00 00 00 00 7E 01 00 00 00 00 00 00 7B 52 AA 94 ....~... ....{R.. [0010] 7F 2C 00 00 02 00 00 00 00 00 02 00 00 10 00 00 .,...... ........ [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1020] 00 10 00 00 .... [2013/11/07 14:24:58.595455, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) Processing packet type 0 [2013/11/07 14:24:58.595539, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1472(dcesrv_auth_request) Checking request auth. [2013/11/07 14:24:58.595630, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(2016, 5001) : sec_ctx_stack_ndx = 1 [2013/11/07 14:24:58.595719, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (2016, 5001) - sec_ctx_stack_ndx = 1 [2013/11/07 14:24:58.595802, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (7): SID[ 0]: S-1-5-21-1094127309-486540266-3527182606-1118 SID[ 1]: S-1-5-21-1094127309-486540266-3527182606-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-32-545 SID[ 6]: S-1-5-32-554 Privileges (0x 800000): Privilege[ 0]: SeChangeNotifyPrivilege Rights (0x 400): Right[ 0]: SeRemoteInteractiveLogonRight [2013/11/07 14:24:58.596286, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 2016 Primary group is 5001 and contains 6 supplementary groups Group[ 0]: 5001 Group[ 1]: 5012 Group[ 2]: 5032 Group[ 3]: 5010 Group[ 4]: 5067 Group[ 5]: 5052 [2013/11/07 14:24:58.596654, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1324(api_pipe_request) Requested \spoolss rpc service [2013/11/07 14:24:58.596754, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1356(api_rpcTNP) api_rpcTNP: \spoolss op 0x8 - api_rpcTNP: rpc command: SPOOLSS_GETPRINTER [2013/11/07 14:24:58.596840, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1390(api_rpcTNP) api_rpc_cmds[8].fn == 0xb766e000 [2013/11/07 14:24:58.596928, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) spoolss_GetPrinter: struct spoolss_GetPrinter in: struct spoolss_GetPrinter handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000017e-0000-0000-7b52-aa947f2c0000 level : 0x00000002 (2) buffer : * buffer : DATA_BLOB length=4096 [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ offered : 0x00001000 (4096) [2013/11/07 14:24:58.614740, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[3] [0000] 00 00 00 00 7E 01 00 00 00 00 00 00 7B 52 AA 94 ....~... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.614895, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[3] [0000] 00 00 00 00 7E 01 00 00 00 00 00 00 7B 52 AA 94 ....~... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.615045, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:489(get_printer_snum) short name:sprinter1 [2013/11/07 14:24:58.615208, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) Create pipe requested \winreg [2013/11/07 14:24:58.615302, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:221(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \winreg [2013/11/07 14:24:58.615385, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg [2013/11/07 14:24:58.615517, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) Created internal pipe \winreg [2013/11/07 14:24:58.615628, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:24:58.616136, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2013/11/07 14:24:58.616221, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(2016, 5001) : sec_ctx_stack_ndx = 2 [2013/11/07 14:24:58.616308, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:485(push_conn_ctx) push_conn_ctx(2620291195) : conn_ctx_stack_ndx = 0 [2013/11/07 14:24:58.616472, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/11/07 14:24:58.616558, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/11/07 14:24:58.616654, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/11/07 14:24:58.616895, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (2016, 5001) - sec_ctx_stack_ndx = 1 [2013/11/07 14:24:58.616978, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:866(regdb_open) regdb_open: registry db opened. refcount reset (1) [2013/11/07 14:24:58.617065, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2013/11/07 14:24:58.617144, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2013/11/07 14:24:58.617228, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:58.617338, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM] [2013/11/07 14:24:58.617469, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2013/11/07 14:24:58.617572, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:24:58.617660, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 9A 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.617812, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000019a-0000-0000-7b52-aa947f2c0000 result : WERR_OK [2013/11/07 14:24:58.618172, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000019a-0000-0000-7b52-aa947f2c0000 keyname: struct winreg_String name_len : 0x008c (140) name_size : 0x008c (140) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:24:58.619186, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 9A 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.619340, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2013/11/07 14:24:58.619422, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (1->2) [2013/11/07 14:24:58.619506, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2013/11/07 14:24:58.619585, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2013/11/07 14:24:58.619669, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:58.619748, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE] [2013/11/07 14:24:58.619858, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2013/11/07 14:24:58.619959, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2013/11/07 14:24:58.620042, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (2->3) [2013/11/07 14:24:58.620126, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:58.620206, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:58.620289, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:58.620368, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:58.620587, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:58.620690, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2013/11/07 14:24:58.620773, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (3->4) [2013/11/07 14:24:58.620858, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:58.620938, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:58.621023, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:58.621116, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:58.621219, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:58.621337, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2013/11/07 14:24:58.621420, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (4->5) [2013/11/07 14:24:58.621505, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:58.621584, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:58.621670, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:58.621749, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:58.621874, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2013/11/07 14:24:58.621957, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (5->6) [2013/11/07 14:24:58.622042, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:58.622123, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:58.622211, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:58.622290, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:58.622398, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2013/11/07 14:24:58.622480, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (6->7) [2013/11/07 14:24:58.622567, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:58.622648, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:58.622736, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:58.622829, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:58.622934, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:58.623036, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [sprinter1] [2013/11/07 14:24:58.623119, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (7->8) [2013/11/07 14:24:58.623204, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:58.623286, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:58.623376, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:58.623455, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:58.623581, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:58.623684, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:24:58.623770, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (8->7) [2013/11/07 14:24:58.623854, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (7->6) [2013/11/07 14:24:58.623937, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (6->5) [2013/11/07 14:24:58.624021, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (5->4) [2013/11/07 14:24:58.624103, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (4->3) [2013/11/07 14:24:58.624186, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (3->2) [2013/11/07 14:24:58.624271, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 9B 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.624459, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000019b-0000-0000-7b52-aa947f2c0000 result : WERR_OK [2013/11/07 14:24:58.624825, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey in: struct winreg_QueryInfoKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000019b-0000-0000-7b52-aa947f2c0000 classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL [2013/11/07 14:24:58.625311, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 9B 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.625467, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' (ops 0xb6d86bc0) [2013/11/07 14:24:58.625551, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:58.625670, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[0]: name[Attributes] len[4] [2013/11/07 14:24:58.625755, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[1]: name[Description] len[2] [2013/11/07 14:24:58.625839, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[2]: name[Datatype] len[8] [2013/11/07 14:24:58.625981, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[3]: name[Default Priority] len[4] [2013/11/07 14:24:58.626068, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[4]: name[Port] len[38] [2013/11/07 14:24:58.626152, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[5]: name[Name] len[20] [2013/11/07 14:24:58.626237, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[6]: name[Print Processor] len[18] [2013/11/07 14:24:58.626322, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[7]: name[Priority] len[4] [2013/11/07 14:24:58.626408, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[8]: name[Security] len[248] [2013/11/07 14:24:58.626493, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[9]: name[Share Name] len[20] [2013/11/07 14:24:58.626594, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[10]: name[StartTime] len[4] [2013/11/07 14:24:58.626679, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[11]: name[UntilTime] len[4] [2013/11/07 14:24:58.626764, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[12]: name[ChangeID] len[4] [2013/11/07 14:24:58.626851, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:58.626957, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey out: struct winreg_QueryInfoKey classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL num_subkeys : * num_subkeys : 0x00000003 (3) max_subkeylen : * max_subkeylen : 0x00000022 (34) max_classlen : * max_classlen : 0x00000000 (0) num_values : * num_values : 0x0000000d (13) max_valnamelen : * max_valnamelen : 0x00000022 (34) max_valbufsize : * max_valbufsize : 0x000000f8 (248) secdescsize : * secdescsize : 0x00000078 (120) last_changed_time : * last_changed_time : NTTIME(0) result : WERR_OK [2013/11/07 14:24:58.627937, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000019b-0000-0000-7b52-aa947f2c0000 enum_index : 0x00000000 (0) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:58.628824, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 9B 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.628977, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:58.629080, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0016 (22) size : 0x0024 (36) name : * name : 'Attributes' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x48 (72) [1] : 0x10 (16) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:58.629997, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000019b-0000-0000-7b52-aa947f2c0000 enum_index : 0x00000001 (1) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:58.630842, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 9B 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.630991, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:58.631078, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0018 (24) size : 0x0024 (36) name : * name : 'Description' type : * type : REG_SZ (1) value : * value: ARRAY(2) [0] : 0x00 (0) [1] : 0x00 (0) size : * size : 0x00000002 (2) length : * length : 0x00000002 (2) result : WERR_OK [2013/11/07 14:24:58.631885, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000019b-0000-0000-7b52-aa947f2c0000 enum_index : 0x00000002 (2) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:58.632761, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 9B 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.632909, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:58.632996, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Datatype' type : * type : REG_SZ (1) value : * value: ARRAY(8) [0] : 0x52 (82) [1] : 0x00 (0) [2] : 0x41 (65) [3] : 0x00 (0) [4] : 0x57 (87) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) size : * size : 0x00000008 (8) length : * length : 0x00000008 (8) result : WERR_OK [2013/11/07 14:24:58.634030, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000019b-0000-0000-7b52-aa947f2c0000 enum_index : 0x00000003 (3) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:58.635035, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 9B 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.635186, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:58.635274, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0022 (34) size : 0x0024 (36) name : * name : 'Default Priority' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:58.636144, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000019b-0000-0000-7b52-aa947f2c0000 enum_index : 0x00000004 (4) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:58.637026, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 9B 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.637176, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:58.637293, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x000a (10) size : 0x0024 (36) name : * name : 'Port' type : * type : REG_SZ (1) value : * value: ARRAY(38) [0] : 0x53 (83) [1] : 0x00 (0) [2] : 0x61 (97) [3] : 0x00 (0) [4] : 0x6d (109) [5] : 0x00 (0) [6] : 0x62 (98) [7] : 0x00 (0) [8] : 0x61 (97) [9] : 0x00 (0) [10] : 0x20 (32) [11] : 0x00 (0) [12] : 0x50 (80) [13] : 0x00 (0) [14] : 0x72 (114) [15] : 0x00 (0) [16] : 0x69 (105) [17] : 0x00 (0) [18] : 0x6e (110) [19] : 0x00 (0) [20] : 0x74 (116) [21] : 0x00 (0) [22] : 0x65 (101) [23] : 0x00 (0) [24] : 0x72 (114) [25] : 0x00 (0) [26] : 0x20 (32) [27] : 0x00 (0) [28] : 0x50 (80) [29] : 0x00 (0) [30] : 0x6f (111) [31] : 0x00 (0) [32] : 0x72 (114) [33] : 0x00 (0) [34] : 0x74 (116) [35] : 0x00 (0) [36] : 0x00 (0) [37] : 0x00 (0) size : * size : 0x00000026 (38) length : * length : 0x00000026 (38) result : WERR_OK [2013/11/07 14:24:58.639496, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000019b-0000-0000-7b52-aa947f2c0000 enum_index : 0x00000005 (5) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:58.640429, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 9B 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.640582, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:58.640672, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x000a (10) size : 0x0024 (36) name : * name : 'Name' type : * type : REG_SZ (1) value : * value: ARRAY(20) [0] : 0x73 (115) [1] : 0x00 (0) [2] : 0x70 (112) [3] : 0x00 (0) [4] : 0x72 (114) [5] : 0x00 (0) [6] : 0x69 (105) [7] : 0x00 (0) [8] : 0x6e (110) [9] : 0x00 (0) [10] : 0x74 (116) [11] : 0x00 (0) [12] : 0x65 (101) [13] : 0x00 (0) [14] : 0x72 (114) [15] : 0x00 (0) [16] : 0x31 (49) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) size : * size : 0x00000014 (20) length : * length : 0x00000014 (20) result : WERR_OK [2013/11/07 14:24:58.642197, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000019b-0000-0000-7b52-aa947f2c0000 enum_index : 0x00000006 (6) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:58.643059, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 9B 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.643208, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:58.643295, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0020 (32) size : 0x0024 (36) name : * name : 'Print Processor' type : * type : REG_SZ (1) value : * value: ARRAY(18) [0] : 0x77 (119) [1] : 0x00 (0) [2] : 0x69 (105) [3] : 0x00 (0) [4] : 0x6e (110) [5] : 0x00 (0) [6] : 0x70 (112) [7] : 0x00 (0) [8] : 0x72 (114) [9] : 0x00 (0) [10] : 0x69 (105) [11] : 0x00 (0) [12] : 0x6e (110) [13] : 0x00 (0) [14] : 0x74 (116) [15] : 0x00 (0) [16] : 0x00 (0) [17] : 0x00 (0) size : * size : 0x00000012 (18) length : * length : 0x00000012 (18) result : WERR_OK [2013/11/07 14:24:58.644737, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000019b-0000-0000-7b52-aa947f2c0000 enum_index : 0x00000007 (7) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:58.645612, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 9B 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.645761, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:58.645848, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Priority' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:58.646713, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000019b-0000-0000-7b52-aa947f2c0000 enum_index : 0x00000008 (8) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:58.647564, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 9B 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.647714, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:58.647801, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Security' type : * type : REG_BINARY (3) value : * value: ARRAY(248) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0xc4 (196) [55] : 0x00 (0) [56] : 0x07 (7) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x24 (36) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x05 (5) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x15 (21) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0xcd (205) [101] : 0x0e (14) [102] : 0x37 (55) [103] : 0x41 (65) [104] : 0xea (234) [105] : 0x03 (3) [106] : 0x00 (0) [107] : 0x1d (29) [108] : 0x0e (14) [109] : 0x89 (137) [110] : 0x3c (60) [111] : 0xd2 (210) [112] : 0x00 (0) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x02 (2) [118] : 0x24 (36) [119] : 0x00 (0) [120] : 0x0c (12) [121] : 0x00 (0) [122] : 0x0f (15) [123] : 0x10 (16) [124] : 0x01 (1) [125] : 0x05 (5) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x05 (5) [132] : 0x15 (21) [133] : 0x00 (0) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0xcd (205) [137] : 0x0e (14) [138] : 0x37 (55) [139] : 0x41 (65) [140] : 0xea (234) [141] : 0x03 (3) [142] : 0x00 (0) [143] : 0x1d (29) [144] : 0x0e (14) [145] : 0x89 (137) [146] : 0x3c (60) [147] : 0xd2 (210) [148] : 0x00 (0) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x09 (9) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x20 (32) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x02 (2) [178] : 0x18 (24) [179] : 0x00 (0) [180] : 0x0c (12) [181] : 0x00 (0) [182] : 0x0f (15) [183] : 0x10 (16) [184] : 0x01 (1) [185] : 0x02 (2) [186] : 0x00 (0) [187] : 0x00 (0) [188] : 0x00 (0) [189] : 0x00 (0) [190] : 0x00 (0) [191] : 0x05 (5) [192] : 0x20 (32) [193] : 0x00 (0) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x20 (32) [197] : 0x02 (2) [198] : 0x00 (0) [199] : 0x00 (0) [200] : 0x00 (0) [201] : 0x09 (9) [202] : 0x18 (24) [203] : 0x00 (0) [204] : 0x0c (12) [205] : 0x00 (0) [206] : 0x0f (15) [207] : 0x10 (16) [208] : 0x01 (1) [209] : 0x02 (2) [210] : 0x00 (0) [211] : 0x00 (0) [212] : 0x00 (0) [213] : 0x00 (0) [214] : 0x00 (0) [215] : 0x05 (5) [216] : 0x20 (32) [217] : 0x00 (0) [218] : 0x00 (0) [219] : 0x00 (0) [220] : 0x26 (38) [221] : 0x02 (2) [222] : 0x00 (0) [223] : 0x00 (0) [224] : 0x00 (0) [225] : 0x02 (2) [226] : 0x18 (24) [227] : 0x00 (0) [228] : 0x0c (12) [229] : 0x00 (0) [230] : 0x0f (15) [231] : 0x10 (16) [232] : 0x01 (1) [233] : 0x02 (2) [234] : 0x00 (0) [235] : 0x00 (0) [236] : 0x00 (0) [237] : 0x00 (0) [238] : 0x00 (0) [239] : 0x05 (5) [240] : 0x20 (32) [241] : 0x00 (0) [242] : 0x00 (0) [243] : 0x00 (0) [244] : 0x26 (38) [245] : 0x02 (2) [246] : 0x00 (0) [247] : 0x00 (0) size : * size : 0x000000f8 (248) length : * length : 0x000000f8 (248) result : WERR_OK [2013/11/07 14:24:58.658314, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000019b-0000-0000-7b52-aa947f2c0000 enum_index : 0x00000009 (9) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:58.659175, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 9B 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.659323, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:58.659412, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0016 (22) size : 0x0024 (36) name : * name : 'Share Name' type : * type : REG_SZ (1) value : * value: ARRAY(20) [0] : 0x73 (115) [1] : 0x00 (0) [2] : 0x70 (112) [3] : 0x00 (0) [4] : 0x72 (114) [5] : 0x00 (0) [6] : 0x69 (105) [7] : 0x00 (0) [8] : 0x6e (110) [9] : 0x00 (0) [10] : 0x74 (116) [11] : 0x00 (0) [12] : 0x65 (101) [13] : 0x00 (0) [14] : 0x72 (114) [15] : 0x00 (0) [16] : 0x31 (49) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) size : * size : 0x00000014 (20) length : * length : 0x00000014 (20) result : WERR_OK [2013/11/07 14:24:58.660915, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000019b-0000-0000-7b52-aa947f2c0000 enum_index : 0x0000000a (10) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:58.661800, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 9B 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.661950, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:58.662036, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0014 (20) size : 0x0024 (36) name : * name : 'StartTime' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:58.662906, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000019b-0000-0000-7b52-aa947f2c0000 enum_index : 0x0000000b (11) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:58.663843, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 9B 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.663993, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:58.664080, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0014 (20) size : 0x0024 (36) name : * name : 'UntilTime' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:58.664993, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000019b-0000-0000-7b52-aa947f2c0000 enum_index : 0x0000000c (12) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:58.665872, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 9B 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.666024, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:58.666115, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'ChangeID' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x33 (51) [1] : 0xac (172) [2] : 0x0e (14) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:58.667029, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000019b-0000-0000-7b52-aa947f2c0000 value_name : * value_name: struct winreg_String name_len : 0x0020 (32) name_size : 0x0020 (32) name : * name : 'Default DevMode' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2013/11/07 14:24:58.667814, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 9B 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.667963, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:58.668046, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2013/11/07 14:24:58.668134, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:316(_winreg_QueryValue) _winreg_QueryValue: reg_queryvalue failed with: WERR_BADFILE [2013/11/07 14:24:58.668215, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) result : WERR_BADFILE [2013/11/07 14:24:58.668706, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:24:58.669214, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2013/11/07 14:24:58.669316, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (2->3) [2013/11/07 14:24:58.669402, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2013/11/07 14:24:58.669483, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2013/11/07 14:24:58.676551, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:58.676829, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM] [2013/11/07 14:24:58.677148, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2013/11/07 14:24:58.677477, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:24:58.677699, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[3] [0000] 00 00 00 00 9C 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.678089, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000019c-0000-0000-7b52-aa947f2c0000 result : WERR_OK [2013/11/07 14:24:58.678987, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000019c-0000-0000-7b52-aa947f2c0000 keyname: struct winreg_String name_len : 0x008c (140) name_size : 0x008c (140) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:24:58.681604, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 9C 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.681996, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2013/11/07 14:24:58.682201, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (3->4) [2013/11/07 14:24:58.682412, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2013/11/07 14:24:58.682610, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2013/11/07 14:24:58.682862, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:58.683060, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE] [2013/11/07 14:24:58.683339, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2013/11/07 14:24:58.683588, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2013/11/07 14:24:58.683792, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (4->5) [2013/11/07 14:24:58.684002, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:58.684199, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:58.684462, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:58.684668, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:58.684933, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:58.685181, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2013/11/07 14:24:58.685414, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (5->6) [2013/11/07 14:24:58.685626, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:58.685825, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:58.686033, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:58.686248, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:58.686507, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:58.686758, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2013/11/07 14:24:58.686963, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (6->7) [2013/11/07 14:24:58.687174, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:58.687406, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:58.687618, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:58.688143, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:58.688533, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2013/11/07 14:24:58.688748, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (7->8) [2013/11/07 14:24:58.688960, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:58.689162, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:58.689462, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:58.689649, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:58.689762, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2013/11/07 14:24:58.689844, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (8->9) [2013/11/07 14:24:58.689929, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:58.690010, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:58.690097, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:58.690176, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:58.690280, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:58.690405, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [sprinter1] [2013/11/07 14:24:58.690491, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (9->10) [2013/11/07 14:24:58.690583, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:58.690696, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:58.690784, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:58.690862, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:58.691017, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:58.691140, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:24:58.691227, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (10->9) [2013/11/07 14:24:58.691310, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (9->8) [2013/11/07 14:24:58.691394, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (8->7) [2013/11/07 14:24:58.691477, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (7->6) [2013/11/07 14:24:58.691559, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (6->5) [2013/11/07 14:24:58.691642, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (5->4) [2013/11/07 14:24:58.691726, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[4] [0000] 00 00 00 00 9D 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.691877, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000019d-0000-0000-7b52-aa947f2c0000 result : WERR_OK [2013/11/07 14:24:58.692236, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000019d-0000-0000-7b52-aa947f2c0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2013/11/07 14:24:58.693055, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 9D 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.693203, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:58.693298, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2013/11/07 14:24:58.693381, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' (ops 0xb6d86bc0) [2013/11/07 14:24:58.693464, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:58.693571, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[0]: name[Attributes] len[4] [2013/11/07 14:24:58.693655, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[1]: name[Description] len[2] [2013/11/07 14:24:58.693739, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[2]: name[Datatype] len[8] [2013/11/07 14:24:58.693822, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[3]: name[Default Priority] len[4] [2013/11/07 14:24:58.693906, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[4]: name[Port] len[38] [2013/11/07 14:24:58.693990, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[5]: name[Name] len[20] [2013/11/07 14:24:58.694074, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[6]: name[Print Processor] len[18] [2013/11/07 14:24:58.694158, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[7]: name[Priority] len[4] [2013/11/07 14:24:58.694243, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[8]: name[Security] len[248] [2013/11/07 14:24:58.694327, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[9]: name[Share Name] len[20] [2013/11/07 14:24:58.694412, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[10]: name[StartTime] len[4] [2013/11/07 14:24:58.694510, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[11]: name[UntilTime] len[4] [2013/11/07 14:24:58.694594, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[12]: name[ChangeID] len[4] [2013/11/07 14:24:58.694681, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : NULL data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x00000000 (0) result : WERR_OK [2013/11/07 14:24:58.695135, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000019d-0000-0000-7b52-aa947f2c0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_BINARY (3) data : * data: ARRAY(0) data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x00000000 (0) [2013/11/07 14:24:58.695940, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 9D 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.696087, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:58.696169, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2013/11/07 14:24:58.696255, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : * data: ARRAY(248) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0xc4 (196) [55] : 0x00 (0) [56] : 0x07 (7) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x24 (36) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x05 (5) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x15 (21) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0xcd (205) [101] : 0x0e (14) [102] : 0x37 (55) [103] : 0x41 (65) [104] : 0xea (234) [105] : 0x03 (3) [106] : 0x00 (0) [107] : 0x1d (29) [108] : 0x0e (14) [109] : 0x89 (137) [110] : 0x3c (60) [111] : 0xd2 (210) [112] : 0x00 (0) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x02 (2) [118] : 0x24 (36) [119] : 0x00 (0) [120] : 0x0c (12) [121] : 0x00 (0) [122] : 0x0f (15) [123] : 0x10 (16) [124] : 0x01 (1) [125] : 0x05 (5) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x05 (5) [132] : 0x15 (21) [133] : 0x00 (0) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0xcd (205) [137] : 0x0e (14) [138] : 0x37 (55) [139] : 0x41 (65) [140] : 0xea (234) [141] : 0x03 (3) [142] : 0x00 (0) [143] : 0x1d (29) [144] : 0x0e (14) [145] : 0x89 (137) [146] : 0x3c (60) [147] : 0xd2 (210) [148] : 0x00 (0) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x09 (9) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x20 (32) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x02 (2) [178] : 0x18 (24) [179] : 0x00 (0) [180] : 0x0c (12) [181] : 0x00 (0) [182] : 0x0f (15) [183] : 0x10 (16) [184] : 0x01 (1) [185] : 0x02 (2) [186] : 0x00 (0) [187] : 0x00 (0) [188] : 0x00 (0) [189] : 0x00 (0) [190] : 0x00 (0) [191] : 0x05 (5) [192] : 0x20 (32) [193] : 0x00 (0) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x20 (32) [197] : 0x02 (2) [198] : 0x00 (0) [199] : 0x00 (0) [200] : 0x00 (0) [201] : 0x09 (9) [202] : 0x18 (24) [203] : 0x00 (0) [204] : 0x0c (12) [205] : 0x00 (0) [206] : 0x0f (15) [207] : 0x10 (16) [208] : 0x01 (1) [209] : 0x02 (2) [210] : 0x00 (0) [211] : 0x00 (0) [212] : 0x00 (0) [213] : 0x00 (0) [214] : 0x00 (0) [215] : 0x05 (5) [216] : 0x20 (32) [217] : 0x00 (0) [218] : 0x00 (0) [219] : 0x00 (0) [220] : 0x26 (38) [221] : 0x02 (2) [222] : 0x00 (0) [223] : 0x00 (0) [224] : 0x00 (0) [225] : 0x02 (2) [226] : 0x18 (24) [227] : 0x00 (0) [228] : 0x0c (12) [229] : 0x00 (0) [230] : 0x0f (15) [231] : 0x10 (16) [232] : 0x01 (1) [233] : 0x02 (2) [234] : 0x00 (0) [235] : 0x00 (0) [236] : 0x00 (0) [237] : 0x00 (0) [238] : 0x00 (0) [239] : 0x05 (5) [240] : 0x20 (32) [241] : 0x00 (0) [242] : 0x00 (0) [243] : 0x00 (0) [244] : 0x26 (38) [245] : 0x02 (2) [246] : 0x00 (0) [247] : 0x00 (0) data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x000000f8 (248) result : WERR_OK [2013/11/07 14:24:58.706487, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000019d-0000-0000-7b52-aa947f2c0000 [2013/11/07 14:24:58.706769, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 9D 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.706917, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 9D 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.707063, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:24:58.707149, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (4->3) [2013/11/07 14:24:58.707232, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:24:58.707564, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000019c-0000-0000-7b52-aa947f2c0000 [2013/11/07 14:24:58.707856, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 9C 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.708008, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 9C 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.708157, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:24:58.708238, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (3->2) [2013/11/07 14:24:58.708320, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:24:58.708686, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000019b-0000-0000-7b52-aa947f2c0000 [2013/11/07 14:24:58.708965, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 9B 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.709115, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 9B 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.709264, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:24:58.709367, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (2->1) [2013/11/07 14:24:58.709450, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:24:58.709785, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000019a-0000-0000-7b52-aa947f2c0000 [2013/11/07 14:24:58.710204, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 9A 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.710355, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 9A 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.710503, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:24:58.710586, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (1->0) [2013/11/07 14:24:58.710693, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:24:58.711133, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:416(close_policy_by_pipe) Deleted handle list for RPC connection \winreg [2013/11/07 14:24:58.711354, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) spoolss_GetPrinter: struct spoolss_GetPrinter out: struct spoolss_GetPrinter info : * info : union spoolss_PrinterInfo(case 2) info2: struct spoolss_PrinterInfo2 servername : * servername : '\\SLAVER' printername : * printername : '\\SLAVER\sprinter1' sharename : * sharename : 'sprinter1' portname : * portname : 'Samba Printer Port' drivername : * drivername : '' comment : * comment : '' location : * location : '' devmode : * devmode: struct spoolss_DeviceMode devicename : '\\SLAVER\sprinter1' specversion : DMSPEC_NT4_AND_ABOVE (1025) driverversion : 0x0400 (1024) size : 0x00dc (220) __driverextra_length : 0x0000 (0) fields : 0x00014713 (83731) 1: DEVMODE_ORIENTATION 1: DEVMODE_PAPERSIZE 0: DEVMODE_PAPERLENGTH 0: DEVMODE_PAPERWIDTH 1: DEVMODE_SCALE 0: DEVMODE_POSITION 0: DEVMODE_NUP 1: DEVMODE_COPIES 1: DEVMODE_DEFAULTSOURCE 1: DEVMODE_PRINTQUALITY 0: DEVMODE_COLOR 0: DEVMODE_DUPLEX 0: DEVMODE_YRESOLUTION 1: DEVMODE_TTOPTION 0: DEVMODE_COLLATE 1: DEVMODE_FORMNAME 0: DEVMODE_LOGPIXELS 0: DEVMODE_BITSPERPEL 0: DEVMODE_PELSWIDTH 0: DEVMODE_PELSHEIGHT 0: DEVMODE_DISPLAYFLAGS 0: DEVMODE_DISPLAYFREQUENCY 0: DEVMODE_ICMMETHOD 0: DEVMODE_ICMINTENT 0: DEVMODE_MEDIATYPE 0: DEVMODE_DITHERTYPE 0: DEVMODE_PANNINGWIDTH 0: DEVMODE_PANNINGHEIGHT orientation : DMORIENT_PORTRAIT (1) papersize : DMPAPER_LETTER (1) paperlength : 0x0000 (0) paperwidth : 0x0000 (0) scale : 0x0064 (100) copies : 0x0001 (1) defaultsource : DMBIN_FORMSOURCE (15) printquality : DMRES_HIGH (65532) color : DMRES_MONOCHROME (1) duplex : DMDUP_SIMPLEX (1) yresolution : 0x0000 (0) ttoption : DMTT_SUBDEV (3) collate : DMCOLLATE_FALSE (0) formname : 'Letter' logpixels : 0x0000 (0) bitsperpel : 0x00000000 (0) pelswidth : 0x00000000 (0) pelsheight : 0x00000000 (0) displayflags : UNKNOWN_ENUM_VALUE (0) displayfrequency : 0x00000000 (0) icmmethod : UNKNOWN_ENUM_VALUE (0) icmintent : UNKNOWN_ENUM_VALUE (0) mediatype : UNKNOWN_ENUM_VALUE (0) dithertype : UNKNOWN_ENUM_VALUE (0) reserved1 : 0x00000000 (0) reserved2 : 0x00000000 (0) panningwidth : 0x00000000 (0) panningheight : 0x00000000 (0) driverextra_data : DATA_BLOB length=0 sepfile : * sepfile : '' printprocessor : * printprocessor : 'winprint' datatype : * datatype : 'RAW' parameters : * parameters : '' secdesc : * secdesc: struct security_descriptor revision : SECURITY_DESCRIPTOR_REVISION_1 (1) type : 0x8004 (32772) 0: SEC_DESC_OWNER_DEFAULTED 0: SEC_DESC_GROUP_DEFAULTED 1: SEC_DESC_DACL_PRESENT 0: SEC_DESC_DACL_DEFAULTED 0: SEC_DESC_SACL_PRESENT 0: SEC_DESC_SACL_DEFAULTED 0: SEC_DESC_DACL_TRUSTED 0: SEC_DESC_SERVER_SECURITY 0: SEC_DESC_DACL_AUTO_INHERIT_REQ 0: SEC_DESC_SACL_AUTO_INHERIT_REQ 0: SEC_DESC_DACL_AUTO_INHERITED 0: SEC_DESC_SACL_AUTO_INHERITED 0: SEC_DESC_DACL_PROTECTED 0: SEC_DESC_SACL_PROTECTED 0: SEC_DESC_RM_CONTROL_VALID 1: SEC_DESC_SELF_RELATIVE owner_sid : * owner_sid : S-1-5-32-544 group_sid : * group_sid : S-1-5-32-544 sacl : NULL dacl : * dacl: struct security_acl revision : SECURITY_ACL_REVISION_NT4 (2) size : 0x00c4 (196) num_aces : 0x00000007 (7) aces: ARRAY(7) aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0014 (20) access_mask : 0x20020008 (537001992) object : union security_ace_object_ctr(case 0) trustee : S-1-1-0 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x09 (9) 1: SEC_ACE_FLAG_OBJECT_INHERIT 0: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 1: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0024 (36) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-21-1094127309-486540266-3527182606-512 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0024 (36) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-21-1094127309-486540266-3527182606-512 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x09 (9) 1: SEC_ACE_FLAG_OBJECT_INHERIT 0: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 1: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-544 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-544 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x09 (9) 1: SEC_ACE_FLAG_OBJECT_INHERIT 0: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 1: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-550 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-550 attributes : 0x00001048 (4168) 0: PRINTER_ATTRIBUTE_QUEUED 0: PRINTER_ATTRIBUTE_DIRECT 0: PRINTER_ATTRIBUTE_DEFAULT 1: PRINTER_ATTRIBUTE_SHARED 0: PRINTER_ATTRIBUTE_NETWORK 0: PRINTER_ATTRIBUTE_HIDDEN 1: PRINTER_ATTRIBUTE_LOCAL 0: PRINTER_ATTRIBUTE_ENABLE_DEVQ 0: PRINTER_ATTRIBUTE_KEEPPRINTEDJOBS 0: PRINTER_ATTRIBUTE_DO_COMPLETE_FIRST 0: PRINTER_ATTRIBUTE_WORK_OFFLINE 0: PRINTER_ATTRIBUTE_ENABLE_BIDI 1: PRINTER_ATTRIBUTE_RAW_ONLY 0: PRINTER_ATTRIBUTE_PUBLISHED 0: PRINTER_ATTRIBUTE_FAX 0: PRINTER_ATTRIBUTE_TS priority : 0x00000001 (1) defaultpriority : 0x00000001 (1) starttime : 0x00000000 (0) untiltime : 0x00000000 (0) status : 0x00000000 (0) 0: PRINTER_STATUS_PAUSED 0: PRINTER_STATUS_ERROR 0: PRINTER_STATUS_PENDING_DELETION 0: PRINTER_STATUS_PAPER_JAM 0: PRINTER_STATUS_PAPER_OUT 0: PRINTER_STATUS_MANUAL_FEED 0: PRINTER_STATUS_PAPER_PROBLEM 0: PRINTER_STATUS_OFFLINE 0: PRINTER_STATUS_IO_ACTIVE 0: PRINTER_STATUS_BUSY 0: PRINTER_STATUS_PRINTING 0: PRINTER_STATUS_OUTPUT_BIN_FULL 0: PRINTER_STATUS_NOT_AVAILABLE 0: PRINTER_STATUS_WAITING 0: PRINTER_STATUS_PROCESSING 0: PRINTER_STATUS_INITIALIZING 0: PRINTER_STATUS_WARMING_UP 0: PRINTER_STATUS_TONER_LOW 0: PRINTER_STATUS_NO_TONER 0: PRINTER_STATUS_PAGE_PUNT 0: PRINTER_STATUS_USER_INTERVENTION 0: PRINTER_STATUS_OUT_OF_MEMORY 0: PRINTER_STATUS_DOOR_OPEN 0: PRINTER_STATUS_SERVER_UNKNOWN 0: PRINTER_STATUS_POWER_SAVE cjobs : 0x00000000 (0) averageppm : 0x00000000 (0) needed : * needed : 0x000002f0 (752) result : WERR_OK [2013/11/07 14:24:58.722872, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1417(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2013/11/07 14:24:58.722998, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (2016, 5001) - sec_ctx_stack_ndx = 0 [2013/11/07 14:24:58.723087, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 4140 smbd_smb2_request_pending_queue: req->current_idx = 1 req->in.vector[0].iov_len = 0 req->in.vector[1].iov_len = 0 req->in.vector[2].iov_len = 64 req->in.vector[3].iov_len = 56 req->in.vector[4].iov_len = 4156 req->out.vector[0].iov_len = 4 req->out.vector[1].iov_len = 0 req->out.vector[2].iov_len = 64 req->out.vector[3].iov_len = 8 req->out.vector[4].iov_len = 0 [2013/11/07 14:24:58.723587, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:128(smbd_smb2_ioctl_pipe_write_done) smbd_smb2_ioctl_pipe_write_done: received 4156 [2013/11/07 14:24:58.723672, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:149(smbd_smb2_ioctl_pipe_write_done) smbd_smb2_ioctl_pipe_write_done: issuing np_read_send of size 4136 [2013/11/07 14:24:58.723757, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) name: \spoolss len: 4136 [2013/11/07 14:24:58.723841, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:347(read_from_internal_pipe) read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 4112. [2013/11/07 14:24:58.723938, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x1028 (4136) auth_length : 0x0000 (0) call_id : 0x00000005 (5) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00001010 (4112) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=4112 [0000] 04 00 02 00 00 10 00 00 EE 0F 00 00 C8 0F 00 00 ........ ........ [0010] B4 0F 00 00 8E 0F 00 00 8C 0F 00 00 8A 0F 00 00 ........ ........ [0020] 88 0F 00 00 8C 0E 00 00 86 0F 00 00 74 0F 00 00 ........ ....t... [0030] 6C 0F 00 00 6A 0F 00 00 94 0D 00 00 48 10 00 00 l...j... ....H... [0040] 01 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 01 00 04 80 ........ ........ [0DA0] D8 00 00 00 E8 00 00 00 00 00 00 00 14 00 00 00 ........ ........ [0DB0] 02 00 C4 00 07 00 00 00 00 02 14 00 08 00 02 20 ........ ....... [0DC0] 01 01 00 00 00 00 00 01 00 00 00 00 00 09 24 00 ........ ......$. [0DD0] 0C 00 0F 10 01 05 00 00 00 00 00 05 15 00 00 00 ........ ........ [0DE0] CD 0E 37 41 EA 03 00 1D 0E 89 3C D2 00 02 00 00 ..7A.... ..<..... [0DF0] 00 02 24 00 0C 00 0F 10 01 05 00 00 00 00 00 05 ..$..... ........ [0E00] 15 00 00 00 CD 0E 37 41 EA 03 00 1D 0E 89 3C D2 ......7A ......<. [0E10] 00 02 00 00 00 09 18 00 0C 00 0F 10 01 02 00 00 ........ ........ [0E20] 00 00 00 05 20 00 00 00 20 02 00 00 00 02 18 00 .... ... ....... [0E30] 0C 00 0F 10 01 02 00 00 00 00 00 05 20 00 00 00 ........ .... ... [0E40] 20 02 00 00 00 09 18 00 0C 00 0F 10 01 02 00 00 ....... ........ [0E50] 00 00 00 05 20 00 00 00 26 02 00 00 00 02 18 00 .... ... &....... [0E60] 0C 00 0F 10 01 02 00 00 00 00 00 05 20 00 00 00 ........ .... ... [0E70] 26 02 00 00 01 02 00 00 00 00 00 05 20 00 00 00 &....... .... ... [0E80] 20 02 00 00 01 02 00 00 00 00 00 05 20 00 00 00 ....... .... ... [0E90] 20 02 00 00 5C 00 5C 00 53 00 4C 00 41 00 56 00 ...\.\. S.L.A.V. [0EA0] 45 00 52 00 5C 00 73 00 70 00 72 00 69 00 6E 00 E.R.\.s. p.r.i.n. [0EB0] 74 00 65 00 72 00 31 00 00 00 00 00 00 00 00 00 t.e.r.1. ........ [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0ED0] 00 00 00 00 01 04 00 04 DC 00 00 00 13 47 01 00 ........ .....G.. [0EE0] 01 00 01 00 00 00 00 00 64 00 01 00 0F 00 FC FF ........ d....... [0EF0] 01 00 01 00 00 00 03 00 00 00 4C 00 65 00 74 00 ........ ..L.e.t. [0F00] 74 00 65 00 72 00 00 00 00 00 00 00 00 00 00 00 t.e.r... ........ [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F70] 00 00 00 00 52 00 41 00 57 00 00 00 77 00 69 00 ....R.A. W...w.i. [0F80] 6E 00 70 00 72 00 69 00 6E 00 74 00 00 00 00 00 n.p.r.i. n.t..... [0F90] 00 00 00 00 00 00 53 00 61 00 6D 00 62 00 61 00 ......S. a.m.b.a. [0FA0] 20 00 50 00 72 00 69 00 6E 00 74 00 65 00 72 00 .P.r.i. n.t.e.r. [0FB0] 20 00 50 00 6F 00 72 00 74 00 00 00 73 00 70 00 .P.o.r. t...s.p. [0FC0] 72 00 69 00 6E 00 74 00 65 00 72 00 31 00 00 00 r.i.n.t. e.r.1... [0FD0] 5C 00 5C 00 53 00 4C 00 41 00 56 00 45 00 52 00 \.\.S.L. A.V.E.R. [0FE0] 5C 00 73 00 70 00 72 00 69 00 6E 00 74 00 65 00 \.s.p.r. i.n.t.e. [0FF0] 72 00 31 00 00 00 5C 00 5C 00 53 00 4C 00 41 00 r.1...\. \.S.L.A. [1000] 56 00 45 00 52 00 00 00 F0 02 00 00 00 00 00 00 V.E.R... ........ [2013/11/07 14:24:58.743027, 3, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) free_pipe_context: destroying talloc pool of size 1258 [2013/11/07 14:24:58.743150, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 4136 bytes. There is no more data outstanding [2013/11/07 14:24:58.743235, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:178(smbd_smb2_ioctl_pipe_read_done) smbd_smb2_ioctl_pipe_read_done: np_read_recv nread = 4136 is_data_outstanding = 0, status = NT_STATUS_OK [2013/11/07 14:24:58.743323, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl.c:291(smbd_smb2_request_ioctl_done) smbd_smb2_request_ioctl_done: smbd_smb2_ioctl_recv returned 4136 status NT_STATUS_OK [2013/11/07 14:24:58.743407, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[48] dyn[yes:4136] at ../source3/smbd/smb2_ioctl.c:358 [2013/11/07 14:24:58.743493, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/233/127 [2013/11/07 14:24:58.743767, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) smbd_smb2_request_incoming: idx[1] of 5 vectors [2013/11/07 14:24:58.743873, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) smb2_validate_sequence_number: clearing id 233 (position 233) from bitmap [2013/11/07 14:24:58.743958, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) smbd_smb2_request_dispatch: opcode[SMB2_OP_READ] mid = 233 [2013/11/07 14:24:58.744063, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2013/11/07 14:24:58.744157, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) mid 233, CreditCharge: 1, NeededCharge: 1 [2013/11/07 14:24:58.744240, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_read.c:400(smbd_smb2_read_send) smbd_smb2_read: spoolss - fnum 617391817 [2013/11/07 14:24:58.744330, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) name: \spoolss len: 1024 [2013/11/07 14:24:58.744448, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:326(read_from_internal_pipe) read_from_pipe: \spoolss: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. [2013/11/07 14:24:58.744535, 3, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) free_pipe_context: destroying talloc pool of size 25 smbd_smb2_request_pending_queue: req->current_idx = 1 req->in.vector[0].iov_len = 0 req->in.vector[1].iov_len = 0 req->in.vector[2].iov_len = 64 req->in.vector[3].iov_len = 48 req->in.vector[4].iov_len = 1 req->out.vector[0].iov_len = 4 req->out.vector[1].iov_len = 0 req->out.vector[2].iov_len = 64 req->out.vector[3].iov_len = 8 req->out.vector[4].iov_len = 0 [2013/11/07 14:24:58.745089, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 68 bytes. There is no more data outstanding [2013/11/07 14:24:58.745175, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[16] dyn[yes:68] at ../source3/smbd/smb2_read.c:154 [2013/11/07 14:24:58.745259, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/234/127 [2013/11/07 14:24:58.745434, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) smbd_smb2_request_incoming: idx[1] of 5 vectors [2013/11/07 14:24:58.745519, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) smb2_validate_sequence_number: clearing id 234 (position 234) from bitmap [2013/11/07 14:24:58.745601, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) smbd_smb2_request_dispatch: opcode[SMB2_OP_IOCTL] mid = 234 [2013/11/07 14:24:58.745695, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2013/11/07 14:24:58.745782, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) mid 234, CreditCharge: 1, NeededCharge: 1 [2013/11/07 14:24:58.745864, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl.c:394(smbd_smb2_ioctl_send) smbd_smb2_ioctl: ctl_code[0x0011c017] spoolss, fnum 3073839284 [2013/11/07 14:24:58.745951, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:59(smb2_ioctl_named_pipe) smbd_smb2_ioctl_send: np_write_send of size 44 [2013/11/07 14:24:58.746033, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 44 [2013/11/07 14:24:58.746115, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 44 [2013/11/07 14:24:58.746196, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 44 [2013/11/07 14:24:58.746277, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 [2013/11/07 14:24:58.746360, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 16 [2013/11/07 14:24:58.746441, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 28 [2013/11/07 14:24:58.746521, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 28 [2013/11/07 14:24:58.746605, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 0 [2013/11/07 14:24:58.746700, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 28 [2013/11/07 14:24:58.746780, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 28, incoming data = 28 [2013/11/07 14:24:58.746864, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) PDU is in Little Endian format! [2013/11/07 14:24:58.746953, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x002c (44) auth_length : 0x0000 (0) call_id : 0x00000003 (3) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x00000014 (20) context_id : 0x0000 (0) opnum : 0x001d (29) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=20 [0000] 00 00 00 00 95 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.748045, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) Processing packet type 0 [2013/11/07 14:24:58.748127, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1472(dcesrv_auth_request) Checking request auth. [2013/11/07 14:24:58.748211, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(2016, 5001) : sec_ctx_stack_ndx = 1 [2013/11/07 14:24:58.748302, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (2016, 5001) - sec_ctx_stack_ndx = 1 [2013/11/07 14:24:58.748413, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (7): SID[ 0]: S-1-5-21-1094127309-486540266-3527182606-1118 SID[ 1]: S-1-5-21-1094127309-486540266-3527182606-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-32-545 SID[ 6]: S-1-5-32-554 Privileges (0x 800000): Privilege[ 0]: SeChangeNotifyPrivilege Rights (0x 400): Right[ 0]: SeRemoteInteractiveLogonRight [2013/11/07 14:24:58.748899, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 2016 Primary group is 5001 and contains 6 supplementary groups Group[ 0]: 5001 Group[ 1]: 5012 Group[ 2]: 5032 Group[ 3]: 5010 Group[ 4]: 5067 Group[ 5]: 5052 [2013/11/07 14:24:58.749241, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1324(api_pipe_request) Requested \spoolss rpc service [2013/11/07 14:24:58.749384, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1356(api_rpcTNP) api_rpcTNP: \spoolss op 0x1d - api_rpcTNP: rpc command: SPOOLSS_CLOSEPRINTER [2013/11/07 14:24:58.749487, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1390(api_rpcTNP) api_rpc_cmds[29].fn == 0xb766a170 [2013/11/07 14:24:58.749572, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) spoolss_ClosePrinter: struct spoolss_ClosePrinter in: struct spoolss_ClosePrinter handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000195-0000-0000-7b52-aa947f2c0000 [2013/11/07 14:24:58.749854, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 95 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.750007, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 95 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.750157, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 95 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.750306, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:24:58.750388, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) spoolss_ClosePrinter: struct spoolss_ClosePrinter out: struct spoolss_ClosePrinter handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:24:58.750710, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1417(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2013/11/07 14:24:58.750803, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (2016, 5001) - sec_ctx_stack_ndx = 0 [2013/11/07 14:24:58.750887, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 28 smbd_smb2_request_pending_queue: req->current_idx = 1 req->in.vector[0].iov_len = 0 req->in.vector[1].iov_len = 0 req->in.vector[2].iov_len = 64 req->in.vector[3].iov_len = 56 req->in.vector[4].iov_len = 44 req->out.vector[0].iov_len = 4 req->out.vector[1].iov_len = 0 req->out.vector[2].iov_len = 64 req->out.vector[3].iov_len = 8 req->out.vector[4].iov_len = 0 [2013/11/07 14:24:58.751369, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:128(smbd_smb2_ioctl_pipe_write_done) smbd_smb2_ioctl_pipe_write_done: received 44 [2013/11/07 14:24:58.751451, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:149(smbd_smb2_ioctl_pipe_write_done) smbd_smb2_ioctl_pipe_write_done: issuing np_read_send of size 1024 [2013/11/07 14:24:58.751535, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) name: \spoolss len: 1024 [2013/11/07 14:24:58.751618, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:347(read_from_internal_pipe) read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 24. [2013/11/07 14:24:58.751725, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0030 (48) auth_length : 0x0000 (0) call_id : 0x00000003 (3) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00000018 (24) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=24 [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0010] 00 00 00 00 00 00 00 00 ........ [2013/11/07 14:24:58.752714, 3, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) free_pipe_context: destroying talloc pool of size 25 [2013/11/07 14:24:58.752815, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 48 bytes. There is no more data outstanding [2013/11/07 14:24:58.752896, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:178(smbd_smb2_ioctl_pipe_read_done) smbd_smb2_ioctl_pipe_read_done: np_read_recv nread = 48 is_data_outstanding = 0, status = NT_STATUS_OK [2013/11/07 14:24:58.752981, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl.c:291(smbd_smb2_request_ioctl_done) smbd_smb2_request_ioctl_done: smbd_smb2_ioctl_recv returned 48 status NT_STATUS_OK [2013/11/07 14:24:58.753064, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[48] dyn[yes:48] at ../source3/smbd/smb2_ioctl.c:358 [2013/11/07 14:24:58.753148, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/235/127 [2013/11/07 14:24:58.753384, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) smbd_smb2_request_incoming: idx[1] of 5 vectors [2013/11/07 14:24:58.753482, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) smb2_validate_sequence_number: clearing id 235 (position 235) from bitmap [2013/11/07 14:24:58.753565, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) smbd_smb2_request_dispatch: opcode[SMB2_OP_CREATE] mid = 235 [2013/11/07 14:24:58.753661, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2013/11/07 14:24:58.753752, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_create.c:451(smbd_smb2_create_send) smbd_smb2_create: name[spoolss] [2013/11/07 14:24:58.753846, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap.c:187(dbwrap_check_lock_order) check lock order 1 for /var/run/samba/smbXsrv_open_global.tdb [2013/11/07 14:24:58.753927, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) lock order: 1:/var/run/samba/smbXsrv_open_global.tdb 2: 3: [2013/11/07 14:24:58.754031, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) Locking key DCB666EF [2013/11/07 14:24:58.754124, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap_tdb.c:143(db_tdb_fetch_locked_internal) Allocated locked data 0x0xb839a8a0 [2013/11/07 14:24:58.754242, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smbXsrv_open.c:695(smbXsrv_open_global_store) [2013/11/07 14:24:58.754297, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smbXsrv_open.c:697(smbXsrv_open_global_store) smbXsrv_open_global_store: key 'DCB666EF' stored [2013/11/07 14:24:58.754380, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) &global_blob: struct smbXsrv_open_globalB version : SMBXSRV_VERSION_0 (0) seqnum : 0x00000001 (1) info : union smbXsrv_open_globalU(case 0) info0 : * info0: struct smbXsrv_open_global0 db_rec : * server_id: struct server_id pid : 0x0000000000002c7f (11391) task_id : 0x00000000 (0) vnn : 0xffffffff (4294967295) unique_id : 0xf0a57ba60aba1420 (-1106342180374834144) open_global_id : 0xdcb666ef (3702941423) open_persistent_id : 0x00000000dcb666ef (3702941423) open_volatile_id : 0x000000002bdf132c (736039724) open_owner : S-1-5-21-1094127309-486540266-3527182606-1118 open_time : Do Nov 7 14:24:59 2013 CET create_guid : 00000000-0000-0000-0000-000000000000 client_guid : 4a76dfb5-4795-11e3-be7a-5254003f141e app_instance_id : 00000000-0000-0000-0000-000000000000 disconnect_time : NTTIME(0) durable_timeout_msec : 0x00000000 (0) durable : 0x00 (0) backend_cookie : DATA_BLOB length=0 [2013/11/07 14:24:58.755382, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) Unlocking key DCB666EF [2013/11/07 14:24:58.755467, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor) release lock order 1 for /var/run/samba/smbXsrv_open_global.tdb [2013/11/07 14:24:58.755547, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) lock order: 1: 2: 3: [2013/11/07 14:24:58.755630, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smbXsrv_open.c:862(smbXsrv_open_create) [2013/11/07 14:24:58.755675, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smbXsrv_open.c:870(smbXsrv_open_create) smbXsrv_open_create: global_id (0xdcb666ef) stored [2013/11/07 14:24:58.755755, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) &open_blob: struct smbXsrv_openB version : SMBXSRV_VERSION_0 (0) reserved : 0x00000000 (0) info : union smbXsrv_openU(case 0) info0 : * info0: struct smbXsrv_open table : * db_rec : NULL local_id : 0x2bdf132c (736039724) global : * global: struct smbXsrv_open_global0 db_rec : NULL server_id: struct server_id pid : 0x0000000000002c7f (11391) task_id : 0x00000000 (0) vnn : 0xffffffff (4294967295) unique_id : 0xf0a57ba60aba1420 (-1106342180374834144) open_global_id : 0xdcb666ef (3702941423) open_persistent_id : 0x00000000dcb666ef (3702941423) open_volatile_id : 0x000000002bdf132c (736039724) open_owner : S-1-5-21-1094127309-486540266-3527182606-1118 open_time : Do Nov 7 14:24:59 2013 CET create_guid : 00000000-0000-0000-0000-000000000000 client_guid : 4a76dfb5-4795-11e3-be7a-5254003f141e app_instance_id : 00000000-0000-0000-0000-000000000000 disconnect_time : NTTIME(0) durable_timeout_msec : 0x00000000 (0) durable : 0x00 (0) backend_cookie : DATA_BLOB length=0 status : NT_STATUS_OK idle_time : Do Nov 7 14:24:59 2013 CET compat : NULL [2013/11/07 14:24:58.757136, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/files.c:125(file_new) allocated file structure fnum 736039724 (6 used) [2013/11/07 14:24:58.757228, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/files.c:713(file_name_hash) file_name_hash: /tmp/spoolss hash 0x7d4e46e5 [2013/11/07 14:24:58.757352, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) Create pipe requested \spoolss [2013/11/07 14:24:58.757443, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 22 for pipe \spoolss [2013/11/07 14:24:58.757593, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) Created internal pipe \spoolss [2013/11/07 14:24:58.757678, 8, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/dosmode.c:631(dos_mode) dos_mode: spoolss [2013/11/07 14:24:58.757779, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_create.c:1053(smbd_smb2_create_send) smbd_smb2_create_send: spoolss - fnum 736039724 [2013/11/07 14:24:58.757882, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[88] dyn[yes:0] at ../source3/smbd/smb2_create.c:369 [2013/11/07 14:24:58.757968, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/236/127 [2013/11/07 14:24:58.758144, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) smbd_smb2_request_incoming: idx[1] of 5 vectors [2013/11/07 14:24:58.758231, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) smb2_validate_sequence_number: clearing id 236 (position 236) from bitmap [2013/11/07 14:24:58.758314, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) smbd_smb2_request_dispatch: opcode[SMB2_OP_IOCTL] mid = 236 [2013/11/07 14:24:58.758409, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2013/11/07 14:24:58.758519, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) mid 236, CreditCharge: 1, NeededCharge: 1 [2013/11/07 14:24:58.758601, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl.c:394(smbd_smb2_ioctl_send) smbd_smb2_ioctl: ctl_code[0x0011c017] spoolss, fnum 3764318751 [2013/11/07 14:24:58.758688, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:59(smb2_ioctl_named_pipe) smbd_smb2_ioctl_send: np_write_send of size 4156 [2013/11/07 14:24:58.758769, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 4156 [2013/11/07 14:24:58.758851, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 4156 [2013/11/07 14:24:58.758931, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 4156 [2013/11/07 14:24:58.759012, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) fill_rpc_header: data_to_copy = 4156, len_needed_to_complete_hdr = 16, receive_len = 0 [2013/11/07 14:24:58.759094, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 16 [2013/11/07 14:24:58.759174, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 4140 [2013/11/07 14:24:58.759253, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 4140 [2013/11/07 14:24:58.759338, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 0 [2013/11/07 14:24:58.759418, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 4140 [2013/11/07 14:24:58.759497, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 4140, incoming data = 4140 [2013/11/07 14:24:58.759581, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) PDU is in Little Endian format! [2013/11/07 14:24:58.759670, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x103c (4156) auth_length : 0x0000 (0) call_id : 0x00000006 (6) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x00001024 (4132) context_id : 0x0000 (0) opnum : 0x0008 (8) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=4132 [0000] 00 00 00 00 7E 01 00 00 00 00 00 00 7B 52 AA 94 ....~... ....{R.. [0010] 7F 2C 00 00 02 00 00 00 00 00 02 00 00 10 00 00 .,...... ........ [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1020] 00 10 00 00 .... [2013/11/07 14:24:58.778311, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) Processing packet type 0 [2013/11/07 14:24:58.778398, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1472(dcesrv_auth_request) Checking request auth. [2013/11/07 14:24:58.778489, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(2016, 5001) : sec_ctx_stack_ndx = 1 [2013/11/07 14:24:58.778577, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (2016, 5001) - sec_ctx_stack_ndx = 1 [2013/11/07 14:24:58.778661, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (7): SID[ 0]: S-1-5-21-1094127309-486540266-3527182606-1118 SID[ 1]: S-1-5-21-1094127309-486540266-3527182606-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-32-545 SID[ 6]: S-1-5-32-554 Privileges (0x 800000): Privilege[ 0]: SeChangeNotifyPrivilege Rights (0x 400): Right[ 0]: SeRemoteInteractiveLogonRight [2013/11/07 14:24:58.779143, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 2016 Primary group is 5001 and contains 6 supplementary groups Group[ 0]: 5001 Group[ 1]: 5012 Group[ 2]: 5032 Group[ 3]: 5010 Group[ 4]: 5067 Group[ 5]: 5052 [2013/11/07 14:24:58.779487, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1324(api_pipe_request) Requested \spoolss rpc service [2013/11/07 14:24:58.779572, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1356(api_rpcTNP) api_rpcTNP: \spoolss op 0x8 - api_rpcTNP: rpc command: SPOOLSS_GETPRINTER [2013/11/07 14:24:58.779658, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1390(api_rpcTNP) api_rpc_cmds[8].fn == 0xb766e000 [2013/11/07 14:24:58.779746, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) spoolss_GetPrinter: struct spoolss_GetPrinter in: struct spoolss_GetPrinter handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000017e-0000-0000-7b52-aa947f2c0000 level : 0x00000002 (2) buffer : * buffer : DATA_BLOB length=4096 [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ offered : 0x00001000 (4096) [2013/11/07 14:24:58.797722, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[2] [0000] 00 00 00 00 7E 01 00 00 00 00 00 00 7B 52 AA 94 ....~... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.797877, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[2] [0000] 00 00 00 00 7E 01 00 00 00 00 00 00 7B 52 AA 94 ....~... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.798024, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:489(get_printer_snum) short name:sprinter1 [2013/11/07 14:24:58.798206, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) Create pipe requested \winreg [2013/11/07 14:24:58.798302, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:221(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \winreg [2013/11/07 14:24:58.798385, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg [2013/11/07 14:24:58.798562, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) Created internal pipe \winreg [2013/11/07 14:24:58.798691, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:24:58.799212, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2013/11/07 14:24:58.799297, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(2016, 5001) : sec_ctx_stack_ndx = 2 [2013/11/07 14:24:58.799386, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:485(push_conn_ctx) push_conn_ctx(2620291195) : conn_ctx_stack_ndx = 0 [2013/11/07 14:24:58.799468, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/11/07 14:24:58.799548, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/11/07 14:24:58.799628, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/11/07 14:24:58.799881, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (2016, 5001) - sec_ctx_stack_ndx = 1 [2013/11/07 14:24:58.799967, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:866(regdb_open) regdb_open: registry db opened. refcount reset (1) [2013/11/07 14:24:58.800054, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2013/11/07 14:24:58.800135, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2013/11/07 14:24:58.800219, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:58.800300, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM] [2013/11/07 14:24:58.800554, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2013/11/07 14:24:58.800666, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:24:58.800755, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 9E 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.800908, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000019e-0000-0000-7b52-aa947f2c0000 result : WERR_OK [2013/11/07 14:24:58.801304, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000019e-0000-0000-7b52-aa947f2c0000 keyname: struct winreg_String name_len : 0x008c (140) name_size : 0x008c (140) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:24:58.802304, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 9E 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.802459, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2013/11/07 14:24:58.802541, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (1->2) [2013/11/07 14:24:58.802626, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2013/11/07 14:24:58.802705, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2013/11/07 14:24:58.802790, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:58.802871, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE] [2013/11/07 14:24:58.802985, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2013/11/07 14:24:58.803087, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2013/11/07 14:24:58.803169, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (2->3) [2013/11/07 14:24:58.803268, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:58.803347, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:58.803431, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:58.803510, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:58.803618, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:58.803719, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2013/11/07 14:24:58.803801, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (3->4) [2013/11/07 14:24:58.803885, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:58.803965, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:58.804049, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:58.804127, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:58.804230, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:58.804330, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2013/11/07 14:24:58.804453, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (4->5) [2013/11/07 14:24:58.804540, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:58.804620, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:58.804706, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:58.804784, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:58.804910, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2013/11/07 14:24:58.804994, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (5->6) [2013/11/07 14:24:58.805100, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:58.805181, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:58.805269, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:58.805360, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:58.805468, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2013/11/07 14:24:58.805550, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (6->7) [2013/11/07 14:24:58.805635, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:58.805716, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:58.805806, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:58.805885, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:58.805990, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:58.806092, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [sprinter1] [2013/11/07 14:24:58.806174, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (7->8) [2013/11/07 14:24:58.806260, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:58.806340, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:58.806428, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:58.806506, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:58.806632, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:58.806750, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:24:58.806836, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (8->7) [2013/11/07 14:24:58.806919, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (7->6) [2013/11/07 14:24:58.807003, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (6->5) [2013/11/07 14:24:58.807085, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (5->4) [2013/11/07 14:24:58.807168, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (4->3) [2013/11/07 14:24:58.807252, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (3->2) [2013/11/07 14:24:58.807336, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 9F 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.807486, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000019f-0000-0000-7b52-aa947f2c0000 result : WERR_OK [2013/11/07 14:24:58.807836, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey in: struct winreg_QueryInfoKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000019f-0000-0000-7b52-aa947f2c0000 classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL [2013/11/07 14:24:58.808306, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 9F 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.808498, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' (ops 0xb6d86bc0) [2013/11/07 14:24:58.808582, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:58.808701, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[0]: name[Attributes] len[4] [2013/11/07 14:24:58.808800, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[1]: name[Description] len[2] [2013/11/07 14:24:58.808885, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[2]: name[Datatype] len[8] [2013/11/07 14:24:58.808968, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[3]: name[Default Priority] len[4] [2013/11/07 14:24:58.809052, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[4]: name[Port] len[38] [2013/11/07 14:24:58.809136, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[5]: name[Name] len[20] [2013/11/07 14:24:58.809220, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[6]: name[Print Processor] len[18] [2013/11/07 14:24:58.809331, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[7]: name[Priority] len[4] [2013/11/07 14:24:58.809417, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[8]: name[Security] len[248] [2013/11/07 14:24:58.809503, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[9]: name[Share Name] len[20] [2013/11/07 14:24:58.809588, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[10]: name[StartTime] len[4] [2013/11/07 14:24:58.809673, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[11]: name[UntilTime] len[4] [2013/11/07 14:24:58.809758, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[12]: name[ChangeID] len[4] [2013/11/07 14:24:58.809847, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:58.809954, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey out: struct winreg_QueryInfoKey classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL num_subkeys : * num_subkeys : 0x00000003 (3) max_subkeylen : * max_subkeylen : 0x00000022 (34) max_classlen : * max_classlen : 0x00000000 (0) num_values : * num_values : 0x0000000d (13) max_valnamelen : * max_valnamelen : 0x00000022 (34) max_valbufsize : * max_valbufsize : 0x000000f8 (248) secdescsize : * secdescsize : 0x00000078 (120) last_changed_time : * last_changed_time : NTTIME(0) result : WERR_OK [2013/11/07 14:24:58.810949, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000019f-0000-0000-7b52-aa947f2c0000 enum_index : 0x00000000 (0) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:58.811796, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 9F 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.811945, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:58.812032, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0016 (22) size : 0x0024 (36) name : * name : 'Attributes' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x48 (72) [1] : 0x10 (16) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:58.813088, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000019f-0000-0000-7b52-aa947f2c0000 enum_index : 0x00000001 (1) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:58.814017, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 9F 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.814166, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:58.814259, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0018 (24) size : 0x0024 (36) name : * name : 'Description' type : * type : REG_SZ (1) value : * value: ARRAY(2) [0] : 0x00 (0) [1] : 0x00 (0) size : * size : 0x00000002 (2) length : * length : 0x00000002 (2) result : WERR_OK [2013/11/07 14:24:58.815055, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000019f-0000-0000-7b52-aa947f2c0000 enum_index : 0x00000002 (2) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:58.815898, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 9F 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.816046, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:58.816132, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Datatype' type : * type : REG_SZ (1) value : * value: ARRAY(8) [0] : 0x52 (82) [1] : 0x00 (0) [2] : 0x41 (65) [3] : 0x00 (0) [4] : 0x57 (87) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) size : * size : 0x00000008 (8) length : * length : 0x00000008 (8) result : WERR_OK [2013/11/07 14:24:58.817273, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000019f-0000-0000-7b52-aa947f2c0000 enum_index : 0x00000003 (3) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:58.818130, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 9F 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.818278, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:58.818365, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0022 (34) size : 0x0024 (36) name : * name : 'Default Priority' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:58.819250, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000019f-0000-0000-7b52-aa947f2c0000 enum_index : 0x00000004 (4) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:58.820091, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 9F 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.820239, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:58.820326, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x000a (10) size : 0x0024 (36) name : * name : 'Port' type : * type : REG_SZ (1) value : * value: ARRAY(38) [0] : 0x53 (83) [1] : 0x00 (0) [2] : 0x61 (97) [3] : 0x00 (0) [4] : 0x6d (109) [5] : 0x00 (0) [6] : 0x62 (98) [7] : 0x00 (0) [8] : 0x61 (97) [9] : 0x00 (0) [10] : 0x20 (32) [11] : 0x00 (0) [12] : 0x50 (80) [13] : 0x00 (0) [14] : 0x72 (114) [15] : 0x00 (0) [16] : 0x69 (105) [17] : 0x00 (0) [18] : 0x6e (110) [19] : 0x00 (0) [20] : 0x74 (116) [21] : 0x00 (0) [22] : 0x65 (101) [23] : 0x00 (0) [24] : 0x72 (114) [25] : 0x00 (0) [26] : 0x20 (32) [27] : 0x00 (0) [28] : 0x50 (80) [29] : 0x00 (0) [30] : 0x6f (111) [31] : 0x00 (0) [32] : 0x72 (114) [33] : 0x00 (0) [34] : 0x74 (116) [35] : 0x00 (0) [36] : 0x00 (0) [37] : 0x00 (0) size : * size : 0x00000026 (38) length : * length : 0x00000026 (38) result : WERR_OK [2013/11/07 14:24:58.822660, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000019f-0000-0000-7b52-aa947f2c0000 enum_index : 0x00000005 (5) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:58.823508, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 9F 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.823657, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:58.823744, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x000a (10) size : 0x0024 (36) name : * name : 'Name' type : * type : REG_SZ (1) value : * value: ARRAY(20) [0] : 0x73 (115) [1] : 0x00 (0) [2] : 0x70 (112) [3] : 0x00 (0) [4] : 0x72 (114) [5] : 0x00 (0) [6] : 0x69 (105) [7] : 0x00 (0) [8] : 0x6e (110) [9] : 0x00 (0) [10] : 0x74 (116) [11] : 0x00 (0) [12] : 0x65 (101) [13] : 0x00 (0) [14] : 0x72 (114) [15] : 0x00 (0) [16] : 0x31 (49) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) size : * size : 0x00000014 (20) length : * length : 0x00000014 (20) result : WERR_OK [2013/11/07 14:24:58.825288, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000019f-0000-0000-7b52-aa947f2c0000 enum_index : 0x00000006 (6) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:58.826134, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 9F 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.826282, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:58.826369, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0020 (32) size : 0x0024 (36) name : * name : 'Print Processor' type : * type : REG_SZ (1) value : * value: ARRAY(18) [0] : 0x77 (119) [1] : 0x00 (0) [2] : 0x69 (105) [3] : 0x00 (0) [4] : 0x6e (110) [5] : 0x00 (0) [6] : 0x70 (112) [7] : 0x00 (0) [8] : 0x72 (114) [9] : 0x00 (0) [10] : 0x69 (105) [11] : 0x00 (0) [12] : 0x6e (110) [13] : 0x00 (0) [14] : 0x74 (116) [15] : 0x00 (0) [16] : 0x00 (0) [17] : 0x00 (0) size : * size : 0x00000012 (18) length : * length : 0x00000012 (18) result : WERR_OK [2013/11/07 14:24:58.827846, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000019f-0000-0000-7b52-aa947f2c0000 enum_index : 0x00000007 (7) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:58.828721, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 9F 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.828869, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:58.828956, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Priority' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:58.829838, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000019f-0000-0000-7b52-aa947f2c0000 enum_index : 0x00000008 (8) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:58.830704, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 9F 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.830852, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:58.830938, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Security' type : * type : REG_BINARY (3) value : * value: ARRAY(248) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0xc4 (196) [55] : 0x00 (0) [56] : 0x07 (7) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x24 (36) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x05 (5) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x15 (21) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0xcd (205) [101] : 0x0e (14) [102] : 0x37 (55) [103] : 0x41 (65) [104] : 0xea (234) [105] : 0x03 (3) [106] : 0x00 (0) [107] : 0x1d (29) [108] : 0x0e (14) [109] : 0x89 (137) [110] : 0x3c (60) [111] : 0xd2 (210) [112] : 0x00 (0) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x02 (2) [118] : 0x24 (36) [119] : 0x00 (0) [120] : 0x0c (12) [121] : 0x00 (0) [122] : 0x0f (15) [123] : 0x10 (16) [124] : 0x01 (1) [125] : 0x05 (5) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x05 (5) [132] : 0x15 (21) [133] : 0x00 (0) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0xcd (205) [137] : 0x0e (14) [138] : 0x37 (55) [139] : 0x41 (65) [140] : 0xea (234) [141] : 0x03 (3) [142] : 0x00 (0) [143] : 0x1d (29) [144] : 0x0e (14) [145] : 0x89 (137) [146] : 0x3c (60) [147] : 0xd2 (210) [148] : 0x00 (0) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x09 (9) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x20 (32) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x02 (2) [178] : 0x18 (24) [179] : 0x00 (0) [180] : 0x0c (12) [181] : 0x00 (0) [182] : 0x0f (15) [183] : 0x10 (16) [184] : 0x01 (1) [185] : 0x02 (2) [186] : 0x00 (0) [187] : 0x00 (0) [188] : 0x00 (0) [189] : 0x00 (0) [190] : 0x00 (0) [191] : 0x05 (5) [192] : 0x20 (32) [193] : 0x00 (0) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x20 (32) [197] : 0x02 (2) [198] : 0x00 (0) [199] : 0x00 (0) [200] : 0x00 (0) [201] : 0x09 (9) [202] : 0x18 (24) [203] : 0x00 (0) [204] : 0x0c (12) [205] : 0x00 (0) [206] : 0x0f (15) [207] : 0x10 (16) [208] : 0x01 (1) [209] : 0x02 (2) [210] : 0x00 (0) [211] : 0x00 (0) [212] : 0x00 (0) [213] : 0x00 (0) [214] : 0x00 (0) [215] : 0x05 (5) [216] : 0x20 (32) [217] : 0x00 (0) [218] : 0x00 (0) [219] : 0x00 (0) [220] : 0x26 (38) [221] : 0x02 (2) [222] : 0x00 (0) [223] : 0x00 (0) [224] : 0x00 (0) [225] : 0x02 (2) [226] : 0x18 (24) [227] : 0x00 (0) [228] : 0x0c (12) [229] : 0x00 (0) [230] : 0x0f (15) [231] : 0x10 (16) [232] : 0x01 (1) [233] : 0x02 (2) [234] : 0x00 (0) [235] : 0x00 (0) [236] : 0x00 (0) [237] : 0x00 (0) [238] : 0x00 (0) [239] : 0x05 (5) [240] : 0x20 (32) [241] : 0x00 (0) [242] : 0x00 (0) [243] : 0x00 (0) [244] : 0x26 (38) [245] : 0x02 (2) [246] : 0x00 (0) [247] : 0x00 (0) size : * size : 0x000000f8 (248) length : * length : 0x000000f8 (248) result : WERR_OK [2013/11/07 14:24:58.841491, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000019f-0000-0000-7b52-aa947f2c0000 enum_index : 0x00000009 (9) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:58.842341, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 9F 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.842493, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:58.842582, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0016 (22) size : 0x0024 (36) name : * name : 'Share Name' type : * type : REG_SZ (1) value : * value: ARRAY(20) [0] : 0x73 (115) [1] : 0x00 (0) [2] : 0x70 (112) [3] : 0x00 (0) [4] : 0x72 (114) [5] : 0x00 (0) [6] : 0x69 (105) [7] : 0x00 (0) [8] : 0x6e (110) [9] : 0x00 (0) [10] : 0x74 (116) [11] : 0x00 (0) [12] : 0x65 (101) [13] : 0x00 (0) [14] : 0x72 (114) [15] : 0x00 (0) [16] : 0x31 (49) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) size : * size : 0x00000014 (20) length : * length : 0x00000014 (20) result : WERR_OK [2013/11/07 14:24:58.844070, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000019f-0000-0000-7b52-aa947f2c0000 enum_index : 0x0000000a (10) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:58.844943, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 9F 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.845091, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:58.845177, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0014 (20) size : 0x0024 (36) name : * name : 'StartTime' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:58.846079, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000019f-0000-0000-7b52-aa947f2c0000 enum_index : 0x0000000b (11) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:58.847004, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 9F 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.847153, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:58.847246, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0014 (20) size : 0x0024 (36) name : * name : 'UntilTime' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:58.848122, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000019f-0000-0000-7b52-aa947f2c0000 enum_index : 0x0000000c (12) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:58.849036, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 9F 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.849199, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:58.849297, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'ChangeID' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x33 (51) [1] : 0xac (172) [2] : 0x0e (14) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:58.850213, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000019f-0000-0000-7b52-aa947f2c0000 value_name : * value_name: struct winreg_String name_len : 0x0020 (32) name_size : 0x0020 (32) name : * name : 'Default DevMode' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2013/11/07 14:24:58.850982, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 9F 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.851131, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:58.851213, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2013/11/07 14:24:58.851301, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:316(_winreg_QueryValue) _winreg_QueryValue: reg_queryvalue failed with: WERR_BADFILE [2013/11/07 14:24:58.851382, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) result : WERR_BADFILE [2013/11/07 14:24:58.851855, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:24:58.852357, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2013/11/07 14:24:58.852468, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (2->3) [2013/11/07 14:24:58.852554, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2013/11/07 14:24:58.852634, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2013/11/07 14:24:58.852718, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:58.852796, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM] [2013/11/07 14:24:58.852917, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2013/11/07 14:24:58.853021, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:24:58.853109, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[3] [0000] 00 00 00 00 A0 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.853262, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001a0-0000-0000-7b52-aa947f2c0000 result : WERR_OK [2013/11/07 14:24:58.853618, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001a0-0000-0000-7b52-aa947f2c0000 keyname: struct winreg_String name_len : 0x008c (140) name_size : 0x008c (140) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:24:58.854632, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 A0 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.854787, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2013/11/07 14:24:58.854868, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (3->4) [2013/11/07 14:24:58.854952, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2013/11/07 14:24:58.855031, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2013/11/07 14:24:58.855115, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:58.855193, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE] [2013/11/07 14:24:58.855303, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2013/11/07 14:24:58.855403, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2013/11/07 14:24:58.855485, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (4->5) [2013/11/07 14:24:58.855569, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:58.855648, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:58.855731, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:58.855811, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:58.855917, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:58.856018, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2013/11/07 14:24:58.856114, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (5->6) [2013/11/07 14:24:58.856198, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:58.856278, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:58.856362, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:58.856471, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:58.856576, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:58.856677, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2013/11/07 14:24:58.856758, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (6->7) [2013/11/07 14:24:58.856844, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:58.856924, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:58.857010, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:58.857089, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:58.857243, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2013/11/07 14:24:58.857362, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (7->8) [2013/11/07 14:24:58.857449, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:58.857529, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:58.857617, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:58.857696, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:58.857810, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2013/11/07 14:24:58.857906, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (8->9) [2013/11/07 14:24:58.857992, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:58.858072, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:58.858160, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:58.858239, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:58.858344, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:58.858447, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [sprinter1] [2013/11/07 14:24:58.858528, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (9->10) [2013/11/07 14:24:58.858614, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:58.858694, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:58.858781, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:58.858859, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:58.858972, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:58.859074, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:24:58.859158, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (10->9) [2013/11/07 14:24:58.859240, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (9->8) [2013/11/07 14:24:58.859324, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (8->7) [2013/11/07 14:24:58.859406, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (7->6) [2013/11/07 14:24:58.859488, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (6->5) [2013/11/07 14:24:58.859585, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (5->4) [2013/11/07 14:24:58.859669, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[4] [0000] 00 00 00 00 A1 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.859819, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001a1-0000-0000-7b52-aa947f2c0000 result : WERR_OK [2013/11/07 14:24:58.860169, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001a1-0000-0000-7b52-aa947f2c0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2013/11/07 14:24:58.860973, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 A1 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.861122, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:58.861203, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2013/11/07 14:24:58.861296, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' (ops 0xb6d86bc0) [2013/11/07 14:24:58.861380, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:58.861488, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[0]: name[Attributes] len[4] [2013/11/07 14:24:58.861572, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[1]: name[Description] len[2] [2013/11/07 14:24:58.861669, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[2]: name[Datatype] len[8] [2013/11/07 14:24:58.861754, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[3]: name[Default Priority] len[4] [2013/11/07 14:24:58.861838, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[4]: name[Port] len[38] [2013/11/07 14:24:58.861922, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[5]: name[Name] len[20] [2013/11/07 14:24:58.862006, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[6]: name[Print Processor] len[18] [2013/11/07 14:24:58.862090, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[7]: name[Priority] len[4] [2013/11/07 14:24:58.862176, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[8]: name[Security] len[248] [2013/11/07 14:24:58.862260, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[9]: name[Share Name] len[20] [2013/11/07 14:24:58.862345, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[10]: name[StartTime] len[4] [2013/11/07 14:24:58.862431, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[11]: name[UntilTime] len[4] [2013/11/07 14:24:58.862516, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[12]: name[ChangeID] len[4] [2013/11/07 14:24:58.862603, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : NULL data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x00000000 (0) result : WERR_OK [2013/11/07 14:24:58.863053, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001a1-0000-0000-7b52-aa947f2c0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_BINARY (3) data : * data: ARRAY(0) data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x00000000 (0) [2013/11/07 14:24:58.863879, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 A1 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.864030, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:58.864111, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2013/11/07 14:24:58.864199, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : * data: ARRAY(248) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0xc4 (196) [55] : 0x00 (0) [56] : 0x07 (7) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x24 (36) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x05 (5) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x15 (21) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0xcd (205) [101] : 0x0e (14) [102] : 0x37 (55) [103] : 0x41 (65) [104] : 0xea (234) [105] : 0x03 (3) [106] : 0x00 (0) [107] : 0x1d (29) [108] : 0x0e (14) [109] : 0x89 (137) [110] : 0x3c (60) [111] : 0xd2 (210) [112] : 0x00 (0) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x02 (2) [118] : 0x24 (36) [119] : 0x00 (0) [120] : 0x0c (12) [121] : 0x00 (0) [122] : 0x0f (15) [123] : 0x10 (16) [124] : 0x01 (1) [125] : 0x05 (5) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x05 (5) [132] : 0x15 (21) [133] : 0x00 (0) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0xcd (205) [137] : 0x0e (14) [138] : 0x37 (55) [139] : 0x41 (65) [140] : 0xea (234) [141] : 0x03 (3) [142] : 0x00 (0) [143] : 0x1d (29) [144] : 0x0e (14) [145] : 0x89 (137) [146] : 0x3c (60) [147] : 0xd2 (210) [148] : 0x00 (0) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x09 (9) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x20 (32) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x02 (2) [178] : 0x18 (24) [179] : 0x00 (0) [180] : 0x0c (12) [181] : 0x00 (0) [182] : 0x0f (15) [183] : 0x10 (16) [184] : 0x01 (1) [185] : 0x02 (2) [186] : 0x00 (0) [187] : 0x00 (0) [188] : 0x00 (0) [189] : 0x00 (0) [190] : 0x00 (0) [191] : 0x05 (5) [192] : 0x20 (32) [193] : 0x00 (0) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x20 (32) [197] : 0x02 (2) [198] : 0x00 (0) [199] : 0x00 (0) [200] : 0x00 (0) [201] : 0x09 (9) [202] : 0x18 (24) [203] : 0x00 (0) [204] : 0x0c (12) [205] : 0x00 (0) [206] : 0x0f (15) [207] : 0x10 (16) [208] : 0x01 (1) [209] : 0x02 (2) [210] : 0x00 (0) [211] : 0x00 (0) [212] : 0x00 (0) [213] : 0x00 (0) [214] : 0x00 (0) [215] : 0x05 (5) [216] : 0x20 (32) [217] : 0x00 (0) [218] : 0x00 (0) [219] : 0x00 (0) [220] : 0x26 (38) [221] : 0x02 (2) [222] : 0x00 (0) [223] : 0x00 (0) [224] : 0x00 (0) [225] : 0x02 (2) [226] : 0x18 (24) [227] : 0x00 (0) [228] : 0x0c (12) [229] : 0x00 (0) [230] : 0x0f (15) [231] : 0x10 (16) [232] : 0x01 (1) [233] : 0x02 (2) [234] : 0x00 (0) [235] : 0x00 (0) [236] : 0x00 (0) [237] : 0x00 (0) [238] : 0x00 (0) [239] : 0x05 (5) [240] : 0x20 (32) [241] : 0x00 (0) [242] : 0x00 (0) [243] : 0x00 (0) [244] : 0x26 (38) [245] : 0x02 (2) [246] : 0x00 (0) [247] : 0x00 (0) data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x000000f8 (248) result : WERR_OK [2013/11/07 14:24:58.874490, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001a1-0000-0000-7b52-aa947f2c0000 [2013/11/07 14:24:58.874786, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 A1 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.874935, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 A1 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.875081, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:24:58.875168, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (4->3) [2013/11/07 14:24:58.875250, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:24:58.875585, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001a0-0000-0000-7b52-aa947f2c0000 [2013/11/07 14:24:58.875865, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 A0 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.876015, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 A0 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.876164, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:24:58.876246, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (3->2) [2013/11/07 14:24:58.876328, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:24:58.876694, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000019f-0000-0000-7b52-aa947f2c0000 [2013/11/07 14:24:58.877064, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 9F 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.877215, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 9F 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.877377, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:24:58.877465, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (2->1) [2013/11/07 14:24:58.877548, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:24:58.877885, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000019e-0000-0000-7b52-aa947f2c0000 [2013/11/07 14:24:58.878163, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 9E 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.878314, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 9E 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.878465, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:24:58.878547, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (1->0) [2013/11/07 14:24:58.878651, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:24:58.878989, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:416(close_policy_by_pipe) Deleted handle list for RPC connection \winreg [2013/11/07 14:24:58.879200, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) spoolss_GetPrinter: struct spoolss_GetPrinter out: struct spoolss_GetPrinter info : * info : union spoolss_PrinterInfo(case 2) info2: struct spoolss_PrinterInfo2 servername : * servername : '\\SLAVER' printername : * printername : '\\SLAVER\sprinter1' sharename : * sharename : 'sprinter1' portname : * portname : 'Samba Printer Port' drivername : * drivername : '' comment : * comment : '' location : * location : '' devmode : * devmode: struct spoolss_DeviceMode devicename : '\\SLAVER\sprinter1' specversion : DMSPEC_NT4_AND_ABOVE (1025) driverversion : 0x0400 (1024) size : 0x00dc (220) __driverextra_length : 0x0000 (0) fields : 0x00014713 (83731) 1: DEVMODE_ORIENTATION 1: DEVMODE_PAPERSIZE 0: DEVMODE_PAPERLENGTH 0: DEVMODE_PAPERWIDTH 1: DEVMODE_SCALE 0: DEVMODE_POSITION 0: DEVMODE_NUP 1: DEVMODE_COPIES 1: DEVMODE_DEFAULTSOURCE 1: DEVMODE_PRINTQUALITY 0: DEVMODE_COLOR 0: DEVMODE_DUPLEX 0: DEVMODE_YRESOLUTION 1: DEVMODE_TTOPTION 0: DEVMODE_COLLATE 1: DEVMODE_FORMNAME 0: DEVMODE_LOGPIXELS 0: DEVMODE_BITSPERPEL 0: DEVMODE_PELSWIDTH 0: DEVMODE_PELSHEIGHT 0: DEVMODE_DISPLAYFLAGS 0: DEVMODE_DISPLAYFREQUENCY 0: DEVMODE_ICMMETHOD 0: DEVMODE_ICMINTENT 0: DEVMODE_MEDIATYPE 0: DEVMODE_DITHERTYPE 0: DEVMODE_PANNINGWIDTH 0: DEVMODE_PANNINGHEIGHT orientation : DMORIENT_PORTRAIT (1) papersize : DMPAPER_LETTER (1) paperlength : 0x0000 (0) paperwidth : 0x0000 (0) scale : 0x0064 (100) copies : 0x0001 (1) defaultsource : DMBIN_FORMSOURCE (15) printquality : DMRES_HIGH (65532) color : DMRES_MONOCHROME (1) duplex : DMDUP_SIMPLEX (1) yresolution : 0x0000 (0) ttoption : DMTT_SUBDEV (3) collate : DMCOLLATE_FALSE (0) formname : 'Letter' logpixels : 0x0000 (0) bitsperpel : 0x00000000 (0) pelswidth : 0x00000000 (0) pelsheight : 0x00000000 (0) displayflags : UNKNOWN_ENUM_VALUE (0) displayfrequency : 0x00000000 (0) icmmethod : UNKNOWN_ENUM_VALUE (0) icmintent : UNKNOWN_ENUM_VALUE (0) mediatype : UNKNOWN_ENUM_VALUE (0) dithertype : UNKNOWN_ENUM_VALUE (0) reserved1 : 0x00000000 (0) reserved2 : 0x00000000 (0) panningwidth : 0x00000000 (0) panningheight : 0x00000000 (0) driverextra_data : DATA_BLOB length=0 sepfile : * sepfile : '' printprocessor : * printprocessor : 'winprint' datatype : * datatype : 'RAW' parameters : * parameters : '' secdesc : * secdesc: struct security_descriptor revision : SECURITY_DESCRIPTOR_REVISION_1 (1) type : 0x8004 (32772) 0: SEC_DESC_OWNER_DEFAULTED 0: SEC_DESC_GROUP_DEFAULTED 1: SEC_DESC_DACL_PRESENT 0: SEC_DESC_DACL_DEFAULTED 0: SEC_DESC_SACL_PRESENT 0: SEC_DESC_SACL_DEFAULTED 0: SEC_DESC_DACL_TRUSTED 0: SEC_DESC_SERVER_SECURITY 0: SEC_DESC_DACL_AUTO_INHERIT_REQ 0: SEC_DESC_SACL_AUTO_INHERIT_REQ 0: SEC_DESC_DACL_AUTO_INHERITED 0: SEC_DESC_SACL_AUTO_INHERITED 0: SEC_DESC_DACL_PROTECTED 0: SEC_DESC_SACL_PROTECTED 0: SEC_DESC_RM_CONTROL_VALID 1: SEC_DESC_SELF_RELATIVE owner_sid : * owner_sid : S-1-5-32-544 group_sid : * group_sid : S-1-5-32-544 sacl : NULL dacl : * dacl: struct security_acl revision : SECURITY_ACL_REVISION_NT4 (2) size : 0x00c4 (196) num_aces : 0x00000007 (7) aces: ARRAY(7) aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0014 (20) access_mask : 0x20020008 (537001992) object : union security_ace_object_ctr(case 0) trustee : S-1-1-0 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x09 (9) 1: SEC_ACE_FLAG_OBJECT_INHERIT 0: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 1: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0024 (36) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-21-1094127309-486540266-3527182606-512 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0024 (36) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-21-1094127309-486540266-3527182606-512 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x09 (9) 1: SEC_ACE_FLAG_OBJECT_INHERIT 0: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 1: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-544 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-544 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x09 (9) 1: SEC_ACE_FLAG_OBJECT_INHERIT 0: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 1: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-550 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-550 attributes : 0x00001048 (4168) 0: PRINTER_ATTRIBUTE_QUEUED 0: PRINTER_ATTRIBUTE_DIRECT 0: PRINTER_ATTRIBUTE_DEFAULT 1: PRINTER_ATTRIBUTE_SHARED 0: PRINTER_ATTRIBUTE_NETWORK 0: PRINTER_ATTRIBUTE_HIDDEN 1: PRINTER_ATTRIBUTE_LOCAL 0: PRINTER_ATTRIBUTE_ENABLE_DEVQ 0: PRINTER_ATTRIBUTE_KEEPPRINTEDJOBS 0: PRINTER_ATTRIBUTE_DO_COMPLETE_FIRST 0: PRINTER_ATTRIBUTE_WORK_OFFLINE 0: PRINTER_ATTRIBUTE_ENABLE_BIDI 1: PRINTER_ATTRIBUTE_RAW_ONLY 0: PRINTER_ATTRIBUTE_PUBLISHED 0: PRINTER_ATTRIBUTE_FAX 0: PRINTER_ATTRIBUTE_TS priority : 0x00000001 (1) defaultpriority : 0x00000001 (1) starttime : 0x00000000 (0) untiltime : 0x00000000 (0) status : 0x00000000 (0) 0: PRINTER_STATUS_PAUSED 0: PRINTER_STATUS_ERROR 0: PRINTER_STATUS_PENDING_DELETION 0: PRINTER_STATUS_PAPER_JAM 0: PRINTER_STATUS_PAPER_OUT 0: PRINTER_STATUS_MANUAL_FEED 0: PRINTER_STATUS_PAPER_PROBLEM 0: PRINTER_STATUS_OFFLINE 0: PRINTER_STATUS_IO_ACTIVE 0: PRINTER_STATUS_BUSY 0: PRINTER_STATUS_PRINTING 0: PRINTER_STATUS_OUTPUT_BIN_FULL 0: PRINTER_STATUS_NOT_AVAILABLE 0: PRINTER_STATUS_WAITING 0: PRINTER_STATUS_PROCESSING 0: PRINTER_STATUS_INITIALIZING 0: PRINTER_STATUS_WARMING_UP 0: PRINTER_STATUS_TONER_LOW 0: PRINTER_STATUS_NO_TONER 0: PRINTER_STATUS_PAGE_PUNT 0: PRINTER_STATUS_USER_INTERVENTION 0: PRINTER_STATUS_OUT_OF_MEMORY 0: PRINTER_STATUS_DOOR_OPEN 0: PRINTER_STATUS_SERVER_UNKNOWN 0: PRINTER_STATUS_POWER_SAVE cjobs : 0x00000000 (0) averageppm : 0x00000000 (0) needed : * needed : 0x000002f0 (752) result : WERR_OK [2013/11/07 14:24:58.890592, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1417(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2013/11/07 14:24:58.890728, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (2016, 5001) - sec_ctx_stack_ndx = 0 [2013/11/07 14:24:58.890817, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 4140 smbd_smb2_request_pending_queue: req->current_idx = 1 req->in.vector[0].iov_len = 0 req->in.vector[1].iov_len = 0 req->in.vector[2].iov_len = 64 req->in.vector[3].iov_len = 56 req->in.vector[4].iov_len = 4156 req->out.vector[0].iov_len = 4 req->out.vector[1].iov_len = 0 req->out.vector[2].iov_len = 64 req->out.vector[3].iov_len = 8 req->out.vector[4].iov_len = 0 [2013/11/07 14:24:58.891321, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:128(smbd_smb2_ioctl_pipe_write_done) smbd_smb2_ioctl_pipe_write_done: received 4156 [2013/11/07 14:24:58.891406, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:149(smbd_smb2_ioctl_pipe_write_done) smbd_smb2_ioctl_pipe_write_done: issuing np_read_send of size 4136 [2013/11/07 14:24:58.891491, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) name: \spoolss len: 4136 [2013/11/07 14:24:58.891574, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:347(read_from_internal_pipe) read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 4112. [2013/11/07 14:24:58.891671, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x1028 (4136) auth_length : 0x0000 (0) call_id : 0x00000006 (6) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00001010 (4112) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=4112 [0000] 04 00 02 00 00 10 00 00 EE 0F 00 00 C8 0F 00 00 ........ ........ [0010] B4 0F 00 00 8E 0F 00 00 8C 0F 00 00 8A 0F 00 00 ........ ........ [0020] 88 0F 00 00 8C 0E 00 00 86 0F 00 00 74 0F 00 00 ........ ....t... [0030] 6C 0F 00 00 6A 0F 00 00 94 0D 00 00 48 10 00 00 l...j... ....H... [0040] 01 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 01 00 04 80 ........ ........ [0DA0] D8 00 00 00 E8 00 00 00 00 00 00 00 14 00 00 00 ........ ........ [0DB0] 02 00 C4 00 07 00 00 00 00 02 14 00 08 00 02 20 ........ ....... [0DC0] 01 01 00 00 00 00 00 01 00 00 00 00 00 09 24 00 ........ ......$. [0DD0] 0C 00 0F 10 01 05 00 00 00 00 00 05 15 00 00 00 ........ ........ [0DE0] CD 0E 37 41 EA 03 00 1D 0E 89 3C D2 00 02 00 00 ..7A.... ..<..... [0DF0] 00 02 24 00 0C 00 0F 10 01 05 00 00 00 00 00 05 ..$..... ........ [0E00] 15 00 00 00 CD 0E 37 41 EA 03 00 1D 0E 89 3C D2 ......7A ......<. [0E10] 00 02 00 00 00 09 18 00 0C 00 0F 10 01 02 00 00 ........ ........ [0E20] 00 00 00 05 20 00 00 00 20 02 00 00 00 02 18 00 .... ... ....... [0E30] 0C 00 0F 10 01 02 00 00 00 00 00 05 20 00 00 00 ........ .... ... [0E40] 20 02 00 00 00 09 18 00 0C 00 0F 10 01 02 00 00 ....... ........ [0E50] 00 00 00 05 20 00 00 00 26 02 00 00 00 02 18 00 .... ... &....... [0E60] 0C 00 0F 10 01 02 00 00 00 00 00 05 20 00 00 00 ........ .... ... [0E70] 26 02 00 00 01 02 00 00 00 00 00 05 20 00 00 00 &....... .... ... [0E80] 20 02 00 00 01 02 00 00 00 00 00 05 20 00 00 00 ....... .... ... [0E90] 20 02 00 00 5C 00 5C 00 53 00 4C 00 41 00 56 00 ...\.\. S.L.A.V. [0EA0] 45 00 52 00 5C 00 73 00 70 00 72 00 69 00 6E 00 E.R.\.s. p.r.i.n. [0EB0] 74 00 65 00 72 00 31 00 00 00 00 00 00 00 00 00 t.e.r.1. ........ [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0ED0] 00 00 00 00 01 04 00 04 DC 00 00 00 13 47 01 00 ........ .....G.. [0EE0] 01 00 01 00 00 00 00 00 64 00 01 00 0F 00 FC FF ........ d....... [0EF0] 01 00 01 00 00 00 03 00 00 00 4C 00 65 00 74 00 ........ ..L.e.t. [0F00] 74 00 65 00 72 00 00 00 00 00 00 00 00 00 00 00 t.e.r... ........ [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F70] 00 00 00 00 52 00 41 00 57 00 00 00 77 00 69 00 ....R.A. W...w.i. [0F80] 6E 00 70 00 72 00 69 00 6E 00 74 00 00 00 00 00 n.p.r.i. n.t..... [0F90] 00 00 00 00 00 00 53 00 61 00 6D 00 62 00 61 00 ......S. a.m.b.a. [0FA0] 20 00 50 00 72 00 69 00 6E 00 74 00 65 00 72 00 .P.r.i. n.t.e.r. [0FB0] 20 00 50 00 6F 00 72 00 74 00 00 00 73 00 70 00 .P.o.r. t...s.p. [0FC0] 72 00 69 00 6E 00 74 00 65 00 72 00 31 00 00 00 r.i.n.t. e.r.1... [0FD0] 5C 00 5C 00 53 00 4C 00 41 00 56 00 45 00 52 00 \.\.S.L. A.V.E.R. [0FE0] 5C 00 73 00 70 00 72 00 69 00 6E 00 74 00 65 00 \.s.p.r. i.n.t.e. [0FF0] 72 00 31 00 00 00 5C 00 5C 00 53 00 4C 00 41 00 r.1...\. \.S.L.A. [1000] 56 00 45 00 52 00 00 00 F0 02 00 00 00 00 00 00 V.E.R... ........ [2013/11/07 14:24:58.909926, 3, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) free_pipe_context: destroying talloc pool of size 1258 [2013/11/07 14:24:58.910041, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 4136 bytes. There is no more data outstanding [2013/11/07 14:24:58.910124, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:178(smbd_smb2_ioctl_pipe_read_done) smbd_smb2_ioctl_pipe_read_done: np_read_recv nread = 4136 is_data_outstanding = 0, status = NT_STATUS_OK [2013/11/07 14:24:58.910213, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl.c:291(smbd_smb2_request_ioctl_done) smbd_smb2_request_ioctl_done: smbd_smb2_ioctl_recv returned 4136 status NT_STATUS_OK [2013/11/07 14:24:58.910298, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[48] dyn[yes:4136] at ../source3/smbd/smb2_ioctl.c:358 [2013/11/07 14:24:58.910385, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/237/127 [2013/11/07 14:24:58.910652, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) smbd_smb2_request_incoming: idx[1] of 5 vectors [2013/11/07 14:24:58.910758, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) smb2_validate_sequence_number: clearing id 237 (position 237) from bitmap [2013/11/07 14:24:58.910844, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) smbd_smb2_request_dispatch: opcode[SMB2_OP_IOCTL] mid = 237 [2013/11/07 14:24:58.910949, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2013/11/07 14:24:58.911043, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) mid 237, CreditCharge: 1, NeededCharge: 1 [2013/11/07 14:24:58.911126, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl.c:394(smbd_smb2_ioctl_send) smbd_smb2_ioctl: ctl_code[0x0011c017] spoolss, fnum 617391817 [2013/11/07 14:24:58.911215, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:59(smb2_ioctl_named_pipe) smbd_smb2_ioctl_send: np_write_send of size 192 [2013/11/07 14:24:58.911296, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 192 [2013/11/07 14:24:58.911378, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 192 [2013/11/07 14:24:58.911459, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 192 [2013/11/07 14:24:58.911541, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) fill_rpc_header: data_to_copy = 192, len_needed_to_complete_hdr = 16, receive_len = 0 [2013/11/07 14:24:58.911623, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 16 [2013/11/07 14:24:58.911703, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 176 [2013/11/07 14:24:58.911783, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 176 [2013/11/07 14:24:58.911866, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 0 [2013/11/07 14:24:58.911945, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 176 [2013/11/07 14:24:58.912025, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 176, incoming data = 176 [2013/11/07 14:24:58.912109, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) PDU is in Little Endian format! [2013/11/07 14:24:58.912198, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x00c0 (192) auth_length : 0x0000 (0) call_id : 0x00000002 (2) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x000000a8 (168) context_id : 0x0000 (0) opnum : 0x0045 (69) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=168 [0000] 00 00 02 00 13 00 00 00 00 00 00 00 13 00 00 00 ........ ........ [0010] 5C 00 5C 00 53 00 4C 00 41 00 56 00 45 00 52 00 \.\.S.L. A.V.E.R. [0020] 5C 00 73 00 70 00 72 00 69 00 6E 00 74 00 65 00 \.s.p.r. i.n.t.e. [0030] 72 00 31 00 00 00 00 00 00 00 00 00 00 00 00 00 r.1..... ........ [0040] 00 00 00 00 00 00 00 00 01 00 00 00 01 00 00 00 ........ ........ [0050] 04 00 02 00 28 00 00 00 08 00 02 00 0C 00 02 00 ....(... ........ [0060] 80 25 00 00 03 00 00 00 00 00 00 00 09 00 00 00 .%...... ........ [0070] 05 00 00 00 00 00 00 00 05 00 00 00 57 00 49 00 ........ ....W.I. [0080] 4E 00 38 00 00 00 00 00 0A 00 00 00 00 00 00 00 N.8..... ........ [0090] 0A 00 00 00 46 00 46 00 46 00 5C 00 74 00 65 00 ....F.F. F.\.t.e. [00A0] 73 00 74 00 38 00 00 00 s.t.8... [2013/11/07 14:24:58.913948, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) Processing packet type 0 [2013/11/07 14:24:58.914031, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1472(dcesrv_auth_request) Checking request auth. [2013/11/07 14:24:58.914116, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(2016, 5001) : sec_ctx_stack_ndx = 1 [2013/11/07 14:24:58.914207, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (2016, 5001) - sec_ctx_stack_ndx = 1 [2013/11/07 14:24:58.914290, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (7): SID[ 0]: S-1-5-21-1094127309-486540266-3527182606-1118 SID[ 1]: S-1-5-21-1094127309-486540266-3527182606-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-32-545 SID[ 6]: S-1-5-32-554 Privileges (0x 800000): Privilege[ 0]: SeChangeNotifyPrivilege Rights (0x 400): Right[ 0]: SeRemoteInteractiveLogonRight [2013/11/07 14:24:58.914773, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 2016 Primary group is 5001 and contains 6 supplementary groups Group[ 0]: 5001 Group[ 1]: 5012 Group[ 2]: 5032 Group[ 3]: 5010 Group[ 4]: 5067 Group[ 5]: 5052 [2013/11/07 14:24:58.915115, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1324(api_pipe_request) Requested \spoolss rpc service [2013/11/07 14:24:58.915200, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1356(api_rpcTNP) api_rpcTNP: \spoolss op 0x45 - api_rpcTNP: rpc command: SPOOLSS_OPENPRINTEREX [2013/11/07 14:24:58.915287, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1390(api_rpcTNP) api_rpc_cmds[69].fn == 0xb7662e70 [2013/11/07 14:24:58.915382, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) spoolss_OpenPrinterEx: struct spoolss_OpenPrinterEx in: struct spoolss_OpenPrinterEx printername : * printername : '\\SLAVER\sprinter1' datatype : NULL devmode_ctr: struct spoolss_DevmodeContainer _ndr_size : 0x00000000 (0) devmode : NULL access_mask : 0x00000000 (0) 0: SERVER_ACCESS_ADMINISTER 0: SERVER_ACCESS_ENUMERATE 0: PRINTER_ACCESS_ADMINISTER 0: PRINTER_ACCESS_USE 0: JOB_ACCESS_ADMINISTER 0: JOB_ACCESS_READ userlevel_ctr: struct spoolss_UserLevelCtr level : 0x00000001 (1) user_info : union spoolss_UserLevel(case 1) level1 : * level1: struct spoolss_UserLevel1 size : 0x00000028 (40) client : * client : 'WIN8' user : * user : 'FFF\test8' build : 0x00002580 (9600) major : UNKNOWN_ENUM_VALUE (3) minor : SPOOLSS_MINOR_VERSION_0 (0) processor : PROCESSOR_ARCHITECTURE_AMD64 (9) checking name: \\SLAVER\sprinter1 [2013/11/07 14:24:58.916640, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:737(open_printer_hnd) open_printer_hnd: name [\\SLAVER\sprinter1] [2013/11/07 14:24:58.916730, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[4] [0000] 00 00 00 00 A2 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.916938, 3, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:506(set_printer_hnd_printertype) Setting printer type=\\SLAVER\sprinter1 Printer is a printer [2013/11/07 14:24:58.917059, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:566(set_printer_hnd_name) Setting printer name=\\SLAVER\sprinter1 (len=18) searching for [sprinter1] [2013/11/07 14:24:58.917212, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=tdb] ../source3/lib/gencache.c:275(gencache_set_data_blob) Did not store value for PRINTERNAME/sprinter1, we already got it set_printer_hnd_name: Printer found: sprinter1 -> sprinter1 [2013/11/07 14:24:58.917359, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:773(open_printer_hnd) 4 printer handles active [2013/11/07 14:24:58.917442, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 A2 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.917594, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 A2 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.917743, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:489(get_printer_snum) short name:sprinter1 [2013/11/07 14:24:58.917864, 3, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/access.c:338(allow_access) Allowed connection from 10.200.7.61 (10.200.7.61) [2013/11/07 14:24:58.918082, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/share_access.c:237(user_ok_token) user_ok_token: share sprinter1 is ok for unix user test8 [2013/11/07 14:24:58.918240, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) Create pipe requested \winreg [2013/11/07 14:24:58.918333, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:221(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \winreg [2013/11/07 14:24:58.918416, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg [2013/11/07 14:24:58.918547, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) Created internal pipe \winreg [2013/11/07 14:24:58.918652, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:24:58.919157, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2013/11/07 14:24:58.919241, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(2016, 5001) : sec_ctx_stack_ndx = 2 [2013/11/07 14:24:58.919329, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:485(push_conn_ctx) push_conn_ctx(2620291195) : conn_ctx_stack_ndx = 0 [2013/11/07 14:24:58.919410, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/11/07 14:24:58.919489, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/11/07 14:24:58.919568, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/11/07 14:24:58.919806, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (2016, 5001) - sec_ctx_stack_ndx = 1 [2013/11/07 14:24:58.919891, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:866(regdb_open) regdb_open: registry db opened. refcount reset (1) [2013/11/07 14:24:58.919976, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2013/11/07 14:24:58.920056, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2013/11/07 14:24:58.920140, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:58.920221, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM] [2013/11/07 14:24:58.920362, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2013/11/07 14:24:58.920515, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:24:58.920602, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 A3 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.920754, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001a3-0000-0000-7b52-aa947f2c0000 result : WERR_OK [2013/11/07 14:24:58.921107, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001a3-0000-0000-7b52-aa947f2c0000 keyname: struct winreg_String name_len : 0x008c (140) name_size : 0x008c (140) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:24:58.922123, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 A3 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.922373, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2013/11/07 14:24:58.922455, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (1->2) [2013/11/07 14:24:58.922539, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2013/11/07 14:24:58.922619, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2013/11/07 14:24:58.922703, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:58.922797, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE] [2013/11/07 14:24:58.922913, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2013/11/07 14:24:58.923014, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2013/11/07 14:24:58.923097, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (2->3) [2013/11/07 14:24:58.923180, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:58.923259, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:58.923343, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:58.923422, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:58.923528, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:58.923627, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2013/11/07 14:24:58.923710, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (3->4) [2013/11/07 14:24:58.923793, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:58.923872, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:58.923956, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:58.924035, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:58.924138, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:58.924238, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2013/11/07 14:24:58.924319, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (4->5) [2013/11/07 14:24:58.924441, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:58.924525, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:58.924624, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:58.924703, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:58.924828, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2013/11/07 14:24:58.924911, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (5->6) [2013/11/07 14:24:58.924996, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:58.925076, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:58.925163, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:58.925241, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:58.925360, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2013/11/07 14:24:58.925442, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (6->7) [2013/11/07 14:24:58.925527, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:58.925608, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:58.925697, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:58.925776, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:58.925881, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:58.925982, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [sprinter1] [2013/11/07 14:24:58.926064, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (7->8) [2013/11/07 14:24:58.926150, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:58.926230, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:58.926331, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:58.926409, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:58.926534, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:58.926638, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:24:58.926722, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (8->7) [2013/11/07 14:24:58.926806, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (7->6) [2013/11/07 14:24:58.926954, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (6->5) [2013/11/07 14:24:58.927038, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (5->4) [2013/11/07 14:24:58.927120, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (4->3) [2013/11/07 14:24:58.927202, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (3->2) [2013/11/07 14:24:58.927286, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 A4 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.927437, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001a4-0000-0000-7b52-aa947f2c0000 result : WERR_OK [2013/11/07 14:24:58.927792, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001a4-0000-0000-7b52-aa947f2c0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2013/11/07 14:24:58.928637, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 A4 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.928789, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:58.928871, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2013/11/07 14:24:58.928954, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' (ops 0xb6d86bc0) [2013/11/07 14:24:58.929037, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:58.929156, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[0]: name[Attributes] len[4] [2013/11/07 14:24:58.929240, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[1]: name[Description] len[2] [2013/11/07 14:24:58.929357, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[2]: name[Datatype] len[8] [2013/11/07 14:24:58.929441, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[3]: name[Default Priority] len[4] [2013/11/07 14:24:58.929524, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[4]: name[Port] len[38] [2013/11/07 14:24:58.929608, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[5]: name[Name] len[20] [2013/11/07 14:24:58.929692, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[6]: name[Print Processor] len[18] [2013/11/07 14:24:58.929776, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[7]: name[Priority] len[4] [2013/11/07 14:24:58.929860, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[8]: name[Security] len[248] [2013/11/07 14:24:58.929945, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[9]: name[Share Name] len[20] [2013/11/07 14:24:58.930029, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[10]: name[StartTime] len[4] [2013/11/07 14:24:58.930114, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[11]: name[UntilTime] len[4] [2013/11/07 14:24:58.930212, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[12]: name[ChangeID] len[4] [2013/11/07 14:24:58.930299, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : NULL data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x00000000 (0) result : WERR_OK [2013/11/07 14:24:58.930756, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001a4-0000-0000-7b52-aa947f2c0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_BINARY (3) data : * data: ARRAY(0) data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x00000000 (0) [2013/11/07 14:24:58.931560, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 A4 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.931708, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:58.931789, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2013/11/07 14:24:58.931876, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : * data: ARRAY(248) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0xc4 (196) [55] : 0x00 (0) [56] : 0x07 (7) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x24 (36) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x05 (5) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x15 (21) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0xcd (205) [101] : 0x0e (14) [102] : 0x37 (55) [103] : 0x41 (65) [104] : 0xea (234) [105] : 0x03 (3) [106] : 0x00 (0) [107] : 0x1d (29) [108] : 0x0e (14) [109] : 0x89 (137) [110] : 0x3c (60) [111] : 0xd2 (210) [112] : 0x00 (0) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x02 (2) [118] : 0x24 (36) [119] : 0x00 (0) [120] : 0x0c (12) [121] : 0x00 (0) [122] : 0x0f (15) [123] : 0x10 (16) [124] : 0x01 (1) [125] : 0x05 (5) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x05 (5) [132] : 0x15 (21) [133] : 0x00 (0) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0xcd (205) [137] : 0x0e (14) [138] : 0x37 (55) [139] : 0x41 (65) [140] : 0xea (234) [141] : 0x03 (3) [142] : 0x00 (0) [143] : 0x1d (29) [144] : 0x0e (14) [145] : 0x89 (137) [146] : 0x3c (60) [147] : 0xd2 (210) [148] : 0x00 (0) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x09 (9) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x20 (32) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x02 (2) [178] : 0x18 (24) [179] : 0x00 (0) [180] : 0x0c (12) [181] : 0x00 (0) [182] : 0x0f (15) [183] : 0x10 (16) [184] : 0x01 (1) [185] : 0x02 (2) [186] : 0x00 (0) [187] : 0x00 (0) [188] : 0x00 (0) [189] : 0x00 (0) [190] : 0x00 (0) [191] : 0x05 (5) [192] : 0x20 (32) [193] : 0x00 (0) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x20 (32) [197] : 0x02 (2) [198] : 0x00 (0) [199] : 0x00 (0) [200] : 0x00 (0) [201] : 0x09 (9) [202] : 0x18 (24) [203] : 0x00 (0) [204] : 0x0c (12) [205] : 0x00 (0) [206] : 0x0f (15) [207] : 0x10 (16) [208] : 0x01 (1) [209] : 0x02 (2) [210] : 0x00 (0) [211] : 0x00 (0) [212] : 0x00 (0) [213] : 0x00 (0) [214] : 0x00 (0) [215] : 0x05 (5) [216] : 0x20 (32) [217] : 0x00 (0) [218] : 0x00 (0) [219] : 0x00 (0) [220] : 0x26 (38) [221] : 0x02 (2) [222] : 0x00 (0) [223] : 0x00 (0) [224] : 0x00 (0) [225] : 0x02 (2) [226] : 0x18 (24) [227] : 0x00 (0) [228] : 0x0c (12) [229] : 0x00 (0) [230] : 0x0f (15) [231] : 0x10 (16) [232] : 0x01 (1) [233] : 0x02 (2) [234] : 0x00 (0) [235] : 0x00 (0) [236] : 0x00 (0) [237] : 0x00 (0) [238] : 0x00 (0) [239] : 0x05 (5) [240] : 0x20 (32) [241] : 0x00 (0) [242] : 0x00 (0) [243] : 0x00 (0) [244] : 0x26 (38) [245] : 0x02 (2) [246] : 0x00 (0) [247] : 0x00 (0) data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x000000f8 (248) result : WERR_OK [2013/11/07 14:24:58.942357, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001a4-0000-0000-7b52-aa947f2c0000 [2013/11/07 14:24:58.942644, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 A4 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.942793, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 A4 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.942939, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:24:58.943025, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (2->1) [2013/11/07 14:24:58.943108, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:24:58.943444, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001a3-0000-0000-7b52-aa947f2c0000 [2013/11/07 14:24:58.943734, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 A3 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.943882, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 A3 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.944027, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:24:58.944108, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (1->0) [2013/11/07 14:24:58.944208, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:24:58.944595, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:416(close_policy_by_pipe) Deleted handle list for RPC connection \winreg [2013/11/07 14:24:58.944685, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x20020008 to 0x00020008 [2013/11/07 14:24:58.944767, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2013/11/07 14:24:58.944846, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2013/11/07 14:24:58.944926, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2013/11/07 14:24:58.945005, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2013/11/07 14:24:58.945084, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2013/11/07 14:24:58.945163, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2013/11/07 14:24:58.945245, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/printing/nt_printing.c:1844(print_access_check) access check was SUCCESS [2013/11/07 14:24:58.945340, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:1921(_spoolss_OpenPrinterEx) Setting printer access = PRINTER_ACCESS_USE [2013/11/07 14:24:58.945488, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) Create pipe requested \winreg [2013/11/07 14:24:58.945579, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:221(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \winreg [2013/11/07 14:24:58.945662, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg [2013/11/07 14:24:58.945801, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) Created internal pipe \winreg [2013/11/07 14:24:58.945901, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:24:58.946400, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2013/11/07 14:24:58.946483, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(2016, 5001) : sec_ctx_stack_ndx = 2 [2013/11/07 14:24:58.946570, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:485(push_conn_ctx) push_conn_ctx(2620291195) : conn_ctx_stack_ndx = 0 [2013/11/07 14:24:58.946651, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/11/07 14:24:58.946731, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/11/07 14:24:58.946810, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/11/07 14:24:58.947033, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (2016, 5001) - sec_ctx_stack_ndx = 1 [2013/11/07 14:24:58.947117, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:866(regdb_open) regdb_open: registry db opened. refcount reset (1) [2013/11/07 14:24:58.947201, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2013/11/07 14:24:58.947280, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2013/11/07 14:24:58.947363, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:58.947443, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM] [2013/11/07 14:24:58.947565, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2013/11/07 14:24:58.947665, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:24:58.947751, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 A5 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.947901, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001a5-0000-0000-7b52-aa947f2c0000 result : WERR_OK [2013/11/07 14:24:58.948270, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001a5-0000-0000-7b52-aa947f2c0000 keyname: struct winreg_String name_len : 0x008c (140) name_size : 0x008c (140) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:24:58.949334, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 A5 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.949489, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2013/11/07 14:24:58.949571, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (1->2) [2013/11/07 14:24:58.949654, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2013/11/07 14:24:58.949733, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2013/11/07 14:24:58.949815, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:58.949894, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE] [2013/11/07 14:24:58.950005, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2013/11/07 14:24:58.950105, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2013/11/07 14:24:58.950188, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (2->3) [2013/11/07 14:24:58.950272, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:58.950363, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:58.950447, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:58.950525, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:58.950630, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:58.950729, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2013/11/07 14:24:58.950811, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (3->4) [2013/11/07 14:24:58.950895, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:58.950973, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:58.951056, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:58.951135, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:58.951237, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:58.951337, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2013/11/07 14:24:58.951418, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (4->5) [2013/11/07 14:24:58.951503, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:58.951582, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:58.951667, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:58.951745, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:58.951867, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2013/11/07 14:24:58.951948, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (5->6) [2013/11/07 14:24:58.952033, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:58.952127, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:58.952214, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:58.952293, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:58.952431, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2013/11/07 14:24:58.952516, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (6->7) [2013/11/07 14:24:58.952601, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:58.952681, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:58.952769, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:58.952847, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:58.952951, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:58.953053, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [sprinter1] [2013/11/07 14:24:58.953135, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (7->8) [2013/11/07 14:24:58.953220, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:58.953326, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:58.953415, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:58.953494, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:58.953624, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:58.953728, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:24:58.953826, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (8->7) [2013/11/07 14:24:58.953910, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (7->6) [2013/11/07 14:24:58.953993, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (6->5) [2013/11/07 14:24:58.954075, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (5->4) [2013/11/07 14:24:58.954158, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (4->3) [2013/11/07 14:24:58.954240, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (3->2) [2013/11/07 14:24:58.954324, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 A6 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.954473, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001a6-0000-0000-7b52-aa947f2c0000 result : WERR_OK [2013/11/07 14:24:58.954806, 2, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/rpc_client/cli_winreg_spoolss.c:626(winreg_create_printer) winreg_create_printer: Skipping, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1 already exists [2013/11/07 14:24:58.954903, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001a6-0000-0000-7b52-aa947f2c0000 [2013/11/07 14:24:58.955182, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 A6 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.955329, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 A6 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.955474, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:24:58.955556, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (2->1) [2013/11/07 14:24:58.955637, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:24:58.955984, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001a5-0000-0000-7b52-aa947f2c0000 [2013/11/07 14:24:58.956262, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 A5 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.956451, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 A5 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:58.956600, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:24:58.956681, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (1->0) [2013/11/07 14:24:58.956776, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:24:58.957107, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:416(close_policy_by_pipe) Deleted handle list for RPC connection \winreg [2013/11/07 14:24:58.957198, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) spoolss_OpenPrinterEx: struct spoolss_OpenPrinterEx out: struct spoolss_OpenPrinterEx handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001a2-0000-0000-7b52-aa947f2c0000 result : WERR_OK [2013/11/07 14:24:58.957535, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1417(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2013/11/07 14:24:58.957634, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (2016, 5001) - sec_ctx_stack_ndx = 0 [2013/11/07 14:24:58.957721, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 176 smbd_smb2_request_pending_queue: req->current_idx = 1 req->in.vector[0].iov_len = 0 req->in.vector[1].iov_len = 0 req->in.vector[2].iov_len = 64 req->in.vector[3].iov_len = 56 req->in.vector[4].iov_len = 192 req->out.vector[0].iov_len = 4 req->out.vector[1].iov_len = 0 req->out.vector[2].iov_len = 64 req->out.vector[3].iov_len = 8 req->out.vector[4].iov_len = 0 [2013/11/07 14:24:58.958211, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:128(smbd_smb2_ioctl_pipe_write_done) smbd_smb2_ioctl_pipe_write_done: received 192 [2013/11/07 14:24:58.958307, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:149(smbd_smb2_ioctl_pipe_write_done) smbd_smb2_ioctl_pipe_write_done: issuing np_read_send of size 1024 [2013/11/07 14:24:58.958392, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) name: \spoolss len: 1024 [2013/11/07 14:24:58.958475, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:347(read_from_internal_pipe) read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 24. [2013/11/07 14:24:58.958569, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0030 (48) auth_length : 0x0000 (0) call_id : 0x00000002 (2) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00000018 (24) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=24 [0000] 00 00 00 00 A2 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 00 00 00 00 .,...... [2013/11/07 14:24:58.959498, 3, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) free_pipe_context: destroying talloc pool of size 61 [2013/11/07 14:24:58.959588, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 48 bytes. There is no more data outstanding [2013/11/07 14:24:58.959669, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:178(smbd_smb2_ioctl_pipe_read_done) smbd_smb2_ioctl_pipe_read_done: np_read_recv nread = 48 is_data_outstanding = 0, status = NT_STATUS_OK [2013/11/07 14:24:58.959755, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl.c:291(smbd_smb2_request_ioctl_done) smbd_smb2_request_ioctl_done: smbd_smb2_ioctl_recv returned 48 status NT_STATUS_OK [2013/11/07 14:24:58.959837, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[48] dyn[yes:48] at ../source3/smbd/smb2_ioctl.c:358 [2013/11/07 14:24:58.959923, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/238/127 [2013/11/07 14:24:58.960149, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) smbd_smb2_request_incoming: idx[1] of 5 vectors [2013/11/07 14:24:58.960238, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) smb2_validate_sequence_number: clearing id 238 (position 238) from bitmap [2013/11/07 14:24:58.960323, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) smbd_smb2_request_dispatch: opcode[SMB2_OP_CLOSE] mid = 238 [2013/11/07 14:24:58.960468, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2013/11/07 14:24:58.960578, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_close.c:185(smbd_smb2_close) smbd_smb2_close: spoolss - fnum 3073839284 [2013/11/07 14:24:58.960671, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap.c:187(dbwrap_check_lock_order) check lock order 1 for /var/run/samba/smbXsrv_open_global.tdb [2013/11/07 14:24:58.960752, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) lock order: 1:/var/run/samba/smbXsrv_open_global.tdb 2: 3: [2013/11/07 14:24:58.960838, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) Locking key 4B307A49 [2013/11/07 14:24:58.960928, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap_tdb.c:143(db_tdb_fetch_locked_internal) Allocated locked data 0x0xb7afbca8 [2013/11/07 14:24:58.961021, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) Unlocking key 4B307A49 [2013/11/07 14:24:58.961103, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor) release lock order 1 for /var/run/samba/smbXsrv_open_global.tdb [2013/11/07 14:24:58.961182, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) lock order: 1: 2: 3: [2013/11/07 14:24:58.961295, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/files.c:525(file_free) freed files structure 3073839284 (5 used) [2013/11/07 14:24:58.961402, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[60] dyn[no:0] at ../source3/smbd/smb2_close.c:139 [2013/11/07 14:24:58.961487, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/239/127 [2013/11/07 14:24:58.961653, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) smbd_smb2_request_incoming: idx[1] of 5 vectors [2013/11/07 14:24:58.961738, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) smb2_validate_sequence_number: clearing id 239 (position 239) from bitmap [2013/11/07 14:24:58.961827, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) smbd_smb2_request_dispatch: opcode[SMB2_OP_IOCTL] mid = 239 [2013/11/07 14:24:58.961920, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2013/11/07 14:24:58.962006, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) mid 239, CreditCharge: 1, NeededCharge: 1 [2013/11/07 14:24:58.962087, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl.c:394(smbd_smb2_ioctl_send) smbd_smb2_ioctl: ctl_code[0x0011c017] spoolss, fnum 3764318751 [2013/11/07 14:24:58.962175, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:59(smb2_ioctl_named_pipe) smbd_smb2_ioctl_send: np_write_send of size 4156 [2013/11/07 14:24:58.962255, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 4156 [2013/11/07 14:24:58.962390, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 4156 [2013/11/07 14:24:58.962470, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 4156 [2013/11/07 14:24:58.962568, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) fill_rpc_header: data_to_copy = 4156, len_needed_to_complete_hdr = 16, receive_len = 0 [2013/11/07 14:24:58.962650, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 16 [2013/11/07 14:24:58.962729, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 4140 [2013/11/07 14:24:58.962808, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 4140 [2013/11/07 14:24:58.962894, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 0 [2013/11/07 14:24:58.962973, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 4140 [2013/11/07 14:24:58.963052, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 4140, incoming data = 4140 [2013/11/07 14:24:58.963137, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) PDU is in Little Endian format! [2013/11/07 14:24:58.963228, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x103c (4156) auth_length : 0x0000 (0) call_id : 0x00000007 (7) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x00001024 (4132) context_id : 0x0000 (0) opnum : 0x0008 (8) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=4132 [0000] 00 00 00 00 7E 01 00 00 00 00 00 00 7B 52 AA 94 ....~... ....{R.. [0010] 7F 2C 00 00 02 00 00 00 00 00 02 00 00 10 00 00 .,...... ........ [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1020] 00 10 00 00 .... [2013/11/07 14:24:58.981852, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) Processing packet type 0 [2013/11/07 14:24:58.981939, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1472(dcesrv_auth_request) Checking request auth. [2013/11/07 14:24:58.982032, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(2016, 5001) : sec_ctx_stack_ndx = 1 [2013/11/07 14:24:58.982121, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (2016, 5001) - sec_ctx_stack_ndx = 1 [2013/11/07 14:24:58.982204, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (7): SID[ 0]: S-1-5-21-1094127309-486540266-3527182606-1118 SID[ 1]: S-1-5-21-1094127309-486540266-3527182606-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-32-545 SID[ 6]: S-1-5-32-554 Privileges (0x 800000): Privilege[ 0]: SeChangeNotifyPrivilege Rights (0x 400): Right[ 0]: SeRemoteInteractiveLogonRight [2013/11/07 14:24:58.982701, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 2016 Primary group is 5001 and contains 6 supplementary groups Group[ 0]: 5001 Group[ 1]: 5012 Group[ 2]: 5032 Group[ 3]: 5010 Group[ 4]: 5067 Group[ 5]: 5052 [2013/11/07 14:24:58.983040, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1324(api_pipe_request) Requested \spoolss rpc service [2013/11/07 14:24:58.983126, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1356(api_rpcTNP) api_rpcTNP: \spoolss op 0x8 - api_rpcTNP: rpc command: SPOOLSS_GETPRINTER [2013/11/07 14:24:58.983211, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1390(api_rpcTNP) api_rpc_cmds[8].fn == 0xb766e000 [2013/11/07 14:24:58.983299, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) spoolss_GetPrinter: struct spoolss_GetPrinter in: struct spoolss_GetPrinter handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000017e-0000-0000-7b52-aa947f2c0000 level : 0x00000002 (2) buffer : * buffer : DATA_BLOB length=4096 [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ offered : 0x00001000 (4096) [2013/11/07 14:24:59.000317, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[3] [0000] 00 00 00 00 7E 01 00 00 00 00 00 00 7B 52 AA 94 ....~... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:59.000499, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[3] [0000] 00 00 00 00 7E 01 00 00 00 00 00 00 7B 52 AA 94 ....~... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:59.000647, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:489(get_printer_snum) short name:sprinter1 [2013/11/07 14:24:59.000813, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) Create pipe requested \winreg [2013/11/07 14:24:59.000907, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:221(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \winreg [2013/11/07 14:24:59.000990, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg [2013/11/07 14:24:59.001131, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) Created internal pipe \winreg [2013/11/07 14:24:59.001247, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:24:59.001779, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2013/11/07 14:24:59.001882, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(2016, 5001) : sec_ctx_stack_ndx = 2 [2013/11/07 14:24:59.001971, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:485(push_conn_ctx) push_conn_ctx(2620291195) : conn_ctx_stack_ndx = 0 [2013/11/07 14:24:59.002052, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/11/07 14:24:59.002132, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/11/07 14:24:59.002212, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/11/07 14:24:59.002462, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (2016, 5001) - sec_ctx_stack_ndx = 1 [2013/11/07 14:24:59.002546, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:866(regdb_open) regdb_open: registry db opened. refcount reset (1) [2013/11/07 14:24:59.002631, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2013/11/07 14:24:59.002712, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2013/11/07 14:24:59.002795, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:59.002875, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM] [2013/11/07 14:24:59.003002, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2013/11/07 14:24:59.003105, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:24:59.003192, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 A7 01 00 00 00 00 00 00 7B 52 AB 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:59.003348, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001a7-0000-0000-7b52-ab947f2c0000 result : WERR_OK [2013/11/07 14:24:59.003709, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001a7-0000-0000-7b52-ab947f2c0000 keyname: struct winreg_String name_len : 0x008c (140) name_size : 0x008c (140) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:24:59.004783, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 A7 01 00 00 00 00 00 00 7B 52 AB 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:59.004939, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2013/11/07 14:24:59.005022, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (1->2) [2013/11/07 14:24:59.005108, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2013/11/07 14:24:59.005188, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2013/11/07 14:24:59.005283, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:59.005363, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE] [2013/11/07 14:24:59.005477, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2013/11/07 14:24:59.005579, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2013/11/07 14:24:59.005661, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (2->3) [2013/11/07 14:24:59.005745, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:59.005825, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:59.005909, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:59.005987, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:59.006092, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:59.006193, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2013/11/07 14:24:59.006289, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (3->4) [2013/11/07 14:24:59.006375, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:59.006455, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:59.006539, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:59.006618, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:59.006721, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:59.006823, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2013/11/07 14:24:59.006904, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (4->5) [2013/11/07 14:24:59.006991, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:59.007071, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:59.007156, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:59.007235, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:59.007360, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2013/11/07 14:24:59.007443, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (5->6) [2013/11/07 14:24:59.007529, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:59.007609, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:59.007698, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:59.007776, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:59.007884, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2013/11/07 14:24:59.007967, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (6->7) [2013/11/07 14:24:59.008066, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:59.008147, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:59.008236, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:59.008315, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:59.008451, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:59.008557, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [sprinter1] [2013/11/07 14:24:59.008639, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (7->8) [2013/11/07 14:24:59.008726, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:59.008807, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:59.008894, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:59.008973, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:59.009099, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:59.009201, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:24:59.009297, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (8->7) [2013/11/07 14:24:59.009381, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (7->6) [2013/11/07 14:24:59.009465, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (6->5) [2013/11/07 14:24:59.009547, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (5->4) [2013/11/07 14:24:59.009631, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (4->3) [2013/11/07 14:24:59.009728, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (3->2) [2013/11/07 14:24:59.009813, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 A8 01 00 00 00 00 00 00 7B 52 AB 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:59.009962, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001a8-0000-0000-7b52-ab947f2c0000 result : WERR_OK [2013/11/07 14:24:59.010310, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey in: struct winreg_QueryInfoKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001a8-0000-0000-7b52-ab947f2c0000 classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL [2013/11/07 14:24:59.010780, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 A8 01 00 00 00 00 00 00 7B 52 AB 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:59.010936, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' (ops 0xb6d86bc0) [2013/11/07 14:24:59.011019, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:59.011139, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[0]: name[Attributes] len[4] [2013/11/07 14:24:59.011224, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[1]: name[Description] len[2] [2013/11/07 14:24:59.011307, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[2]: name[Datatype] len[8] [2013/11/07 14:24:59.011391, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[3]: name[Default Priority] len[4] [2013/11/07 14:24:59.011475, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[4]: name[Port] len[38] [2013/11/07 14:24:59.011560, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[5]: name[Name] len[20] [2013/11/07 14:24:59.011644, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[6]: name[Print Processor] len[18] [2013/11/07 14:24:59.011743, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[7]: name[Priority] len[4] [2013/11/07 14:24:59.011828, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[8]: name[Security] len[248] [2013/11/07 14:24:59.011912, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[9]: name[Share Name] len[20] [2013/11/07 14:24:59.011998, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[10]: name[StartTime] len[4] [2013/11/07 14:24:59.012083, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[11]: name[UntilTime] len[4] [2013/11/07 14:24:59.012168, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[12]: name[ChangeID] len[4] [2013/11/07 14:24:59.012254, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:59.012358, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey out: struct winreg_QueryInfoKey classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL num_subkeys : * num_subkeys : 0x00000003 (3) max_subkeylen : * max_subkeylen : 0x00000022 (34) max_classlen : * max_classlen : 0x00000000 (0) num_values : * num_values : 0x0000000d (13) max_valnamelen : * max_valnamelen : 0x00000022 (34) max_valbufsize : * max_valbufsize : 0x000000f8 (248) secdescsize : * secdescsize : 0x00000078 (120) last_changed_time : * last_changed_time : NTTIME(0) result : WERR_OK [2013/11/07 14:24:59.013398, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001a8-0000-0000-7b52-ab947f2c0000 enum_index : 0x00000000 (0) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:59.014259, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 A8 01 00 00 00 00 00 00 7B 52 AB 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:59.014411, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:59.014499, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0016 (22) size : 0x0024 (36) name : * name : 'Attributes' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x48 (72) [1] : 0x10 (16) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:59.015371, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001a8-0000-0000-7b52-ab947f2c0000 enum_index : 0x00000001 (1) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:59.016210, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 A8 01 00 00 00 00 00 00 7B 52 AB 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:59.016359, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:59.016498, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0018 (24) size : 0x0024 (36) name : * name : 'Description' type : * type : REG_SZ (1) value : * value: ARRAY(2) [0] : 0x00 (0) [1] : 0x00 (0) size : * size : 0x00000002 (2) length : * length : 0x00000002 (2) result : WERR_OK [2013/11/07 14:24:59.017373, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001a8-0000-0000-7b52-ab947f2c0000 enum_index : 0x00000002 (2) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:59.018328, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 A8 01 00 00 00 00 00 00 7B 52 AB 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:59.018482, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:59.018574, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Datatype' type : * type : REG_SZ (1) value : * value: ARRAY(8) [0] : 0x52 (82) [1] : 0x00 (0) [2] : 0x41 (65) [3] : 0x00 (0) [4] : 0x57 (87) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) size : * size : 0x00000008 (8) length : * length : 0x00000008 (8) result : WERR_OK [2013/11/07 14:24:59.019617, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001a8-0000-0000-7b52-ab947f2c0000 enum_index : 0x00000003 (3) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:59.020500, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 A8 01 00 00 00 00 00 00 7B 52 AB 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:59.020651, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:59.020738, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0022 (34) size : 0x0024 (36) name : * name : 'Default Priority' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:59.021614, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001a8-0000-0000-7b52-ab947f2c0000 enum_index : 0x00000004 (4) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:59.022470, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 A8 01 00 00 00 00 00 00 7B 52 AB 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:59.022619, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:59.022705, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x000a (10) size : 0x0024 (36) name : * name : 'Port' type : * type : REG_SZ (1) value : * value: ARRAY(38) [0] : 0x53 (83) [1] : 0x00 (0) [2] : 0x61 (97) [3] : 0x00 (0) [4] : 0x6d (109) [5] : 0x00 (0) [6] : 0x62 (98) [7] : 0x00 (0) [8] : 0x61 (97) [9] : 0x00 (0) [10] : 0x20 (32) [11] : 0x00 (0) [12] : 0x50 (80) [13] : 0x00 (0) [14] : 0x72 (114) [15] : 0x00 (0) [16] : 0x69 (105) [17] : 0x00 (0) [18] : 0x6e (110) [19] : 0x00 (0) [20] : 0x74 (116) [21] : 0x00 (0) [22] : 0x65 (101) [23] : 0x00 (0) [24] : 0x72 (114) [25] : 0x00 (0) [26] : 0x20 (32) [27] : 0x00 (0) [28] : 0x50 (80) [29] : 0x00 (0) [30] : 0x6f (111) [31] : 0x00 (0) [32] : 0x72 (114) [33] : 0x00 (0) [34] : 0x74 (116) [35] : 0x00 (0) [36] : 0x00 (0) [37] : 0x00 (0) size : * size : 0x00000026 (38) length : * length : 0x00000026 (38) result : WERR_OK [2013/11/07 14:24:59.024925, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001a8-0000-0000-7b52-ab947f2c0000 enum_index : 0x00000005 (5) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:59.025798, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 A8 01 00 00 00 00 00 00 7B 52 AB 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:59.025950, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:59.026041, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x000a (10) size : 0x0024 (36) name : * name : 'Name' type : * type : REG_SZ (1) value : * value: ARRAY(20) [0] : 0x73 (115) [1] : 0x00 (0) [2] : 0x70 (112) [3] : 0x00 (0) [4] : 0x72 (114) [5] : 0x00 (0) [6] : 0x69 (105) [7] : 0x00 (0) [8] : 0x6e (110) [9] : 0x00 (0) [10] : 0x74 (116) [11] : 0x00 (0) [12] : 0x65 (101) [13] : 0x00 (0) [14] : 0x72 (114) [15] : 0x00 (0) [16] : 0x31 (49) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) size : * size : 0x00000014 (20) length : * length : 0x00000014 (20) result : WERR_OK [2013/11/07 14:24:59.027595, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001a8-0000-0000-7b52-ab947f2c0000 enum_index : 0x00000006 (6) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:59.028480, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 A8 01 00 00 00 00 00 00 7B 52 AB 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:59.028628, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:59.028715, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0020 (32) size : 0x0024 (36) name : * name : 'Print Processor' type : * type : REG_SZ (1) value : * value: ARRAY(18) [0] : 0x77 (119) [1] : 0x00 (0) [2] : 0x69 (105) [3] : 0x00 (0) [4] : 0x6e (110) [5] : 0x00 (0) [6] : 0x70 (112) [7] : 0x00 (0) [8] : 0x72 (114) [9] : 0x00 (0) [10] : 0x69 (105) [11] : 0x00 (0) [12] : 0x6e (110) [13] : 0x00 (0) [14] : 0x74 (116) [15] : 0x00 (0) [16] : 0x00 (0) [17] : 0x00 (0) size : * size : 0x00000012 (18) length : * length : 0x00000012 (18) result : WERR_OK [2013/11/07 14:24:59.030122, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001a8-0000-0000-7b52-ab947f2c0000 enum_index : 0x00000007 (7) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:59.030981, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 A8 01 00 00 00 00 00 00 7B 52 AB 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:59.031129, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:59.031216, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Priority' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:59.032076, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001a8-0000-0000-7b52-ab947f2c0000 enum_index : 0x00000008 (8) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:59.032950, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 A8 01 00 00 00 00 00 00 7B 52 AB 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:59.033115, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:59.033201, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Security' type : * type : REG_BINARY (3) value : * value: ARRAY(248) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0xc4 (196) [55] : 0x00 (0) [56] : 0x07 (7) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x24 (36) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x05 (5) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x15 (21) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0xcd (205) [101] : 0x0e (14) [102] : 0x37 (55) [103] : 0x41 (65) [104] : 0xea (234) [105] : 0x03 (3) [106] : 0x00 (0) [107] : 0x1d (29) [108] : 0x0e (14) [109] : 0x89 (137) [110] : 0x3c (60) [111] : 0xd2 (210) [112] : 0x00 (0) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x02 (2) [118] : 0x24 (36) [119] : 0x00 (0) [120] : 0x0c (12) [121] : 0x00 (0) [122] : 0x0f (15) [123] : 0x10 (16) [124] : 0x01 (1) [125] : 0x05 (5) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x05 (5) [132] : 0x15 (21) [133] : 0x00 (0) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0xcd (205) [137] : 0x0e (14) [138] : 0x37 (55) [139] : 0x41 (65) [140] : 0xea (234) [141] : 0x03 (3) [142] : 0x00 (0) [143] : 0x1d (29) [144] : 0x0e (14) [145] : 0x89 (137) [146] : 0x3c (60) [147] : 0xd2 (210) [148] : 0x00 (0) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x09 (9) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x20 (32) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x02 (2) [178] : 0x18 (24) [179] : 0x00 (0) [180] : 0x0c (12) [181] : 0x00 (0) [182] : 0x0f (15) [183] : 0x10 (16) [184] : 0x01 (1) [185] : 0x02 (2) [186] : 0x00 (0) [187] : 0x00 (0) [188] : 0x00 (0) [189] : 0x00 (0) [190] : 0x00 (0) [191] : 0x05 (5) [192] : 0x20 (32) [193] : 0x00 (0) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x20 (32) [197] : 0x02 (2) [198] : 0x00 (0) [199] : 0x00 (0) [200] : 0x00 (0) [201] : 0x09 (9) [202] : 0x18 (24) [203] : 0x00 (0) [204] : 0x0c (12) [205] : 0x00 (0) [206] : 0x0f (15) [207] : 0x10 (16) [208] : 0x01 (1) [209] : 0x02 (2) [210] : 0x00 (0) [211] : 0x00 (0) [212] : 0x00 (0) [213] : 0x00 (0) [214] : 0x00 (0) [215] : 0x05 (5) [216] : 0x20 (32) [217] : 0x00 (0) [218] : 0x00 (0) [219] : 0x00 (0) [220] : 0x26 (38) [221] : 0x02 (2) [222] : 0x00 (0) [223] : 0x00 (0) [224] : 0x00 (0) [225] : 0x02 (2) [226] : 0x18 (24) [227] : 0x00 (0) [228] : 0x0c (12) [229] : 0x00 (0) [230] : 0x0f (15) [231] : 0x10 (16) [232] : 0x01 (1) [233] : 0x02 (2) [234] : 0x00 (0) [235] : 0x00 (0) [236] : 0x00 (0) [237] : 0x00 (0) [238] : 0x00 (0) [239] : 0x05 (5) [240] : 0x20 (32) [241] : 0x00 (0) [242] : 0x00 (0) [243] : 0x00 (0) [244] : 0x26 (38) [245] : 0x02 (2) [246] : 0x00 (0) [247] : 0x00 (0) size : * size : 0x000000f8 (248) length : * length : 0x000000f8 (248) result : WERR_OK [2013/11/07 14:24:59.043818, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001a8-0000-0000-7b52-ab947f2c0000 enum_index : 0x00000009 (9) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:59.044716, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 A8 01 00 00 00 00 00 00 7B 52 AB 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:59.044865, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:59.044954, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0016 (22) size : 0x0024 (36) name : * name : 'Share Name' type : * type : REG_SZ (1) value : * value: ARRAY(20) [0] : 0x73 (115) [1] : 0x00 (0) [2] : 0x70 (112) [3] : 0x00 (0) [4] : 0x72 (114) [5] : 0x00 (0) [6] : 0x69 (105) [7] : 0x00 (0) [8] : 0x6e (110) [9] : 0x00 (0) [10] : 0x74 (116) [11] : 0x00 (0) [12] : 0x65 (101) [13] : 0x00 (0) [14] : 0x72 (114) [15] : 0x00 (0) [16] : 0x31 (49) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) size : * size : 0x00000014 (20) length : * length : 0x00000014 (20) result : WERR_OK [2013/11/07 14:24:59.046454, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001a8-0000-0000-7b52-ab947f2c0000 enum_index : 0x0000000a (10) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:59.047310, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 A8 01 00 00 00 00 00 00 7B 52 AB 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:59.047458, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:59.047545, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0014 (20) size : 0x0024 (36) name : * name : 'StartTime' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:59.048434, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001a8-0000-0000-7b52-ab947f2c0000 enum_index : 0x0000000b (11) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:59.049301, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 A8 01 00 00 00 00 00 00 7B 52 AB 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:59.049463, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:59.049553, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0014 (20) size : 0x0024 (36) name : * name : 'UntilTime' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:59.050422, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001a8-0000-0000-7b52-ab947f2c0000 enum_index : 0x0000000c (12) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:59.051262, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 A8 01 00 00 00 00 00 00 7B 52 AB 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:59.051412, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:59.051498, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'ChangeID' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x33 (51) [1] : 0xac (172) [2] : 0x0e (14) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:59.052452, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001a8-0000-0000-7b52-ab947f2c0000 value_name : * value_name: struct winreg_String name_len : 0x0020 (32) name_size : 0x0020 (32) name : * name : 'Default DevMode' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2013/11/07 14:24:59.053225, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 A8 01 00 00 00 00 00 00 7B 52 AB 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:59.053385, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:59.053467, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2013/11/07 14:24:59.053554, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:316(_winreg_QueryValue) _winreg_QueryValue: reg_queryvalue failed with: WERR_BADFILE [2013/11/07 14:24:59.053635, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) result : WERR_BADFILE [2013/11/07 14:24:59.054092, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:24:59.054593, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2013/11/07 14:24:59.054690, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (2->3) [2013/11/07 14:24:59.054776, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2013/11/07 14:24:59.054856, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2013/11/07 14:24:59.054940, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:59.055019, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM] [2013/11/07 14:24:59.055139, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2013/11/07 14:24:59.055243, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:24:59.055330, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[3] [0000] 00 00 00 00 A9 01 00 00 00 00 00 00 7B 52 AB 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:59.055483, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001a9-0000-0000-7b52-ab947f2c0000 result : WERR_OK [2013/11/07 14:24:59.055825, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001a9-0000-0000-7b52-ab947f2c0000 keyname: struct winreg_String name_len : 0x008c (140) name_size : 0x008c (140) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:24:59.056856, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 A9 01 00 00 00 00 00 00 7B 52 AB 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:59.057025, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2013/11/07 14:24:59.057108, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (3->4) [2013/11/07 14:24:59.057191, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2013/11/07 14:24:59.057283, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2013/11/07 14:24:59.057368, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:59.057447, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE] [2013/11/07 14:24:59.057558, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2013/11/07 14:24:59.057657, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2013/11/07 14:24:59.057739, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (4->5) [2013/11/07 14:24:59.057823, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:59.057902, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:59.057986, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:59.058065, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:59.058169, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:59.058268, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2013/11/07 14:24:59.058351, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (5->6) [2013/11/07 14:24:59.058435, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:59.058515, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:59.058598, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:59.058677, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:59.058791, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:59.058892, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2013/11/07 14:24:59.058974, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (6->7) [2013/11/07 14:24:59.059058, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:59.059138, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:59.059223, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:59.059301, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:59.059424, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2013/11/07 14:24:59.059507, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (7->8) [2013/11/07 14:24:59.059592, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:59.059671, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:59.059759, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:59.059838, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:59.059945, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2013/11/07 14:24:59.060027, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (8->9) [2013/11/07 14:24:59.060112, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:59.060192, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:59.060281, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:59.060360, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:59.060492, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:59.060609, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [sprinter1] [2013/11/07 14:24:59.060691, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (9->10) [2013/11/07 14:24:59.060777, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:59.060858, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:59.060946, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:59.061024, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:59.061138, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:59.061241, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:24:59.061349, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (10->9) [2013/11/07 14:24:59.061433, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (9->8) [2013/11/07 14:24:59.061516, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (8->7) [2013/11/07 14:24:59.061599, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (7->6) [2013/11/07 14:24:59.061682, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (6->5) [2013/11/07 14:24:59.061764, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (5->4) [2013/11/07 14:24:59.061847, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[4] [0000] 00 00 00 00 AA 01 00 00 00 00 00 00 7B 52 AB 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:59.061996, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001aa-0000-0000-7b52-ab947f2c0000 result : WERR_OK [2013/11/07 14:24:59.062360, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001aa-0000-0000-7b52-ab947f2c0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2013/11/07 14:24:59.063133, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 AA 01 00 00 00 00 00 00 7B 52 AB 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:59.063282, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:59.063363, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2013/11/07 14:24:59.063445, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' (ops 0xb6d86bc0) [2013/11/07 14:24:59.063529, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:59.063636, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[0]: name[Attributes] len[4] [2013/11/07 14:24:59.063720, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[1]: name[Description] len[2] [2013/11/07 14:24:59.063804, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[2]: name[Datatype] len[8] [2013/11/07 14:24:59.063888, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[3]: name[Default Priority] len[4] [2013/11/07 14:24:59.063972, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[4]: name[Port] len[38] [2013/11/07 14:24:59.064056, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[5]: name[Name] len[20] [2013/11/07 14:24:59.064140, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[6]: name[Print Processor] len[18] [2013/11/07 14:24:59.064238, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[7]: name[Priority] len[4] [2013/11/07 14:24:59.064323, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[8]: name[Security] len[248] [2013/11/07 14:24:59.064435, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[9]: name[Share Name] len[20] [2013/11/07 14:24:59.064523, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[10]: name[StartTime] len[4] [2013/11/07 14:24:59.064608, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[11]: name[UntilTime] len[4] [2013/11/07 14:24:59.064693, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[12]: name[ChangeID] len[4] [2013/11/07 14:24:59.064779, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : NULL data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x00000000 (0) result : WERR_OK [2013/11/07 14:24:59.065232, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001aa-0000-0000-7b52-ab947f2c0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_BINARY (3) data : * data: ARRAY(0) data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x00000000 (0) [2013/11/07 14:24:59.066051, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 AA 01 00 00 00 00 00 00 7B 52 AB 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:59.066199, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:59.066281, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2013/11/07 14:24:59.066369, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : * data: ARRAY(248) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0xc4 (196) [55] : 0x00 (0) [56] : 0x07 (7) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x24 (36) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x05 (5) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x15 (21) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0xcd (205) [101] : 0x0e (14) [102] : 0x37 (55) [103] : 0x41 (65) [104] : 0xea (234) [105] : 0x03 (3) [106] : 0x00 (0) [107] : 0x1d (29) [108] : 0x0e (14) [109] : 0x89 (137) [110] : 0x3c (60) [111] : 0xd2 (210) [112] : 0x00 (0) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x02 (2) [118] : 0x24 (36) [119] : 0x00 (0) [120] : 0x0c (12) [121] : 0x00 (0) [122] : 0x0f (15) [123] : 0x10 (16) [124] : 0x01 (1) [125] : 0x05 (5) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x05 (5) [132] : 0x15 (21) [133] : 0x00 (0) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0xcd (205) [137] : 0x0e (14) [138] : 0x37 (55) [139] : 0x41 (65) [140] : 0xea (234) [141] : 0x03 (3) [142] : 0x00 (0) [143] : 0x1d (29) [144] : 0x0e (14) [145] : 0x89 (137) [146] : 0x3c (60) [147] : 0xd2 (210) [148] : 0x00 (0) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x09 (9) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x20 (32) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x02 (2) [178] : 0x18 (24) [179] : 0x00 (0) [180] : 0x0c (12) [181] : 0x00 (0) [182] : 0x0f (15) [183] : 0x10 (16) [184] : 0x01 (1) [185] : 0x02 (2) [186] : 0x00 (0) [187] : 0x00 (0) [188] : 0x00 (0) [189] : 0x00 (0) [190] : 0x00 (0) [191] : 0x05 (5) [192] : 0x20 (32) [193] : 0x00 (0) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x20 (32) [197] : 0x02 (2) [198] : 0x00 (0) [199] : 0x00 (0) [200] : 0x00 (0) [201] : 0x09 (9) [202] : 0x18 (24) [203] : 0x00 (0) [204] : 0x0c (12) [205] : 0x00 (0) [206] : 0x0f (15) [207] : 0x10 (16) [208] : 0x01 (1) [209] : 0x02 (2) [210] : 0x00 (0) [211] : 0x00 (0) [212] : 0x00 (0) [213] : 0x00 (0) [214] : 0x00 (0) [215] : 0x05 (5) [216] : 0x20 (32) [217] : 0x00 (0) [218] : 0x00 (0) [219] : 0x00 (0) [220] : 0x26 (38) [221] : 0x02 (2) [222] : 0x00 (0) [223] : 0x00 (0) [224] : 0x00 (0) [225] : 0x02 (2) [226] : 0x18 (24) [227] : 0x00 (0) [228] : 0x0c (12) [229] : 0x00 (0) [230] : 0x0f (15) [231] : 0x10 (16) [232] : 0x01 (1) [233] : 0x02 (2) [234] : 0x00 (0) [235] : 0x00 (0) [236] : 0x00 (0) [237] : 0x00 (0) [238] : 0x00 (0) [239] : 0x05 (5) [240] : 0x20 (32) [241] : 0x00 (0) [242] : 0x00 (0) [243] : 0x00 (0) [244] : 0x26 (38) [245] : 0x02 (2) [246] : 0x00 (0) [247] : 0x00 (0) data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x000000f8 (248) result : WERR_OK [2013/11/07 14:24:59.076639, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001aa-0000-0000-7b52-ab947f2c0000 [2013/11/07 14:24:59.076920, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 AA 01 00 00 00 00 00 00 7B 52 AB 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:59.077069, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 AA 01 00 00 00 00 00 00 7B 52 AB 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:59.077303, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:24:59.077391, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (4->3) [2013/11/07 14:24:59.077488, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:24:59.077825, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001a9-0000-0000-7b52-ab947f2c0000 [2013/11/07 14:24:59.078106, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 A9 01 00 00 00 00 00 00 7B 52 AB 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:59.078254, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 A9 01 00 00 00 00 00 00 7B 52 AB 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:59.078400, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:24:59.078483, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (3->2) [2013/11/07 14:24:59.078565, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:24:59.078901, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001a8-0000-0000-7b52-ab947f2c0000 [2013/11/07 14:24:59.079179, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 A8 01 00 00 00 00 00 00 7B 52 AB 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:59.079326, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 A8 01 00 00 00 00 00 00 7B 52 AB 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:59.079472, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:24:59.079560, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (2->1) [2013/11/07 14:24:59.079643, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:24:59.079990, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001a7-0000-0000-7b52-ab947f2c0000 [2013/11/07 14:24:59.080269, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 A7 01 00 00 00 00 00 00 7B 52 AB 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:59.080448, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 A7 01 00 00 00 00 00 00 7B 52 AB 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:59.080598, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:24:59.080680, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (1->0) [2013/11/07 14:24:59.080785, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:24:59.081124, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:416(close_policy_by_pipe) Deleted handle list for RPC connection \winreg [2013/11/07 14:24:59.081344, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) spoolss_GetPrinter: struct spoolss_GetPrinter out: struct spoolss_GetPrinter info : * info : union spoolss_PrinterInfo(case 2) info2: struct spoolss_PrinterInfo2 servername : * servername : '\\SLAVER' printername : * printername : '\\SLAVER\sprinter1' sharename : * sharename : 'sprinter1' portname : * portname : 'Samba Printer Port' drivername : * drivername : '' comment : * comment : '' location : * location : '' devmode : * devmode: struct spoolss_DeviceMode devicename : '\\SLAVER\sprinter1' specversion : DMSPEC_NT4_AND_ABOVE (1025) driverversion : 0x0400 (1024) size : 0x00dc (220) __driverextra_length : 0x0000 (0) fields : 0x00014713 (83731) 1: DEVMODE_ORIENTATION 1: DEVMODE_PAPERSIZE 0: DEVMODE_PAPERLENGTH 0: DEVMODE_PAPERWIDTH 1: DEVMODE_SCALE 0: DEVMODE_POSITION 0: DEVMODE_NUP 1: DEVMODE_COPIES 1: DEVMODE_DEFAULTSOURCE 1: DEVMODE_PRINTQUALITY 0: DEVMODE_COLOR 0: DEVMODE_DUPLEX 0: DEVMODE_YRESOLUTION 1: DEVMODE_TTOPTION 0: DEVMODE_COLLATE 1: DEVMODE_FORMNAME 0: DEVMODE_LOGPIXELS 0: DEVMODE_BITSPERPEL 0: DEVMODE_PELSWIDTH 0: DEVMODE_PELSHEIGHT 0: DEVMODE_DISPLAYFLAGS 0: DEVMODE_DISPLAYFREQUENCY 0: DEVMODE_ICMMETHOD 0: DEVMODE_ICMINTENT 0: DEVMODE_MEDIATYPE 0: DEVMODE_DITHERTYPE 0: DEVMODE_PANNINGWIDTH 0: DEVMODE_PANNINGHEIGHT orientation : DMORIENT_PORTRAIT (1) papersize : DMPAPER_LETTER (1) paperlength : 0x0000 (0) paperwidth : 0x0000 (0) scale : 0x0064 (100) copies : 0x0001 (1) defaultsource : DMBIN_FORMSOURCE (15) printquality : DMRES_HIGH (65532) color : DMRES_MONOCHROME (1) duplex : DMDUP_SIMPLEX (1) yresolution : 0x0000 (0) ttoption : DMTT_SUBDEV (3) collate : DMCOLLATE_FALSE (0) formname : 'Letter' logpixels : 0x0000 (0) bitsperpel : 0x00000000 (0) pelswidth : 0x00000000 (0) pelsheight : 0x00000000 (0) displayflags : UNKNOWN_ENUM_VALUE (0) displayfrequency : 0x00000000 (0) icmmethod : UNKNOWN_ENUM_VALUE (0) icmintent : UNKNOWN_ENUM_VALUE (0) mediatype : UNKNOWN_ENUM_VALUE (0) dithertype : UNKNOWN_ENUM_VALUE (0) reserved1 : 0x00000000 (0) reserved2 : 0x00000000 (0) panningwidth : 0x00000000 (0) panningheight : 0x00000000 (0) driverextra_data : DATA_BLOB length=0 sepfile : * sepfile : '' printprocessor : * printprocessor : 'winprint' datatype : * datatype : 'RAW' parameters : * parameters : '' secdesc : * secdesc: struct security_descriptor revision : SECURITY_DESCRIPTOR_REVISION_1 (1) type : 0x8004 (32772) 0: SEC_DESC_OWNER_DEFAULTED 0: SEC_DESC_GROUP_DEFAULTED 1: SEC_DESC_DACL_PRESENT 0: SEC_DESC_DACL_DEFAULTED 0: SEC_DESC_SACL_PRESENT 0: SEC_DESC_SACL_DEFAULTED 0: SEC_DESC_DACL_TRUSTED 0: SEC_DESC_SERVER_SECURITY 0: SEC_DESC_DACL_AUTO_INHERIT_REQ 0: SEC_DESC_SACL_AUTO_INHERIT_REQ 0: SEC_DESC_DACL_AUTO_INHERITED 0: SEC_DESC_SACL_AUTO_INHERITED 0: SEC_DESC_DACL_PROTECTED 0: SEC_DESC_SACL_PROTECTED 0: SEC_DESC_RM_CONTROL_VALID 1: SEC_DESC_SELF_RELATIVE owner_sid : * owner_sid : S-1-5-32-544 group_sid : * group_sid : S-1-5-32-544 sacl : NULL dacl : * dacl: struct security_acl revision : SECURITY_ACL_REVISION_NT4 (2) size : 0x00c4 (196) num_aces : 0x00000007 (7) aces: ARRAY(7) aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0014 (20) access_mask : 0x20020008 (537001992) object : union security_ace_object_ctr(case 0) trustee : S-1-1-0 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x09 (9) 1: SEC_ACE_FLAG_OBJECT_INHERIT 0: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 1: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0024 (36) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-21-1094127309-486540266-3527182606-512 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0024 (36) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-21-1094127309-486540266-3527182606-512 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x09 (9) 1: SEC_ACE_FLAG_OBJECT_INHERIT 0: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 1: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-544 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-544 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x09 (9) 1: SEC_ACE_FLAG_OBJECT_INHERIT 0: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 1: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-550 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-550 attributes : 0x00001048 (4168) 0: PRINTER_ATTRIBUTE_QUEUED 0: PRINTER_ATTRIBUTE_DIRECT 0: PRINTER_ATTRIBUTE_DEFAULT 1: PRINTER_ATTRIBUTE_SHARED 0: PRINTER_ATTRIBUTE_NETWORK 0: PRINTER_ATTRIBUTE_HIDDEN 1: PRINTER_ATTRIBUTE_LOCAL 0: PRINTER_ATTRIBUTE_ENABLE_DEVQ 0: PRINTER_ATTRIBUTE_KEEPPRINTEDJOBS 0: PRINTER_ATTRIBUTE_DO_COMPLETE_FIRST 0: PRINTER_ATTRIBUTE_WORK_OFFLINE 0: PRINTER_ATTRIBUTE_ENABLE_BIDI 1: PRINTER_ATTRIBUTE_RAW_ONLY 0: PRINTER_ATTRIBUTE_PUBLISHED 0: PRINTER_ATTRIBUTE_FAX 0: PRINTER_ATTRIBUTE_TS priority : 0x00000001 (1) defaultpriority : 0x00000001 (1) starttime : 0x00000000 (0) untiltime : 0x00000000 (0) status : 0x00000000 (0) 0: PRINTER_STATUS_PAUSED 0: PRINTER_STATUS_ERROR 0: PRINTER_STATUS_PENDING_DELETION 0: PRINTER_STATUS_PAPER_JAM 0: PRINTER_STATUS_PAPER_OUT 0: PRINTER_STATUS_MANUAL_FEED 0: PRINTER_STATUS_PAPER_PROBLEM 0: PRINTER_STATUS_OFFLINE 0: PRINTER_STATUS_IO_ACTIVE 0: PRINTER_STATUS_BUSY 0: PRINTER_STATUS_PRINTING 0: PRINTER_STATUS_OUTPUT_BIN_FULL 0: PRINTER_STATUS_NOT_AVAILABLE 0: PRINTER_STATUS_WAITING 0: PRINTER_STATUS_PROCESSING 0: PRINTER_STATUS_INITIALIZING 0: PRINTER_STATUS_WARMING_UP 0: PRINTER_STATUS_TONER_LOW 0: PRINTER_STATUS_NO_TONER 0: PRINTER_STATUS_PAGE_PUNT 0: PRINTER_STATUS_USER_INTERVENTION 0: PRINTER_STATUS_OUT_OF_MEMORY 0: PRINTER_STATUS_DOOR_OPEN 0: PRINTER_STATUS_SERVER_UNKNOWN 0: PRINTER_STATUS_POWER_SAVE cjobs : 0x00000000 (0) averageppm : 0x00000000 (0) needed : * needed : 0x000002f0 (752) result : WERR_OK [2013/11/07 14:24:59.092793, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1417(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2013/11/07 14:24:59.092919, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (2016, 5001) - sec_ctx_stack_ndx = 0 [2013/11/07 14:24:59.093007, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 4140 smbd_smb2_request_pending_queue: req->current_idx = 1 req->in.vector[0].iov_len = 0 req->in.vector[1].iov_len = 0 req->in.vector[2].iov_len = 64 req->in.vector[3].iov_len = 56 req->in.vector[4].iov_len = 4156 req->out.vector[0].iov_len = 4 req->out.vector[1].iov_len = 0 req->out.vector[2].iov_len = 64 req->out.vector[3].iov_len = 8 req->out.vector[4].iov_len = 0 [2013/11/07 14:24:59.093523, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:128(smbd_smb2_ioctl_pipe_write_done) smbd_smb2_ioctl_pipe_write_done: received 4156 [2013/11/07 14:24:59.093608, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:149(smbd_smb2_ioctl_pipe_write_done) smbd_smb2_ioctl_pipe_write_done: issuing np_read_send of size 4136 [2013/11/07 14:24:59.093709, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) name: \spoolss len: 4136 [2013/11/07 14:24:59.093792, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:347(read_from_internal_pipe) read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 4112. [2013/11/07 14:24:59.093890, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x1028 (4136) auth_length : 0x0000 (0) call_id : 0x00000007 (7) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00001010 (4112) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=4112 [0000] 04 00 02 00 00 10 00 00 EE 0F 00 00 C8 0F 00 00 ........ ........ [0010] B4 0F 00 00 8E 0F 00 00 8C 0F 00 00 8A 0F 00 00 ........ ........ [0020] 88 0F 00 00 8C 0E 00 00 86 0F 00 00 74 0F 00 00 ........ ....t... [0030] 6C 0F 00 00 6A 0F 00 00 94 0D 00 00 48 10 00 00 l...j... ....H... [0040] 01 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 01 00 04 80 ........ ........ [0DA0] D8 00 00 00 E8 00 00 00 00 00 00 00 14 00 00 00 ........ ........ [0DB0] 02 00 C4 00 07 00 00 00 00 02 14 00 08 00 02 20 ........ ....... [0DC0] 01 01 00 00 00 00 00 01 00 00 00 00 00 09 24 00 ........ ......$. [0DD0] 0C 00 0F 10 01 05 00 00 00 00 00 05 15 00 00 00 ........ ........ [0DE0] CD 0E 37 41 EA 03 00 1D 0E 89 3C D2 00 02 00 00 ..7A.... ..<..... [0DF0] 00 02 24 00 0C 00 0F 10 01 05 00 00 00 00 00 05 ..$..... ........ [0E00] 15 00 00 00 CD 0E 37 41 EA 03 00 1D 0E 89 3C D2 ......7A ......<. [0E10] 00 02 00 00 00 09 18 00 0C 00 0F 10 01 02 00 00 ........ ........ [0E20] 00 00 00 05 20 00 00 00 20 02 00 00 00 02 18 00 .... ... ....... [0E30] 0C 00 0F 10 01 02 00 00 00 00 00 05 20 00 00 00 ........ .... ... [0E40] 20 02 00 00 00 09 18 00 0C 00 0F 10 01 02 00 00 ....... ........ [0E50] 00 00 00 05 20 00 00 00 26 02 00 00 00 02 18 00 .... ... &....... [0E60] 0C 00 0F 10 01 02 00 00 00 00 00 05 20 00 00 00 ........ .... ... [0E70] 26 02 00 00 01 02 00 00 00 00 00 05 20 00 00 00 &....... .... ... [0E80] 20 02 00 00 01 02 00 00 00 00 00 05 20 00 00 00 ....... .... ... [0E90] 20 02 00 00 5C 00 5C 00 53 00 4C 00 41 00 56 00 ...\.\. S.L.A.V. [0EA0] 45 00 52 00 5C 00 73 00 70 00 72 00 69 00 6E 00 E.R.\.s. p.r.i.n. [0EB0] 74 00 65 00 72 00 31 00 00 00 00 00 00 00 00 00 t.e.r.1. ........ [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0ED0] 00 00 00 00 01 04 00 04 DC 00 00 00 13 47 01 00 ........ .....G.. [0EE0] 01 00 01 00 00 00 00 00 64 00 01 00 0F 00 FC FF ........ d....... [0EF0] 01 00 01 00 00 00 03 00 00 00 4C 00 65 00 74 00 ........ ..L.e.t. [0F00] 74 00 65 00 72 00 00 00 00 00 00 00 00 00 00 00 t.e.r... ........ [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F70] 00 00 00 00 52 00 41 00 57 00 00 00 77 00 69 00 ....R.A. W...w.i. [0F80] 6E 00 70 00 72 00 69 00 6E 00 74 00 00 00 00 00 n.p.r.i. n.t..... [0F90] 00 00 00 00 00 00 53 00 61 00 6D 00 62 00 61 00 ......S. a.m.b.a. [0FA0] 20 00 50 00 72 00 69 00 6E 00 74 00 65 00 72 00 .P.r.i. n.t.e.r. [0FB0] 20 00 50 00 6F 00 72 00 74 00 00 00 73 00 70 00 .P.o.r. t...s.p. [0FC0] 72 00 69 00 6E 00 74 00 65 00 72 00 31 00 00 00 r.i.n.t. e.r.1... [0FD0] 5C 00 5C 00 53 00 4C 00 41 00 56 00 45 00 52 00 \.\.S.L. A.V.E.R. [0FE0] 5C 00 73 00 70 00 72 00 69 00 6E 00 74 00 65 00 \.s.p.r. i.n.t.e. [0FF0] 72 00 31 00 00 00 5C 00 5C 00 53 00 4C 00 41 00 r.1...\. \.S.L.A. [1000] 56 00 45 00 52 00 00 00 F0 02 00 00 00 00 00 00 V.E.R... ........ [2013/11/07 14:24:59.112151, 3, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) free_pipe_context: destroying talloc pool of size 1258 [2013/11/07 14:24:59.112269, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 4136 bytes. There is no more data outstanding [2013/11/07 14:24:59.112351, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:178(smbd_smb2_ioctl_pipe_read_done) smbd_smb2_ioctl_pipe_read_done: np_read_recv nread = 4136 is_data_outstanding = 0, status = NT_STATUS_OK [2013/11/07 14:24:59.112467, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl.c:291(smbd_smb2_request_ioctl_done) smbd_smb2_request_ioctl_done: smbd_smb2_ioctl_recv returned 4136 status NT_STATUS_OK [2013/11/07 14:24:59.112551, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[48] dyn[yes:4136] at ../source3/smbd/smb2_ioctl.c:358 [2013/11/07 14:24:59.112639, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/240/127 [2013/11/07 14:24:59.113048, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) smbd_smb2_request_incoming: idx[1] of 5 vectors [2013/11/07 14:24:59.113155, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) smb2_validate_sequence_number: clearing id 240 (position 240) from bitmap [2013/11/07 14:24:59.113241, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) smbd_smb2_request_dispatch: opcode[SMB2_OP_WRITE] mid = 240 [2013/11/07 14:24:59.113364, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2013/11/07 14:24:59.113459, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) mid 240, CreditCharge: 1, NeededCharge: 1 [2013/11/07 14:24:59.113542, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_write.c:271(smbd_smb2_write_send) smbd_smb2_write: spoolss - fnum 736039724 [2013/11/07 14:24:59.113651, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 160 [2013/11/07 14:24:59.113733, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 160 [2013/11/07 14:24:59.113814, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 160 [2013/11/07 14:24:59.113896, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) fill_rpc_header: data_to_copy = 160, len_needed_to_complete_hdr = 16, receive_len = 0 [2013/11/07 14:24:59.113979, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 16 [2013/11/07 14:24:59.114058, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 144 [2013/11/07 14:24:59.114137, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 144 [2013/11/07 14:24:59.114221, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 0 [2013/11/07 14:24:59.114300, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 144 [2013/11/07 14:24:59.114379, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 144, incoming data = 144 [2013/11/07 14:24:59.114463, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) PDU is in Little Endian format! [2013/11/07 14:24:59.114614, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_BIND (11) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x00a0 (160) auth_length : 0x0000 (0) call_id : 0x00000002 (2) u : union dcerpc_payload(case 11) bind: struct dcerpc_bind max_xmit_frag : 0x10b8 (4280) max_recv_frag : 0x10b8 (4280) assoc_group_id : 0x00000000 (0) num_contexts : 0x03 (3) ctx_list: ARRAY(3) ctx_list: struct dcerpc_ctx_list context_id : 0x0000 (0) num_transfer_syntaxes : 0x01 (1) abstract_syntax: struct ndr_syntax_id uuid : 12345678-1234-abcd-ef00-0123456789ab if_version : 0x00000001 (1) transfer_syntaxes: ARRAY(1) transfer_syntaxes: struct ndr_syntax_id uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 if_version : 0x00000002 (2) ctx_list: struct dcerpc_ctx_list context_id : 0x0001 (1) num_transfer_syntaxes : 0x01 (1) abstract_syntax: struct ndr_syntax_id uuid : 12345678-1234-abcd-ef00-0123456789ab if_version : 0x00000001 (1) transfer_syntaxes: ARRAY(1) transfer_syntaxes: struct ndr_syntax_id uuid : 71710533-beba-4937-8319-b5dbef9ccc36 if_version : 0x00000001 (1) ctx_list: struct dcerpc_ctx_list context_id : 0x0002 (2) num_transfer_syntaxes : 0x01 (1) abstract_syntax: struct ndr_syntax_id uuid : 12345678-1234-abcd-ef00-0123456789ab if_version : 0x00000001 (1) transfer_syntaxes: ARRAY(1) transfer_syntaxes: struct ndr_syntax_id uuid : 6cb71c2c-9812-4540-0300-000000000000 if_version : 0x00000001 (1) auth_info : DATA_BLOB length=0 [2013/11/07 14:24:59.116688, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) Processing packet type 11 [2013/11/07 14:24:59.116774, 3, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:693(api_pipe_bind_req) api_pipe_bind_req: spoolss -> spoolss rpc service [2013/11/07 14:24:59.116858, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:724(api_pipe_bind_req) api_pipe_bind_req: make response. 724 [2013/11/07 14:24:59.116939, 3, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:342(check_bind_req) check_bind_req for \spoolss [2013/11/07 14:24:59.117024, 3, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:349(check_bind_req) check_bind_req: spoolss -> spoolss rpc service [2013/11/07 14:24:59.117143, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 22 for pipe \spoolss [2013/11/07 14:24:59.117326, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_BIND_ACK (12) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0044 (68) auth_length : 0x0000 (0) call_id : 0x00000002 (2) u : union dcerpc_payload(case 12) bind_ack: struct dcerpc_bind_ack max_xmit_frag : 0x10b8 (4280) max_recv_frag : 0x10b8 (4280) assoc_group_id : 0x000053f0 (21488) secondary_address_size : 0x000e (14) secondary_address : '\PIPE\spoolss' _pad1 : DATA_BLOB length=0 num_results : 0x01 (1) ctx_list: ARRAY(1) ctx_list: struct dcerpc_ack_ctx result : 0x0000 (0) reason : 0x0000 (0) syntax: struct ndr_syntax_id uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 if_version : 0x00000002 (2) auth_info : DATA_BLOB length=0 [2013/11/07 14:24:59.118578, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 144 smbd_smb2_request_pending_queue: req->current_idx = 1 req->in.vector[0].iov_len = 0 req->in.vector[1].iov_len = 0 req->in.vector[2].iov_len = 64 req->in.vector[3].iov_len = 48 req->in.vector[4].iov_len = 160 req->out.vector[0].iov_len = 4 req->out.vector[1].iov_len = 0 req->out.vector[2].iov_len = 64 req->out.vector[3].iov_len = 8 req->out.vector[4].iov_len = 0 [2013/11/07 14:24:59.119069, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[16] dyn[yes:0] at ../source3/smbd/smb2_write.c:150 [2013/11/07 14:24:59.119158, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/241/127 [2013/11/07 14:24:59.119323, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) smbd_smb2_request_incoming: idx[1] of 5 vectors [2013/11/07 14:24:59.119409, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) smb2_validate_sequence_number: clearing id 241 (position 241) from bitmap [2013/11/07 14:24:59.119499, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) smbd_smb2_request_dispatch: opcode[SMB2_OP_IOCTL] mid = 241 [2013/11/07 14:24:59.119595, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2013/11/07 14:24:59.119682, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) mid 241, CreditCharge: 1, NeededCharge: 1 [2013/11/07 14:24:59.119764, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl.c:394(smbd_smb2_ioctl_send) smbd_smb2_ioctl: ctl_code[0x0011c017] spoolss, fnum 617391817 [2013/11/07 14:24:59.119852, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:59(smb2_ioctl_named_pipe) smbd_smb2_ioctl_send: np_write_send of size 158 [2013/11/07 14:24:59.119933, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 158 [2013/11/07 14:24:59.120015, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 158 [2013/11/07 14:24:59.120094, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 158 [2013/11/07 14:24:59.120175, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) fill_rpc_header: data_to_copy = 158, len_needed_to_complete_hdr = 16, receive_len = 0 [2013/11/07 14:24:59.120257, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 16 [2013/11/07 14:24:59.120335, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 142 [2013/11/07 14:24:59.120448, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 142 [2013/11/07 14:24:59.120548, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 0 [2013/11/07 14:24:59.120627, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 142 [2013/11/07 14:24:59.120706, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 142, incoming data = 142 [2013/11/07 14:24:59.120788, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) PDU is in Little Endian format! [2013/11/07 14:24:59.120875, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x009e (158) auth_length : 0x0000 (0) call_id : 0x00000003 (3) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x00000086 (134) context_id : 0x0000 (0) opnum : 0x0041 (65) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=134 [0000] 00 00 00 00 A2 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 00 00 00 00 00 00 00 00 00 00 02 00 .,...... ........ [0020] 0F 00 00 00 00 00 00 00 0F 00 00 00 5C 00 5C 00 ........ ....\.\. [0030] 77 00 69 00 6E 00 38 00 2E 00 66 00 66 00 66 00 w.i.n.8. ..f.f.f. [0040] 2E 00 67 00 67 00 67 00 00 00 00 00 A0 43 67 8C ..g.g.g. .....Cg. [0050] 04 00 02 00 02 00 00 00 00 00 00 00 01 00 00 00 ........ ........ [0060] 08 00 02 00 01 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 03 00 00 00 0C 00 02 00 03 00 00 00 ........ ........ [0080] 01 00 12 00 14 00 ...... [2013/11/07 14:24:59.122384, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) Processing packet type 0 [2013/11/07 14:24:59.122466, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1472(dcesrv_auth_request) Checking request auth. [2013/11/07 14:24:59.122550, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(2016, 5001) : sec_ctx_stack_ndx = 1 [2013/11/07 14:24:59.122642, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (2016, 5001) - sec_ctx_stack_ndx = 1 [2013/11/07 14:24:59.122726, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (7): SID[ 0]: S-1-5-21-1094127309-486540266-3527182606-1118 SID[ 1]: S-1-5-21-1094127309-486540266-3527182606-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-32-545 SID[ 6]: S-1-5-32-554 Privileges (0x 800000): Privilege[ 0]: SeChangeNotifyPrivilege Rights (0x 400): Right[ 0]: SeRemoteInteractiveLogonRight [2013/11/07 14:24:59.123226, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 2016 Primary group is 5001 and contains 6 supplementary groups Group[ 0]: 5001 Group[ 1]: 5012 Group[ 2]: 5032 Group[ 3]: 5010 Group[ 4]: 5067 Group[ 5]: 5052 [2013/11/07 14:24:59.123615, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1324(api_pipe_request) Requested \spoolss rpc service [2013/11/07 14:24:59.123701, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1356(api_rpcTNP) api_rpcTNP: \spoolss op 0x41 - api_rpcTNP: rpc command: SPOOLSS_REMOTEFINDFIRSTPRINTERCHANGENOTIFYEX [2013/11/07 14:24:59.123800, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1390(api_rpcTNP) api_rpc_cmds[65].fn == 0xb7663a20 [2013/11/07 14:24:59.123923, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) spoolss_RemoteFindFirstPrinterChangeNotifyEx: struct spoolss_RemoteFindFirstPrinterChangeNotifyEx in: struct spoolss_RemoteFindFirstPrinterChangeNotifyEx handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001a2-0000-0000-7b52-aa947f2c0000 flags : 0x00000000 (0) 0: PRINTER_CHANGE_ADD_PRINTER 0: PRINTER_CHANGE_SET_PRINTER 0: PRINTER_CHANGE_DELETE_PRINTER 0: PRINTER_CHANGE_FAILED_CONNECTION_PRINTER 0: PRINTER_CHANGE_ADD_JOB 0: PRINTER_CHANGE_SET_JOB 0: PRINTER_CHANGE_DELETE_JOB 0: PRINTER_CHANGE_WRITE_JOB 0: PRINTER_CHANGE_ADD_FORM 0: PRINTER_CHANGE_SET_FORM 0: PRINTER_CHANGE_DELETE_FORM 0: PRINTER_CHANGE_ADD_PORT 0: PRINTER_CHANGE_CONFIGURE_PORT 0: PRINTER_CHANGE_DELETE_PORT 0: PRINTER_CHANGE_ADD_PRINT_PROCESSOR 0: PRINTER_CHANGE_DELETE_PRINT_PROCESSOR 0: PRINTER_CHANGE_SERVER 0: PRINTER_CHANGE_ADD_PRINTER_DRIVER 0: PRINTER_CHANGE_SET_PRINTER_DRIVER 0: PRINTER_CHANGE_DELETE_PRINTER_DRIVER 0: PRINTER_CHANGE_TIMEOUT options : 0x00000000 (0) local_machine : * local_machine : '\\win8.fff.ggg' printer_local : 0x8c6743a0 (2355577760) notify_options : * notify_options: struct spoolss_NotifyOption version : 0x00000002 (2) flags : 0x00000000 (0) 0: PRINTER_NOTIFY_OPTIONS_REFRESH count : 0x00000001 (1) types : * types: ARRAY(1) types: struct spoolss_NotifyOptionType type : PRINTER_NOTIFY_TYPE (0) u1 : 0x0000 (0) u2 : 0x00000000 (0) u3 : 0x00000000 (0) count : 0x00000003 (3) fields : * fields: ARRAY(3) fields : union spoolss_Field(case 0) field : PRINTER_NOTIFY_FIELD_PRINTER_NAME (1) fields : union spoolss_Field(case 0) field : PRINTER_NOTIFY_FIELD_STATUS (18) fields : union spoolss_Field(case 0) field : PRINTER_NOTIFY_FIELD_CJOBS (20) [2013/11/07 14:24:59.126253, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 A2 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:59.126411, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 A2 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:59.126557, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:489(get_printer_snum) short name:sprinter1 [2013/11/07 14:24:59.126646, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:2699(_spoolss_RemoteFindFirstPrinterChangeNotifyEx) _spoolss_RemoteFindFirstPrinterChangeNotifyEx: remote_address is ipv4:10.200.7.61:51333 [2013/11/07 14:24:59.126771, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:2462(spoolss_connect_to_client) spoolss_connect_to_client: Using address 10.200.7.61 (no name resolution necessary) [2013/11/07 14:24:59.127077, 3, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/util_sock.c:585(open_socket_out_send) Connecting to 10.200.7.61 at port 445 [2013/11/07 14:24:59.129815, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/util/util_net.c:848(print_socket_options) Socket options: SO_KEEPALIVE = 0 SO_REUSEADDR = 0 SO_BROADCAST = 0 TCP_NODELAY = 1 TCP_KEEPCNT = 9 TCP_KEEPIDLE = 7200 TCP_KEEPINTVL = 75 IPTOS_LOWDELAY = 0 IPTOS_THROUGHPUT = 0 SO_REUSEPORT = 0 SO_SNDBUF = 22120 SO_RCVBUF = 87380 SO_SNDLOWAT = 1 SO_RCVLOWAT = 1 SO_SNDTIMEO = 0 SO_RCVTIMEO = 0 TCP_QUICKACK = 1 TCP_DEFER_ACCEPT = 0 [2013/11/07 14:24:59.139242, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/libsmb/clientgen.c:124(cli_init_creds) cli_init_creds: user domain [2013/11/07 14:24:59.140549, 2, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:2499(spoolss_connect_to_client) spoolss_connect_to_client: unable to open the spoolss pipe on machine win8.fff.ggg. Error was : NT_STATUS_ACCESS_DENIED. [2013/11/07 14:24:59.141928, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) spoolss_RemoteFindFirstPrinterChangeNotifyEx: struct spoolss_RemoteFindFirstPrinterChangeNotifyEx out: struct spoolss_RemoteFindFirstPrinterChangeNotifyEx result : WERR_SERVER_UNAVAILABLE [2013/11/07 14:24:59.142205, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1417(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2013/11/07 14:24:59.142357, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (2016, 5001) - sec_ctx_stack_ndx = 0 [2013/11/07 14:24:59.142446, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 142 smbd_smb2_request_pending_queue: req->current_idx = 1 req->in.vector[0].iov_len = 0 req->in.vector[1].iov_len = 0 req->in.vector[2].iov_len = 64 req->in.vector[3].iov_len = 56 req->in.vector[4].iov_len = 158 req->out.vector[0].iov_len = 4 req->out.vector[1].iov_len = 0 req->out.vector[2].iov_len = 64 req->out.vector[3].iov_len = 8 req->out.vector[4].iov_len = 0 [2013/11/07 14:24:59.143126, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:128(smbd_smb2_ioctl_pipe_write_done) smbd_smb2_ioctl_pipe_write_done: received 158 [2013/11/07 14:24:59.143213, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:149(smbd_smb2_ioctl_pipe_write_done) smbd_smb2_ioctl_pipe_write_done: issuing np_read_send of size 1024 [2013/11/07 14:24:59.143330, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) name: \spoolss len: 1024 [2013/11/07 14:24:59.143415, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:347(read_from_internal_pipe) read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 4. [2013/11/07 14:24:59.143515, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x001c (28) auth_length : 0x0000 (0) call_id : 0x00000003 (3) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00000004 (4) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=4 [0000] BA 06 00 00 .... [2013/11/07 14:24:59.144518, 3, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) free_pipe_context: destroying talloc pool of size 48 [2013/11/07 14:24:59.144611, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 28 bytes. There is no more data outstanding [2013/11/07 14:24:59.144692, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:178(smbd_smb2_ioctl_pipe_read_done) smbd_smb2_ioctl_pipe_read_done: np_read_recv nread = 28 is_data_outstanding = 0, status = NT_STATUS_OK [2013/11/07 14:24:59.144787, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl.c:291(smbd_smb2_request_ioctl_done) smbd_smb2_request_ioctl_done: smbd_smb2_ioctl_recv returned 28 status NT_STATUS_OK [2013/11/07 14:24:59.144870, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[48] dyn[yes:28] at ../source3/smbd/smb2_ioctl.c:358 [2013/11/07 14:24:59.144956, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/242/127 [2013/11/07 14:24:59.145147, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) smbd_smb2_request_incoming: idx[1] of 5 vectors [2013/11/07 14:24:59.145233, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) smb2_validate_sequence_number: clearing id 242 (position 242) from bitmap [2013/11/07 14:24:59.145383, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) smbd_smb2_request_dispatch: opcode[SMB2_OP_IOCTL] mid = 242 [2013/11/07 14:24:59.145487, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2013/11/07 14:24:59.145580, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) mid 242, CreditCharge: 1, NeededCharge: 1 [2013/11/07 14:24:59.145662, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl.c:394(smbd_smb2_ioctl_send) smbd_smb2_ioctl: ctl_code[0x0011c017] spoolss, fnum 3764318751 [2013/11/07 14:24:59.145752, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:59(smb2_ioctl_named_pipe) smbd_smb2_ioctl_send: np_write_send of size 4156 [2013/11/07 14:24:59.145833, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 4156 [2013/11/07 14:24:59.145914, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 4156 [2013/11/07 14:24:59.145995, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 4156 [2013/11/07 14:24:59.146076, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) fill_rpc_header: data_to_copy = 4156, len_needed_to_complete_hdr = 16, receive_len = 0 [2013/11/07 14:24:59.146158, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 16 [2013/11/07 14:24:59.146236, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 4140 [2013/11/07 14:24:59.146315, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 4140 [2013/11/07 14:24:59.146401, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 0 [2013/11/07 14:24:59.146480, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 4140 [2013/11/07 14:24:59.146559, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 4140, incoming data = 4140 [2013/11/07 14:24:59.146643, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) PDU is in Little Endian format! [2013/11/07 14:24:59.146735, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x103c (4156) auth_length : 0x0000 (0) call_id : 0x00000008 (8) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x00001024 (4132) context_id : 0x0000 (0) opnum : 0x0008 (8) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=4132 [0000] 00 00 00 00 7E 01 00 00 00 00 00 00 7B 52 AA 94 ....~... ....{R.. [0010] 7F 2C 00 00 02 00 00 00 00 00 02 00 00 10 00 00 .,...... ........ [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1020] 00 10 00 00 .... [2013/11/07 14:24:59.164535, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) Processing packet type 0 [2013/11/07 14:24:59.164625, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1472(dcesrv_auth_request) Checking request auth. [2013/11/07 14:24:59.164719, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(2016, 5001) : sec_ctx_stack_ndx = 1 [2013/11/07 14:24:59.164810, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (2016, 5001) - sec_ctx_stack_ndx = 1 [2013/11/07 14:24:59.164893, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (7): SID[ 0]: S-1-5-21-1094127309-486540266-3527182606-1118 SID[ 1]: S-1-5-21-1094127309-486540266-3527182606-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-32-545 SID[ 6]: S-1-5-32-554 Privileges (0x 800000): Privilege[ 0]: SeChangeNotifyPrivilege Rights (0x 400): Right[ 0]: SeRemoteInteractiveLogonRight [2013/11/07 14:24:59.165393, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 2016 Primary group is 5001 and contains 6 supplementary groups Group[ 0]: 5001 Group[ 1]: 5012 Group[ 2]: 5032 Group[ 3]: 5010 Group[ 4]: 5067 Group[ 5]: 5052 [2013/11/07 14:24:59.165738, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1324(api_pipe_request) Requested \spoolss rpc service [2013/11/07 14:24:59.165825, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1356(api_rpcTNP) api_rpcTNP: \spoolss op 0x8 - api_rpcTNP: rpc command: SPOOLSS_GETPRINTER [2013/11/07 14:24:59.165910, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1390(api_rpcTNP) api_rpc_cmds[8].fn == 0xb766e000 [2013/11/07 14:24:59.166000, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) spoolss_GetPrinter: struct spoolss_GetPrinter in: struct spoolss_GetPrinter handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000017e-0000-0000-7b52-aa947f2c0000 level : 0x00000002 (2) buffer : * buffer : DATA_BLOB length=4096 [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ offered : 0x00001000 (4096) [2013/11/07 14:24:59.183865, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[3] [0000] 00 00 00 00 7E 01 00 00 00 00 00 00 7B 52 AA 94 ....~... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:59.184019, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[3] [0000] 00 00 00 00 7E 01 00 00 00 00 00 00 7B 52 AA 94 ....~... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:59.184166, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:489(get_printer_snum) short name:sprinter1 [2013/11/07 14:24:59.184364, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) Create pipe requested \winreg [2013/11/07 14:24:59.184507, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:221(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \winreg [2013/11/07 14:24:59.184590, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg [2013/11/07 14:24:59.184730, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) Created internal pipe \winreg [2013/11/07 14:24:59.184845, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:24:59.185379, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2013/11/07 14:24:59.185463, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(2016, 5001) : sec_ctx_stack_ndx = 2 [2013/11/07 14:24:59.185550, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:485(push_conn_ctx) push_conn_ctx(2620291195) : conn_ctx_stack_ndx = 0 [2013/11/07 14:24:59.185631, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/11/07 14:24:59.185711, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/11/07 14:24:59.185790, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/11/07 14:24:59.186040, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (2016, 5001) - sec_ctx_stack_ndx = 1 [2013/11/07 14:24:59.186125, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:866(regdb_open) regdb_open: registry db opened. refcount reset (1) [2013/11/07 14:24:59.186211, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2013/11/07 14:24:59.186290, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2013/11/07 14:24:59.186374, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:59.186452, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM] [2013/11/07 14:24:59.186580, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2013/11/07 14:24:59.186683, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:24:59.186789, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 AB 01 00 00 00 00 00 00 7B 52 AB 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:59.186948, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001ab-0000-0000-7b52-ab947f2c0000 result : WERR_OK [2013/11/07 14:24:59.187312, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001ab-0000-0000-7b52-ab947f2c0000 keyname: struct winreg_String name_len : 0x008c (140) name_size : 0x008c (140) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:24:59.188311, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 AB 01 00 00 00 00 00 00 7B 52 AB 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:59.188510, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2013/11/07 14:24:59.188592, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (1->2) [2013/11/07 14:24:59.188675, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2013/11/07 14:24:59.188754, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2013/11/07 14:24:59.188837, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:59.188916, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE] [2013/11/07 14:24:59.189025, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2013/11/07 14:24:59.189141, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2013/11/07 14:24:59.189223, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (2->3) [2013/11/07 14:24:59.189327, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:59.189406, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:59.189489, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:59.189567, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:59.189674, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:59.189774, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2013/11/07 14:24:59.189856, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (3->4) [2013/11/07 14:24:59.189940, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:59.190018, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:59.190102, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:59.190180, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:59.190282, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:59.190383, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2013/11/07 14:24:59.190464, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (4->5) [2013/11/07 14:24:59.190551, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:59.190629, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:59.190714, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:59.190792, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:59.190931, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2013/11/07 14:24:59.191013, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (5->6) [2013/11/07 14:24:59.191097, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:59.191177, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:59.191264, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:59.191343, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:59.191449, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2013/11/07 14:24:59.191531, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (6->7) [2013/11/07 14:24:59.191615, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:59.191695, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:59.191782, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:59.191861, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:59.191963, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:59.192065, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [sprinter1] [2013/11/07 14:24:59.192147, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (7->8) [2013/11/07 14:24:59.192231, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:59.192311, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:59.192429, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:59.192512, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:59.192656, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:59.192760, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:24:59.192845, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (8->7) [2013/11/07 14:24:59.192929, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (7->6) [2013/11/07 14:24:59.193011, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (6->5) [2013/11/07 14:24:59.193094, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (5->4) [2013/11/07 14:24:59.193177, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (4->3) [2013/11/07 14:24:59.193259, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (3->2) [2013/11/07 14:24:59.193380, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 AC 01 00 00 00 00 00 00 7B 52 AB 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:59.193531, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001ac-0000-0000-7b52-ab947f2c0000 result : WERR_OK [2013/11/07 14:24:59.193880, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey in: struct winreg_QueryInfoKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001ac-0000-0000-7b52-ab947f2c0000 classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL [2013/11/07 14:24:59.194351, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 AC 01 00 00 00 00 00 00 7B 52 AB 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:59.194508, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' (ops 0xb6d86bc0) [2013/11/07 14:24:59.194591, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:59.194729, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[0]: name[Attributes] len[4] [2013/11/07 14:24:59.194814, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[1]: name[Description] len[2] [2013/11/07 14:24:59.194897, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[2]: name[Datatype] len[8] [2013/11/07 14:24:59.194980, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[3]: name[Default Priority] len[4] [2013/11/07 14:24:59.195063, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[4]: name[Port] len[38] [2013/11/07 14:24:59.195147, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[5]: name[Name] len[20] [2013/11/07 14:24:59.195231, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[6]: name[Print Processor] len[18] [2013/11/07 14:24:59.195315, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[7]: name[Priority] len[4] [2013/11/07 14:24:59.195400, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[8]: name[Security] len[248] [2013/11/07 14:24:59.195484, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[9]: name[Share Name] len[20] [2013/11/07 14:24:59.195569, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[10]: name[StartTime] len[4] [2013/11/07 14:24:59.195653, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[11]: name[UntilTime] len[4] [2013/11/07 14:24:59.195738, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[12]: name[ChangeID] len[4] [2013/11/07 14:24:59.195823, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:59.195928, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey out: struct winreg_QueryInfoKey classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL num_subkeys : * num_subkeys : 0x00000003 (3) max_subkeylen : * max_subkeylen : 0x00000022 (34) max_classlen : * max_classlen : 0x00000000 (0) num_values : * num_values : 0x0000000d (13) max_valnamelen : * max_valnamelen : 0x00000022 (34) max_valbufsize : * max_valbufsize : 0x000000f8 (248) secdescsize : * secdescsize : 0x00000078 (120) last_changed_time : * last_changed_time : NTTIME(0) result : WERR_OK [2013/11/07 14:24:59.196956, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001ac-0000-0000-7b52-ab947f2c0000 enum_index : 0x00000000 (0) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:59.197873, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 AC 01 00 00 00 00 00 00 7B 52 AB 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:59.198022, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:59.198110, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0016 (22) size : 0x0024 (36) name : * name : 'Attributes' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x48 (72) [1] : 0x10 (16) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:59.198987, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001ac-0000-0000-7b52-ab947f2c0000 enum_index : 0x00000001 (1) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:59.199841, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 AC 01 00 00 00 00 00 00 7B 52 AB 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:59.199992, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:59.200078, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0018 (24) size : 0x0024 (36) name : * name : 'Description' type : * type : REG_SZ (1) value : * value: ARRAY(2) [0] : 0x00 (0) [1] : 0x00 (0) size : * size : 0x00000002 (2) length : * length : 0x00000002 (2) result : WERR_OK [2013/11/07 14:24:59.200898, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001ac-0000-0000-7b52-ab947f2c0000 enum_index : 0x00000002 (2) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:59.201766, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 AC 01 00 00 00 00 00 00 7B 52 AB 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:59.201931, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:59.202018, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Datatype' type : * type : REG_SZ (1) value : * value: ARRAY(8) [0] : 0x52 (82) [1] : 0x00 (0) [2] : 0x41 (65) [3] : 0x00 (0) [4] : 0x57 (87) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) size : * size : 0x00000008 (8) length : * length : 0x00000008 (8) result : WERR_OK [2013/11/07 14:24:59.203038, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001ac-0000-0000-7b52-ab947f2c0000 enum_index : 0x00000003 (3) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:59.203878, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 AC 01 00 00 00 00 00 00 7B 52 AB 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:59.204026, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:59.204112, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0022 (34) size : 0x0024 (36) name : * name : 'Default Priority' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:59.205016, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001ac-0000-0000-7b52-ab947f2c0000 enum_index : 0x00000004 (4) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:59.205894, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 AC 01 00 00 00 00 00 00 7B 52 AB 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:59.206043, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:59.206133, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x000a (10) size : 0x0024 (36) name : * name : 'Port' type : * type : REG_SZ (1) value : * value: ARRAY(38) [0] : 0x53 (83) [1] : 0x00 (0) [2] : 0x61 (97) [3] : 0x00 (0) [4] : 0x6d (109) [5] : 0x00 (0) [6] : 0x62 (98) [7] : 0x00 (0) [8] : 0x61 (97) [9] : 0x00 (0) [10] : 0x20 (32) [11] : 0x00 (0) [12] : 0x50 (80) [13] : 0x00 (0) [14] : 0x72 (114) [15] : 0x00 (0) [16] : 0x69 (105) [17] : 0x00 (0) [18] : 0x6e (110) [19] : 0x00 (0) [20] : 0x74 (116) [21] : 0x00 (0) [22] : 0x65 (101) [23] : 0x00 (0) [24] : 0x72 (114) [25] : 0x00 (0) [26] : 0x20 (32) [27] : 0x00 (0) [28] : 0x50 (80) [29] : 0x00 (0) [30] : 0x6f (111) [31] : 0x00 (0) [32] : 0x72 (114) [33] : 0x00 (0) [34] : 0x74 (116) [35] : 0x00 (0) [36] : 0x00 (0) [37] : 0x00 (0) size : * size : 0x00000026 (38) length : * length : 0x00000026 (38) result : WERR_OK [2013/11/07 14:24:59.208326, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001ac-0000-0000-7b52-ab947f2c0000 enum_index : 0x00000005 (5) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:59.209196, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 AC 01 00 00 00 00 00 00 7B 52 AB 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:59.209366, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:59.209453, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x000a (10) size : 0x0024 (36) name : * name : 'Name' type : * type : REG_SZ (1) value : * value: ARRAY(20) [0] : 0x73 (115) [1] : 0x00 (0) [2] : 0x70 (112) [3] : 0x00 (0) [4] : 0x72 (114) [5] : 0x00 (0) [6] : 0x69 (105) [7] : 0x00 (0) [8] : 0x6e (110) [9] : 0x00 (0) [10] : 0x74 (116) [11] : 0x00 (0) [12] : 0x65 (101) [13] : 0x00 (0) [14] : 0x72 (114) [15] : 0x00 (0) [16] : 0x31 (49) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) size : * size : 0x00000014 (20) length : * length : 0x00000014 (20) result : WERR_OK [2013/11/07 14:24:59.210954, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001ac-0000-0000-7b52-ab947f2c0000 enum_index : 0x00000006 (6) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:59.211796, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 AC 01 00 00 00 00 00 00 7B 52 AB 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:59.211945, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:59.212031, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0020 (32) size : 0x0024 (36) name : * name : 'Print Processor' type : * type : REG_SZ (1) value : * value: ARRAY(18) [0] : 0x77 (119) [1] : 0x00 (0) [2] : 0x69 (105) [3] : 0x00 (0) [4] : 0x6e (110) [5] : 0x00 (0) [6] : 0x70 (112) [7] : 0x00 (0) [8] : 0x72 (114) [9] : 0x00 (0) [10] : 0x69 (105) [11] : 0x00 (0) [12] : 0x6e (110) [13] : 0x00 (0) [14] : 0x74 (116) [15] : 0x00 (0) [16] : 0x00 (0) [17] : 0x00 (0) size : * size : 0x00000012 (18) length : * length : 0x00000012 (18) result : WERR_OK [2013/11/07 14:24:59.213483, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001ac-0000-0000-7b52-ab947f2c0000 enum_index : 0x00000007 (7) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:59.214327, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 AC 01 00 00 00 00 00 00 7B 52 AB 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:59.214475, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:59.214561, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Priority' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:59.215434, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001ac-0000-0000-7b52-ab947f2c0000 enum_index : 0x00000008 (8) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:59.216288, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 AC 01 00 00 00 00 00 00 7B 52 AB 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:59.216463, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:59.216549, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Security' type : * type : REG_BINARY (3) value : * value: ARRAY(248) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0xc4 (196) [55] : 0x00 (0) [56] : 0x07 (7) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x24 (36) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x05 (5) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x15 (21) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0xcd (205) [101] : 0x0e (14) [102] : 0x37 (55) [103] : 0x41 (65) [104] : 0xea (234) [105] : 0x03 (3) [106] : 0x00 (0) [107] : 0x1d (29) [108] : 0x0e (14) [109] : 0x89 (137) [110] : 0x3c (60) [111] : 0xd2 (210) [112] : 0x00 (0) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x02 (2) [118] : 0x24 (36) [119] : 0x00 (0) [120] : 0x0c (12) [121] : 0x00 (0) [122] : 0x0f (15) [123] : 0x10 (16) [124] : 0x01 (1) [125] : 0x05 (5) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x05 (5) [132] : 0x15 (21) [133] : 0x00 (0) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0xcd (205) [137] : 0x0e (14) [138] : 0x37 (55) [139] : 0x41 (65) [140] : 0xea (234) [141] : 0x03 (3) [142] : 0x00 (0) [143] : 0x1d (29) [144] : 0x0e (14) [145] : 0x89 (137) [146] : 0x3c (60) [147] : 0xd2 (210) [148] : 0x00 (0) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x09 (9) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x20 (32) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x02 (2) [178] : 0x18 (24) [179] : 0x00 (0) [180] : 0x0c (12) [181] : 0x00 (0) [182] : 0x0f (15) [183] : 0x10 (16) [184] : 0x01 (1) [185] : 0x02 (2) [186] : 0x00 (0) [187] : 0x00 (0) [188] : 0x00 (0) [189] : 0x00 (0) [190] : 0x00 (0) [191] : 0x05 (5) [192] : 0x20 (32) [193] : 0x00 (0) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x20 (32) [197] : 0x02 (2) [198] : 0x00 (0) [199] : 0x00 (0) [200] : 0x00 (0) [201] : 0x09 (9) [202] : 0x18 (24) [203] : 0x00 (0) [204] : 0x0c (12) [205] : 0x00 (0) [206] : 0x0f (15) [207] : 0x10 (16) [208] : 0x01 (1) [209] : 0x02 (2) [210] : 0x00 (0) [211] : 0x00 (0) [212] : 0x00 (0) [213] : 0x00 (0) [214] : 0x00 (0) [215] : 0x05 (5) [216] : 0x20 (32) [217] : 0x00 (0) [218] : 0x00 (0) [219] : 0x00 (0) [220] : 0x26 (38) [221] : 0x02 (2) [222] : 0x00 (0) [223] : 0x00 (0) [224] : 0x00 (0) [225] : 0x02 (2) [226] : 0x18 (24) [227] : 0x00 (0) [228] : 0x0c (12) [229] : 0x00 (0) [230] : 0x0f (15) [231] : 0x10 (16) [232] : 0x01 (1) [233] : 0x02 (2) [234] : 0x00 (0) [235] : 0x00 (0) [236] : 0x00 (0) [237] : 0x00 (0) [238] : 0x00 (0) [239] : 0x05 (5) [240] : 0x20 (32) [241] : 0x00 (0) [242] : 0x00 (0) [243] : 0x00 (0) [244] : 0x26 (38) [245] : 0x02 (2) [246] : 0x00 (0) [247] : 0x00 (0) size : * size : 0x000000f8 (248) length : * length : 0x000000f8 (248) result : WERR_OK [2013/11/07 14:24:59.227241, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001ac-0000-0000-7b52-ab947f2c0000 enum_index : 0x00000009 (9) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:59.228151, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 AC 01 00 00 00 00 00 00 7B 52 AB 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:59.228301, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:59.228412, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0016 (22) size : 0x0024 (36) name : * name : 'Share Name' type : * type : REG_SZ (1) value : * value: ARRAY(20) [0] : 0x73 (115) [1] : 0x00 (0) [2] : 0x70 (112) [3] : 0x00 (0) [4] : 0x72 (114) [5] : 0x00 (0) [6] : 0x69 (105) [7] : 0x00 (0) [8] : 0x6e (110) [9] : 0x00 (0) [10] : 0x74 (116) [11] : 0x00 (0) [12] : 0x65 (101) [13] : 0x00 (0) [14] : 0x72 (114) [15] : 0x00 (0) [16] : 0x31 (49) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) size : * size : 0x00000014 (20) length : * length : 0x00000014 (20) result : WERR_OK [2013/11/07 14:24:59.229934, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001ac-0000-0000-7b52-ab947f2c0000 enum_index : 0x0000000a (10) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:59.230777, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 AC 01 00 00 00 00 00 00 7B 52 AB 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:59.230925, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:59.231012, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0014 (20) size : 0x0024 (36) name : * name : 'StartTime' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:59.231889, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001ac-0000-0000-7b52-ab947f2c0000 enum_index : 0x0000000b (11) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:59.232764, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 AC 01 00 00 00 00 00 00 7B 52 AB 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:59.232912, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:59.232998, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0014 (20) size : 0x0024 (36) name : * name : 'UntilTime' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:59.233878, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001ac-0000-0000-7b52-ab947f2c0000 enum_index : 0x0000000c (12) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:59.234740, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 AC 01 00 00 00 00 00 00 7B 52 AB 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:59.234888, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:59.234974, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'ChangeID' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x33 (51) [1] : 0xac (172) [2] : 0x0e (14) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:59.235882, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001ac-0000-0000-7b52-ab947f2c0000 value_name : * value_name: struct winreg_String name_len : 0x0020 (32) name_size : 0x0020 (32) name : * name : 'Default DevMode' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2013/11/07 14:24:59.236825, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 AC 01 00 00 00 00 00 00 7B 52 AB 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:59.236978, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:59.237061, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2013/11/07 14:24:59.237164, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:316(_winreg_QueryValue) _winreg_QueryValue: reg_queryvalue failed with: WERR_BADFILE [2013/11/07 14:24:59.237245, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) result : WERR_BADFILE [2013/11/07 14:24:59.237724, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:24:59.238227, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2013/11/07 14:24:59.238310, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (2->3) [2013/11/07 14:24:59.238395, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2013/11/07 14:24:59.238475, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2013/11/07 14:24:59.238558, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:59.238637, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM] [2013/11/07 14:24:59.238756, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2013/11/07 14:24:59.238859, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:24:59.238947, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[3] [0000] 00 00 00 00 AD 01 00 00 00 00 00 00 7B 52 AB 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:59.239100, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001ad-0000-0000-7b52-ab947f2c0000 result : WERR_OK [2013/11/07 14:24:59.239443, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001ad-0000-0000-7b52-ab947f2c0000 keyname: struct winreg_String name_len : 0x008c (140) name_size : 0x008c (140) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:24:59.240490, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 AD 01 00 00 00 00 00 00 7B 52 AB 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:59.240645, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2013/11/07 14:24:59.240726, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (3->4) [2013/11/07 14:24:59.240809, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2013/11/07 14:24:59.240889, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2013/11/07 14:24:59.240972, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:59.241051, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE] [2013/11/07 14:24:59.241160, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2013/11/07 14:24:59.241260, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2013/11/07 14:24:59.241371, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (4->5) [2013/11/07 14:24:59.241455, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:59.241535, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:59.241618, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:59.241697, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:59.241820, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:59.241920, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2013/11/07 14:24:59.242002, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (5->6) [2013/11/07 14:24:59.242087, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:59.242165, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:59.242249, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:59.242327, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:59.242429, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:59.242529, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2013/11/07 14:24:59.242610, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (6->7) [2013/11/07 14:24:59.242695, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:59.242774, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:59.242858, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:59.242937, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:59.243060, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2013/11/07 14:24:59.243142, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (7->8) [2013/11/07 14:24:59.243227, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:59.243307, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:59.243393, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:59.243486, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:59.243593, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2013/11/07 14:24:59.243675, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (8->9) [2013/11/07 14:24:59.243759, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:59.243840, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:59.243927, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:59.244006, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:59.244111, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:59.244215, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [sprinter1] [2013/11/07 14:24:59.244296, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (9->10) [2013/11/07 14:24:59.244408, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:59.244494, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:59.244581, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:59.244660, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:59.244774, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:59.244876, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:24:59.244961, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (10->9) [2013/11/07 14:24:59.245044, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (9->8) [2013/11/07 14:24:59.245141, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (8->7) [2013/11/07 14:24:59.245224, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (7->6) [2013/11/07 14:24:59.245319, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (6->5) [2013/11/07 14:24:59.245401, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (5->4) [2013/11/07 14:24:59.245486, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[4] [0000] 00 00 00 00 AE 01 00 00 00 00 00 00 7B 52 AB 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:59.245634, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001ae-0000-0000-7b52-ab947f2c0000 result : WERR_OK [2013/11/07 14:24:59.245983, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001ae-0000-0000-7b52-ab947f2c0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2013/11/07 14:24:59.246754, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 AE 01 00 00 00 00 00 00 7B 52 AB 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:59.246905, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:59.246986, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2013/11/07 14:24:59.247068, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' (ops 0xb6d86bc0) [2013/11/07 14:24:59.247151, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:59.247271, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[0]: name[Attributes] len[4] [2013/11/07 14:24:59.247355, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[1]: name[Description] len[2] [2013/11/07 14:24:59.247438, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[2]: name[Datatype] len[8] [2013/11/07 14:24:59.247522, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[3]: name[Default Priority] len[4] [2013/11/07 14:24:59.247606, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[4]: name[Port] len[38] [2013/11/07 14:24:59.247690, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[5]: name[Name] len[20] [2013/11/07 14:24:59.247773, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[6]: name[Print Processor] len[18] [2013/11/07 14:24:59.247857, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[7]: name[Priority] len[4] [2013/11/07 14:24:59.247941, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[8]: name[Security] len[248] [2013/11/07 14:24:59.248025, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[9]: name[Share Name] len[20] [2013/11/07 14:24:59.248109, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[10]: name[StartTime] len[4] [2013/11/07 14:24:59.248194, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[11]: name[UntilTime] len[4] [2013/11/07 14:24:59.248278, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[12]: name[ChangeID] len[4] [2013/11/07 14:24:59.248364, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : NULL data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x00000000 (0) result : WERR_OK [2013/11/07 14:24:59.248848, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001ae-0000-0000-7b52-ab947f2c0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_BINARY (3) data : * data: ARRAY(0) data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x00000000 (0) [2013/11/07 14:24:59.249681, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 AE 01 00 00 00 00 00 00 7B 52 AB 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:59.249829, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:59.249911, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2013/11/07 14:24:59.249998, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : * data: ARRAY(248) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0xc4 (196) [55] : 0x00 (0) [56] : 0x07 (7) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x24 (36) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x05 (5) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x15 (21) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0xcd (205) [101] : 0x0e (14) [102] : 0x37 (55) [103] : 0x41 (65) [104] : 0xea (234) [105] : 0x03 (3) [106] : 0x00 (0) [107] : 0x1d (29) [108] : 0x0e (14) [109] : 0x89 (137) [110] : 0x3c (60) [111] : 0xd2 (210) [112] : 0x00 (0) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x02 (2) [118] : 0x24 (36) [119] : 0x00 (0) [120] : 0x0c (12) [121] : 0x00 (0) [122] : 0x0f (15) [123] : 0x10 (16) [124] : 0x01 (1) [125] : 0x05 (5) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x05 (5) [132] : 0x15 (21) [133] : 0x00 (0) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0xcd (205) [137] : 0x0e (14) [138] : 0x37 (55) [139] : 0x41 (65) [140] : 0xea (234) [141] : 0x03 (3) [142] : 0x00 (0) [143] : 0x1d (29) [144] : 0x0e (14) [145] : 0x89 (137) [146] : 0x3c (60) [147] : 0xd2 (210) [148] : 0x00 (0) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x09 (9) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x20 (32) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x02 (2) [178] : 0x18 (24) [179] : 0x00 (0) [180] : 0x0c (12) [181] : 0x00 (0) [182] : 0x0f (15) [183] : 0x10 (16) [184] : 0x01 (1) [185] : 0x02 (2) [186] : 0x00 (0) [187] : 0x00 (0) [188] : 0x00 (0) [189] : 0x00 (0) [190] : 0x00 (0) [191] : 0x05 (5) [192] : 0x20 (32) [193] : 0x00 (0) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x20 (32) [197] : 0x02 (2) [198] : 0x00 (0) [199] : 0x00 (0) [200] : 0x00 (0) [201] : 0x09 (9) [202] : 0x18 (24) [203] : 0x00 (0) [204] : 0x0c (12) [205] : 0x00 (0) [206] : 0x0f (15) [207] : 0x10 (16) [208] : 0x01 (1) [209] : 0x02 (2) [210] : 0x00 (0) [211] : 0x00 (0) [212] : 0x00 (0) [213] : 0x00 (0) [214] : 0x00 (0) [215] : 0x05 (5) [216] : 0x20 (32) [217] : 0x00 (0) [218] : 0x00 (0) [219] : 0x00 (0) [220] : 0x26 (38) [221] : 0x02 (2) [222] : 0x00 (0) [223] : 0x00 (0) [224] : 0x00 (0) [225] : 0x02 (2) [226] : 0x18 (24) [227] : 0x00 (0) [228] : 0x0c (12) [229] : 0x00 (0) [230] : 0x0f (15) [231] : 0x10 (16) [232] : 0x01 (1) [233] : 0x02 (2) [234] : 0x00 (0) [235] : 0x00 (0) [236] : 0x00 (0) [237] : 0x00 (0) [238] : 0x00 (0) [239] : 0x05 (5) [240] : 0x20 (32) [241] : 0x00 (0) [242] : 0x00 (0) [243] : 0x00 (0) [244] : 0x26 (38) [245] : 0x02 (2) [246] : 0x00 (0) [247] : 0x00 (0) data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x000000f8 (248) result : WERR_OK [2013/11/07 14:24:59.260184, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001ae-0000-0000-7b52-ab947f2c0000 [2013/11/07 14:24:59.260493, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 AE 01 00 00 00 00 00 00 7B 52 AB 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:59.260642, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 AE 01 00 00 00 00 00 00 7B 52 AB 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:59.260789, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:24:59.260875, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (4->3) [2013/11/07 14:24:59.260957, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:24:59.261303, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001ad-0000-0000-7b52-ab947f2c0000 [2013/11/07 14:24:59.261581, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 AD 01 00 00 00 00 00 00 7B 52 AB 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:59.261732, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 AD 01 00 00 00 00 00 00 7B 52 AB 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:59.261882, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:24:59.261963, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (3->2) [2013/11/07 14:24:59.262045, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:24:59.262393, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001ac-0000-0000-7b52-ab947f2c0000 [2013/11/07 14:24:59.262671, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 AC 01 00 00 00 00 00 00 7B 52 AB 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:59.262818, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 AC 01 00 00 00 00 00 00 7B 52 AB 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:59.262964, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:24:59.263051, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (2->1) [2013/11/07 14:24:59.263134, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:24:59.263465, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001ab-0000-0000-7b52-ab947f2c0000 [2013/11/07 14:24:59.263743, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 AB 01 00 00 00 00 00 00 7B 52 AB 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:59.263889, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 AB 01 00 00 00 00 00 00 7B 52 AB 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:59.264034, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:24:59.264116, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (1->0) [2013/11/07 14:24:59.264221, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:24:59.264617, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:416(close_policy_by_pipe) Deleted handle list for RPC connection \winreg [2013/11/07 14:24:59.264847, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) spoolss_GetPrinter: struct spoolss_GetPrinter out: struct spoolss_GetPrinter info : * info : union spoolss_PrinterInfo(case 2) info2: struct spoolss_PrinterInfo2 servername : * servername : '\\SLAVER' printername : * printername : '\\SLAVER\sprinter1' sharename : * sharename : 'sprinter1' portname : * portname : 'Samba Printer Port' drivername : * drivername : '' comment : * comment : '' location : * location : '' devmode : * devmode: struct spoolss_DeviceMode devicename : '\\SLAVER\sprinter1' specversion : DMSPEC_NT4_AND_ABOVE (1025) driverversion : 0x0400 (1024) size : 0x00dc (220) __driverextra_length : 0x0000 (0) fields : 0x00014713 (83731) 1: DEVMODE_ORIENTATION 1: DEVMODE_PAPERSIZE 0: DEVMODE_PAPERLENGTH 0: DEVMODE_PAPERWIDTH 1: DEVMODE_SCALE 0: DEVMODE_POSITION 0: DEVMODE_NUP 1: DEVMODE_COPIES 1: DEVMODE_DEFAULTSOURCE 1: DEVMODE_PRINTQUALITY 0: DEVMODE_COLOR 0: DEVMODE_DUPLEX 0: DEVMODE_YRESOLUTION 1: DEVMODE_TTOPTION 0: DEVMODE_COLLATE 1: DEVMODE_FORMNAME 0: DEVMODE_LOGPIXELS 0: DEVMODE_BITSPERPEL 0: DEVMODE_PELSWIDTH 0: DEVMODE_PELSHEIGHT 0: DEVMODE_DISPLAYFLAGS 0: DEVMODE_DISPLAYFREQUENCY 0: DEVMODE_ICMMETHOD 0: DEVMODE_ICMINTENT 0: DEVMODE_MEDIATYPE 0: DEVMODE_DITHERTYPE 0: DEVMODE_PANNINGWIDTH 0: DEVMODE_PANNINGHEIGHT orientation : DMORIENT_PORTRAIT (1) papersize : DMPAPER_LETTER (1) paperlength : 0x0000 (0) paperwidth : 0x0000 (0) scale : 0x0064 (100) copies : 0x0001 (1) defaultsource : DMBIN_FORMSOURCE (15) printquality : DMRES_HIGH (65532) color : DMRES_MONOCHROME (1) duplex : DMDUP_SIMPLEX (1) yresolution : 0x0000 (0) ttoption : DMTT_SUBDEV (3) collate : DMCOLLATE_FALSE (0) formname : 'Letter' logpixels : 0x0000 (0) bitsperpel : 0x00000000 (0) pelswidth : 0x00000000 (0) pelsheight : 0x00000000 (0) displayflags : UNKNOWN_ENUM_VALUE (0) displayfrequency : 0x00000000 (0) icmmethod : UNKNOWN_ENUM_VALUE (0) icmintent : UNKNOWN_ENUM_VALUE (0) mediatype : UNKNOWN_ENUM_VALUE (0) dithertype : UNKNOWN_ENUM_VALUE (0) reserved1 : 0x00000000 (0) reserved2 : 0x00000000 (0) panningwidth : 0x00000000 (0) panningheight : 0x00000000 (0) driverextra_data : DATA_BLOB length=0 sepfile : * sepfile : '' printprocessor : * printprocessor : 'winprint' datatype : * datatype : 'RAW' parameters : * parameters : '' secdesc : * secdesc: struct security_descriptor revision : SECURITY_DESCRIPTOR_REVISION_1 (1) type : 0x8004 (32772) 0: SEC_DESC_OWNER_DEFAULTED 0: SEC_DESC_GROUP_DEFAULTED 1: SEC_DESC_DACL_PRESENT 0: SEC_DESC_DACL_DEFAULTED 0: SEC_DESC_SACL_PRESENT 0: SEC_DESC_SACL_DEFAULTED 0: SEC_DESC_DACL_TRUSTED 0: SEC_DESC_SERVER_SECURITY 0: SEC_DESC_DACL_AUTO_INHERIT_REQ 0: SEC_DESC_SACL_AUTO_INHERIT_REQ 0: SEC_DESC_DACL_AUTO_INHERITED 0: SEC_DESC_SACL_AUTO_INHERITED 0: SEC_DESC_DACL_PROTECTED 0: SEC_DESC_SACL_PROTECTED 0: SEC_DESC_RM_CONTROL_VALID 1: SEC_DESC_SELF_RELATIVE owner_sid : * owner_sid : S-1-5-32-544 group_sid : * group_sid : S-1-5-32-544 sacl : NULL dacl : * dacl: struct security_acl revision : SECURITY_ACL_REVISION_NT4 (2) size : 0x00c4 (196) num_aces : 0x00000007 (7) aces: ARRAY(7) aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0014 (20) access_mask : 0x20020008 (537001992) object : union security_ace_object_ctr(case 0) trustee : S-1-1-0 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x09 (9) 1: SEC_ACE_FLAG_OBJECT_INHERIT 0: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 1: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0024 (36) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-21-1094127309-486540266-3527182606-512 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0024 (36) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-21-1094127309-486540266-3527182606-512 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x09 (9) 1: SEC_ACE_FLAG_OBJECT_INHERIT 0: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 1: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-544 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-544 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x09 (9) 1: SEC_ACE_FLAG_OBJECT_INHERIT 0: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 1: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-550 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-550 attributes : 0x00001048 (4168) 0: PRINTER_ATTRIBUTE_QUEUED 0: PRINTER_ATTRIBUTE_DIRECT 0: PRINTER_ATTRIBUTE_DEFAULT 1: PRINTER_ATTRIBUTE_SHARED 0: PRINTER_ATTRIBUTE_NETWORK 0: PRINTER_ATTRIBUTE_HIDDEN 1: PRINTER_ATTRIBUTE_LOCAL 0: PRINTER_ATTRIBUTE_ENABLE_DEVQ 0: PRINTER_ATTRIBUTE_KEEPPRINTEDJOBS 0: PRINTER_ATTRIBUTE_DO_COMPLETE_FIRST 0: PRINTER_ATTRIBUTE_WORK_OFFLINE 0: PRINTER_ATTRIBUTE_ENABLE_BIDI 1: PRINTER_ATTRIBUTE_RAW_ONLY 0: PRINTER_ATTRIBUTE_PUBLISHED 0: PRINTER_ATTRIBUTE_FAX 0: PRINTER_ATTRIBUTE_TS priority : 0x00000001 (1) defaultpriority : 0x00000001 (1) starttime : 0x00000000 (0) untiltime : 0x00000000 (0) status : 0x00000000 (0) 0: PRINTER_STATUS_PAUSED 0: PRINTER_STATUS_ERROR 0: PRINTER_STATUS_PENDING_DELETION 0: PRINTER_STATUS_PAPER_JAM 0: PRINTER_STATUS_PAPER_OUT 0: PRINTER_STATUS_MANUAL_FEED 0: PRINTER_STATUS_PAPER_PROBLEM 0: PRINTER_STATUS_OFFLINE 0: PRINTER_STATUS_IO_ACTIVE 0: PRINTER_STATUS_BUSY 0: PRINTER_STATUS_PRINTING 0: PRINTER_STATUS_OUTPUT_BIN_FULL 0: PRINTER_STATUS_NOT_AVAILABLE 0: PRINTER_STATUS_WAITING 0: PRINTER_STATUS_PROCESSING 0: PRINTER_STATUS_INITIALIZING 0: PRINTER_STATUS_WARMING_UP 0: PRINTER_STATUS_TONER_LOW 0: PRINTER_STATUS_NO_TONER 0: PRINTER_STATUS_PAGE_PUNT 0: PRINTER_STATUS_USER_INTERVENTION 0: PRINTER_STATUS_OUT_OF_MEMORY 0: PRINTER_STATUS_DOOR_OPEN 0: PRINTER_STATUS_SERVER_UNKNOWN 0: PRINTER_STATUS_POWER_SAVE cjobs : 0x00000000 (0) averageppm : 0x00000000 (0) needed : * needed : 0x000002f0 (752) result : WERR_OK [2013/11/07 14:24:59.276172, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1417(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2013/11/07 14:24:59.276292, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (2016, 5001) - sec_ctx_stack_ndx = 0 [2013/11/07 14:24:59.276381, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 4140 smbd_smb2_request_pending_queue: req->current_idx = 1 req->in.vector[0].iov_len = 0 req->in.vector[1].iov_len = 0 req->in.vector[2].iov_len = 64 req->in.vector[3].iov_len = 56 req->in.vector[4].iov_len = 4156 req->out.vector[0].iov_len = 4 req->out.vector[1].iov_len = 0 req->out.vector[2].iov_len = 64 req->out.vector[3].iov_len = 8 req->out.vector[4].iov_len = 0 [2013/11/07 14:24:59.276930, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:128(smbd_smb2_ioctl_pipe_write_done) smbd_smb2_ioctl_pipe_write_done: received 4156 [2013/11/07 14:24:59.277015, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:149(smbd_smb2_ioctl_pipe_write_done) smbd_smb2_ioctl_pipe_write_done: issuing np_read_send of size 4136 [2013/11/07 14:24:59.277100, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) name: \spoolss len: 4136 [2013/11/07 14:24:59.277184, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:347(read_from_internal_pipe) read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 4112. [2013/11/07 14:24:59.277305, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x1028 (4136) auth_length : 0x0000 (0) call_id : 0x00000008 (8) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00001010 (4112) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=4112 [0000] 04 00 02 00 00 10 00 00 EE 0F 00 00 C8 0F 00 00 ........ ........ [0010] B4 0F 00 00 8E 0F 00 00 8C 0F 00 00 8A 0F 00 00 ........ ........ [0020] 88 0F 00 00 8C 0E 00 00 86 0F 00 00 74 0F 00 00 ........ ....t... [0030] 6C 0F 00 00 6A 0F 00 00 94 0D 00 00 48 10 00 00 l...j... ....H... [0040] 01 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 01 00 04 80 ........ ........ [0DA0] D8 00 00 00 E8 00 00 00 00 00 00 00 14 00 00 00 ........ ........ [0DB0] 02 00 C4 00 07 00 00 00 00 02 14 00 08 00 02 20 ........ ....... [0DC0] 01 01 00 00 00 00 00 01 00 00 00 00 00 09 24 00 ........ ......$. [0DD0] 0C 00 0F 10 01 05 00 00 00 00 00 05 15 00 00 00 ........ ........ [0DE0] CD 0E 37 41 EA 03 00 1D 0E 89 3C D2 00 02 00 00 ..7A.... ..<..... [0DF0] 00 02 24 00 0C 00 0F 10 01 05 00 00 00 00 00 05 ..$..... ........ [0E00] 15 00 00 00 CD 0E 37 41 EA 03 00 1D 0E 89 3C D2 ......7A ......<. [0E10] 00 02 00 00 00 09 18 00 0C 00 0F 10 01 02 00 00 ........ ........ [0E20] 00 00 00 05 20 00 00 00 20 02 00 00 00 02 18 00 .... ... ....... [0E30] 0C 00 0F 10 01 02 00 00 00 00 00 05 20 00 00 00 ........ .... ... [0E40] 20 02 00 00 00 09 18 00 0C 00 0F 10 01 02 00 00 ....... ........ [0E50] 00 00 00 05 20 00 00 00 26 02 00 00 00 02 18 00 .... ... &....... [0E60] 0C 00 0F 10 01 02 00 00 00 00 00 05 20 00 00 00 ........ .... ... [0E70] 26 02 00 00 01 02 00 00 00 00 00 05 20 00 00 00 &....... .... ... [0E80] 20 02 00 00 01 02 00 00 00 00 00 05 20 00 00 00 ....... .... ... [0E90] 20 02 00 00 5C 00 5C 00 53 00 4C 00 41 00 56 00 ...\.\. S.L.A.V. [0EA0] 45 00 52 00 5C 00 73 00 70 00 72 00 69 00 6E 00 E.R.\.s. p.r.i.n. [0EB0] 74 00 65 00 72 00 31 00 00 00 00 00 00 00 00 00 t.e.r.1. ........ [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0ED0] 00 00 00 00 01 04 00 04 DC 00 00 00 13 47 01 00 ........ .....G.. [0EE0] 01 00 01 00 00 00 00 00 64 00 01 00 0F 00 FC FF ........ d....... [0EF0] 01 00 01 00 00 00 03 00 00 00 4C 00 65 00 74 00 ........ ..L.e.t. [0F00] 74 00 65 00 72 00 00 00 00 00 00 00 00 00 00 00 t.e.r... ........ [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F70] 00 00 00 00 52 00 41 00 57 00 00 00 77 00 69 00 ....R.A. W...w.i. [0F80] 6E 00 70 00 72 00 69 00 6E 00 74 00 00 00 00 00 n.p.r.i. n.t..... [0F90] 00 00 00 00 00 00 53 00 61 00 6D 00 62 00 61 00 ......S. a.m.b.a. [0FA0] 20 00 50 00 72 00 69 00 6E 00 74 00 65 00 72 00 .P.r.i. n.t.e.r. [0FB0] 20 00 50 00 6F 00 72 00 74 00 00 00 73 00 70 00 .P.o.r. t...s.p. [0FC0] 72 00 69 00 6E 00 74 00 65 00 72 00 31 00 00 00 r.i.n.t. e.r.1... [0FD0] 5C 00 5C 00 53 00 4C 00 41 00 56 00 45 00 52 00 \.\.S.L. A.V.E.R. [0FE0] 5C 00 73 00 70 00 72 00 69 00 6E 00 74 00 65 00 \.s.p.r. i.n.t.e. [0FF0] 72 00 31 00 00 00 5C 00 5C 00 53 00 4C 00 41 00 r.1...\. \.S.L.A. [1000] 56 00 45 00 52 00 00 00 F0 02 00 00 00 00 00 00 V.E.R... ........ [2013/11/07 14:24:59.295678, 3, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) free_pipe_context: destroying talloc pool of size 1258 [2013/11/07 14:24:59.295795, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 4136 bytes. There is no more data outstanding [2013/11/07 14:24:59.295880, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:178(smbd_smb2_ioctl_pipe_read_done) smbd_smb2_ioctl_pipe_read_done: np_read_recv nread = 4136 is_data_outstanding = 0, status = NT_STATUS_OK [2013/11/07 14:24:59.295968, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl.c:291(smbd_smb2_request_ioctl_done) smbd_smb2_request_ioctl_done: smbd_smb2_ioctl_recv returned 4136 status NT_STATUS_OK [2013/11/07 14:24:59.296051, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[48] dyn[yes:4136] at ../source3/smbd/smb2_ioctl.c:358 [2013/11/07 14:24:59.296152, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/243/127 [2013/11/07 14:24:59.296435, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) smbd_smb2_request_incoming: idx[1] of 5 vectors [2013/11/07 14:24:59.296530, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) smb2_validate_sequence_number: clearing id 243 (position 243) from bitmap [2013/11/07 14:24:59.296629, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) smbd_smb2_request_dispatch: opcode[SMB2_OP_READ] mid = 243 [2013/11/07 14:24:59.296734, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2013/11/07 14:24:59.296828, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) mid 243, CreditCharge: 1, NeededCharge: 1 [2013/11/07 14:24:59.296910, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_read.c:400(smbd_smb2_read_send) smbd_smb2_read: spoolss - fnum 736039724 [2013/11/07 14:24:59.297001, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) name: \spoolss len: 1024 [2013/11/07 14:24:59.297087, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:326(read_from_internal_pipe) read_from_pipe: \spoolss: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. [2013/11/07 14:24:59.297172, 3, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) free_pipe_context: destroying talloc pool of size 25 smbd_smb2_request_pending_queue: req->current_idx = 1 req->in.vector[0].iov_len = 0 req->in.vector[1].iov_len = 0 req->in.vector[2].iov_len = 64 req->in.vector[3].iov_len = 48 req->in.vector[4].iov_len = 1 req->out.vector[0].iov_len = 4 req->out.vector[1].iov_len = 0 req->out.vector[2].iov_len = 64 req->out.vector[3].iov_len = 8 req->out.vector[4].iov_len = 0 [2013/11/07 14:24:59.297717, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 68 bytes. There is no more data outstanding [2013/11/07 14:24:59.297801, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[16] dyn[yes:68] at ../source3/smbd/smb2_read.c:154 [2013/11/07 14:24:59.297886, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/244/127 [2013/11/07 14:24:59.300120, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) smbd_smb2_request_incoming: idx[1] of 5 vectors [2013/11/07 14:24:59.300295, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) smb2_validate_sequence_number: clearing id 244 (position 244) from bitmap [2013/11/07 14:24:59.300412, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) smbd_smb2_request_dispatch: opcode[SMB2_OP_IOCTL] mid = 244 [2013/11/07 14:24:59.300530, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2013/11/07 14:24:59.300628, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) mid 244, CreditCharge: 1, NeededCharge: 1 [2013/11/07 14:24:59.300711, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl.c:394(smbd_smb2_ioctl_send) smbd_smb2_ioctl: ctl_code[0x0011c017] spoolss, fnum 736039724 [2013/11/07 14:24:59.300798, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:59(smb2_ioctl_named_pipe) smbd_smb2_ioctl_send: np_write_send of size 192 [2013/11/07 14:24:59.300887, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 192 [2013/11/07 14:24:59.300969, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 192 [2013/11/07 14:24:59.301095, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 192 [2013/11/07 14:24:59.301177, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) fill_rpc_header: data_to_copy = 192, len_needed_to_complete_hdr = 16, receive_len = 0 [2013/11/07 14:24:59.301323, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 16 [2013/11/07 14:24:59.301404, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 176 [2013/11/07 14:24:59.301483, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 176 [2013/11/07 14:24:59.301565, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 0 [2013/11/07 14:24:59.301645, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 176 [2013/11/07 14:24:59.301723, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 176, incoming data = 176 [2013/11/07 14:24:59.301807, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) PDU is in Little Endian format! [2013/11/07 14:24:59.301897, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x00c0 (192) auth_length : 0x0000 (0) call_id : 0x00000002 (2) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x000000a8 (168) context_id : 0x0000 (0) opnum : 0x0045 (69) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=168 [0000] 00 00 02 00 13 00 00 00 00 00 00 00 13 00 00 00 ........ ........ [0010] 5C 00 5C 00 53 00 4C 00 41 00 56 00 45 00 52 00 \.\.S.L. A.V.E.R. [0020] 5C 00 73 00 70 00 72 00 69 00 6E 00 74 00 65 00 \.s.p.r. i.n.t.e. [0030] 72 00 31 00 00 00 00 00 00 00 00 00 00 00 00 00 r.1..... ........ [0040] 00 00 00 00 00 00 00 00 01 00 00 00 01 00 00 00 ........ ........ [0050] 04 00 02 00 28 00 00 00 08 00 02 00 0C 00 02 00 ....(... ........ [0060] 80 25 00 00 03 00 00 00 00 00 00 00 09 00 00 00 .%...... ........ [0070] 05 00 00 00 00 00 00 00 05 00 00 00 57 00 49 00 ........ ....W.I. [0080] 4E 00 38 00 00 00 00 00 0A 00 00 00 00 00 00 00 N.8..... ........ [0090] 0A 00 00 00 46 00 46 00 46 00 5C 00 74 00 65 00 ....F.F. F.\.t.e. [00A0] 73 00 74 00 38 00 00 00 s.t.8... [2013/11/07 14:24:59.303483, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) Processing packet type 0 [2013/11/07 14:24:59.303564, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1472(dcesrv_auth_request) Checking request auth. [2013/11/07 14:24:59.303649, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(2016, 5001) : sec_ctx_stack_ndx = 1 [2013/11/07 14:24:59.303740, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (2016, 5001) - sec_ctx_stack_ndx = 1 [2013/11/07 14:24:59.303823, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (7): SID[ 0]: S-1-5-21-1094127309-486540266-3527182606-1118 SID[ 1]: S-1-5-21-1094127309-486540266-3527182606-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-32-545 SID[ 6]: S-1-5-32-554 Privileges (0x 800000): Privilege[ 0]: SeChangeNotifyPrivilege Rights (0x 400): Right[ 0]: SeRemoteInteractiveLogonRight [2013/11/07 14:24:59.304304, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 2016 Primary group is 5001 and contains 6 supplementary groups Group[ 0]: 5001 Group[ 1]: 5012 Group[ 2]: 5032 Group[ 3]: 5010 Group[ 4]: 5067 Group[ 5]: 5052 [2013/11/07 14:24:59.304675, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1324(api_pipe_request) Requested \spoolss rpc service [2013/11/07 14:24:59.304760, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1356(api_rpcTNP) api_rpcTNP: \spoolss op 0x45 - api_rpcTNP: rpc command: SPOOLSS_OPENPRINTEREX [2013/11/07 14:24:59.304845, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1390(api_rpcTNP) api_rpc_cmds[69].fn == 0xb7662e70 [2013/11/07 14:24:59.304939, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) spoolss_OpenPrinterEx: struct spoolss_OpenPrinterEx in: struct spoolss_OpenPrinterEx printername : * printername : '\\SLAVER\sprinter1' datatype : NULL devmode_ctr: struct spoolss_DevmodeContainer _ndr_size : 0x00000000 (0) devmode : NULL access_mask : 0x00000000 (0) 0: SERVER_ACCESS_ADMINISTER 0: SERVER_ACCESS_ENUMERATE 0: PRINTER_ACCESS_ADMINISTER 0: PRINTER_ACCESS_USE 0: JOB_ACCESS_ADMINISTER 0: JOB_ACCESS_READ userlevel_ctr: struct spoolss_UserLevelCtr level : 0x00000001 (1) user_info : union spoolss_UserLevel(case 1) level1 : * level1: struct spoolss_UserLevel1 size : 0x00000028 (40) client : * client : 'WIN8' user : * user : 'FFF\test8' build : 0x00002580 (9600) major : UNKNOWN_ENUM_VALUE (3) minor : SPOOLSS_MINOR_VERSION_0 (0) processor : PROCESSOR_ARCHITECTURE_AMD64 (9) checking name: \\SLAVER\sprinter1 [2013/11/07 14:24:59.306187, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:737(open_printer_hnd) open_printer_hnd: name [\\SLAVER\sprinter1] [2013/11/07 14:24:59.306330, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[5] [0000] 00 00 00 00 AF 01 00 00 00 00 00 00 7B 52 AB 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:59.306513, 3, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:506(set_printer_hnd_printertype) Setting printer type=\\SLAVER\sprinter1 Printer is a printer [2013/11/07 14:24:59.306630, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:566(set_printer_hnd_name) Setting printer name=\\SLAVER\sprinter1 (len=18) searching for [sprinter1] [2013/11/07 14:24:59.306785, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=tdb] ../source3/lib/gencache.c:275(gencache_set_data_blob) Did not store value for PRINTERNAME/sprinter1, we already got it set_printer_hnd_name: Printer found: sprinter1 -> sprinter1 [2013/11/07 14:24:59.306902, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:773(open_printer_hnd) 5 printer handles active [2013/11/07 14:24:59.306984, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 AF 01 00 00 00 00 00 00 7B 52 AB 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:59.307134, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 AF 01 00 00 00 00 00 00 7B 52 AB 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:59.307283, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:489(get_printer_snum) short name:sprinter1 [2013/11/07 14:24:59.307385, 3, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/access.c:338(allow_access) Allowed connection from 10.200.7.61 (10.200.7.61) [2013/11/07 14:24:59.307603, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/share_access.c:237(user_ok_token) user_ok_token: share sprinter1 is ok for unix user test8 [2013/11/07 14:24:59.307760, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) Create pipe requested \winreg [2013/11/07 14:24:59.307853, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:221(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \winreg [2013/11/07 14:24:59.307951, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg [2013/11/07 14:24:59.308083, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) Created internal pipe \winreg [2013/11/07 14:24:59.308187, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:24:59.308755, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2013/11/07 14:24:59.308839, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(2016, 5001) : sec_ctx_stack_ndx = 2 [2013/11/07 14:24:59.308926, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:485(push_conn_ctx) push_conn_ctx(2620291195) : conn_ctx_stack_ndx = 0 [2013/11/07 14:24:59.309007, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/11/07 14:24:59.309086, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/11/07 14:24:59.309164, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/11/07 14:24:59.309422, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (2016, 5001) - sec_ctx_stack_ndx = 1 [2013/11/07 14:24:59.309506, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:866(regdb_open) regdb_open: registry db opened. refcount reset (1) [2013/11/07 14:24:59.309592, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2013/11/07 14:24:59.309672, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2013/11/07 14:24:59.309755, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:59.309834, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM] [2013/11/07 14:24:59.309959, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2013/11/07 14:24:59.310061, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:24:59.310147, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 B0 01 00 00 00 00 00 00 7B 52 AB 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:59.310319, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001b0-0000-0000-7b52-ab947f2c0000 result : WERR_OK [2013/11/07 14:24:59.310675, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001b0-0000-0000-7b52-ab947f2c0000 keyname: struct winreg_String name_len : 0x008c (140) name_size : 0x008c (140) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:24:59.311668, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 B0 01 00 00 00 00 00 00 7B 52 AB 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:59.311821, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2013/11/07 14:24:59.311903, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (1->2) [2013/11/07 14:24:59.311986, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2013/11/07 14:24:59.312065, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2013/11/07 14:24:59.312148, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:59.312226, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE] [2013/11/07 14:24:59.312336, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2013/11/07 14:24:59.312480, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2013/11/07 14:24:59.312562, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (2->3) [2013/11/07 14:24:59.312661, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:59.312740, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:59.312823, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:59.312902, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:59.313007, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:59.313107, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2013/11/07 14:24:59.313189, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (3->4) [2013/11/07 14:24:59.313273, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:59.313383, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:59.313467, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:59.313545, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:59.313652, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:59.313754, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2013/11/07 14:24:59.313835, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (4->5) [2013/11/07 14:24:59.313919, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:59.313999, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:59.314085, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:59.314164, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:59.314288, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2013/11/07 14:24:59.314384, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (5->6) [2013/11/07 14:24:59.314470, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:59.314552, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:59.314640, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:59.314720, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:59.314827, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2013/11/07 14:24:59.314910, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (6->7) [2013/11/07 14:24:59.314995, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:59.315076, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:59.315163, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:59.315242, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:59.315346, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:59.315449, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [sprinter1] [2013/11/07 14:24:59.315531, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (7->8) [2013/11/07 14:24:59.315617, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:59.315697, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:59.315784, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:59.315863, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:59.315989, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:59.316106, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:24:59.316192, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (8->7) [2013/11/07 14:24:59.316276, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (7->6) [2013/11/07 14:24:59.316360, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (6->5) [2013/11/07 14:24:59.316490, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (5->4) [2013/11/07 14:24:59.316573, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (4->3) [2013/11/07 14:24:59.316657, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (3->2) [2013/11/07 14:24:59.316742, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 B1 01 00 00 00 00 00 00 7B 52 AB 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:59.316892, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001b1-0000-0000-7b52-ab947f2c0000 result : WERR_OK [2013/11/07 14:24:59.317247, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001b1-0000-0000-7b52-ab947f2c0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2013/11/07 14:24:59.318095, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 B1 01 00 00 00 00 00 00 7B 52 AB 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:59.318249, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:59.318345, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2013/11/07 14:24:59.318429, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' (ops 0xb6d86bc0) [2013/11/07 14:24:59.318512, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:59.318634, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[0]: name[Attributes] len[4] [2013/11/07 14:24:59.318720, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[1]: name[Description] len[2] [2013/11/07 14:24:59.318803, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[2]: name[Datatype] len[8] [2013/11/07 14:24:59.318887, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[3]: name[Default Priority] len[4] [2013/11/07 14:24:59.318971, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[4]: name[Port] len[38] [2013/11/07 14:24:59.319055, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[5]: name[Name] len[20] [2013/11/07 14:24:59.319139, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[6]: name[Print Processor] len[18] [2013/11/07 14:24:59.319224, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[7]: name[Priority] len[4] [2013/11/07 14:24:59.319309, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[8]: name[Security] len[248] [2013/11/07 14:24:59.319394, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[9]: name[Share Name] len[20] [2013/11/07 14:24:59.319479, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[10]: name[StartTime] len[4] [2013/11/07 14:24:59.319564, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[11]: name[UntilTime] len[4] [2013/11/07 14:24:59.319649, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[12]: name[ChangeID] len[4] [2013/11/07 14:24:59.319736, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : NULL data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x00000000 (0) result : WERR_OK [2013/11/07 14:24:59.320204, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001b1-0000-0000-7b52-ab947f2c0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_BINARY (3) data : * data: ARRAY(0) data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x00000000 (0) [2013/11/07 14:24:59.321046, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 B1 01 00 00 00 00 00 00 7B 52 AB 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:59.321195, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:59.321290, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2013/11/07 14:24:59.321379, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : * data: ARRAY(248) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0xc4 (196) [55] : 0x00 (0) [56] : 0x07 (7) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x24 (36) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x05 (5) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x15 (21) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0xcd (205) [101] : 0x0e (14) [102] : 0x37 (55) [103] : 0x41 (65) [104] : 0xea (234) [105] : 0x03 (3) [106] : 0x00 (0) [107] : 0x1d (29) [108] : 0x0e (14) [109] : 0x89 (137) [110] : 0x3c (60) [111] : 0xd2 (210) [112] : 0x00 (0) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x02 (2) [118] : 0x24 (36) [119] : 0x00 (0) [120] : 0x0c (12) [121] : 0x00 (0) [122] : 0x0f (15) [123] : 0x10 (16) [124] : 0x01 (1) [125] : 0x05 (5) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x05 (5) [132] : 0x15 (21) [133] : 0x00 (0) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0xcd (205) [137] : 0x0e (14) [138] : 0x37 (55) [139] : 0x41 (65) [140] : 0xea (234) [141] : 0x03 (3) [142] : 0x00 (0) [143] : 0x1d (29) [144] : 0x0e (14) [145] : 0x89 (137) [146] : 0x3c (60) [147] : 0xd2 (210) [148] : 0x00 (0) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x09 (9) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x20 (32) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x02 (2) [178] : 0x18 (24) [179] : 0x00 (0) [180] : 0x0c (12) [181] : 0x00 (0) [182] : 0x0f (15) [183] : 0x10 (16) [184] : 0x01 (1) [185] : 0x02 (2) [186] : 0x00 (0) [187] : 0x00 (0) [188] : 0x00 (0) [189] : 0x00 (0) [190] : 0x00 (0) [191] : 0x05 (5) [192] : 0x20 (32) [193] : 0x00 (0) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x20 (32) [197] : 0x02 (2) [198] : 0x00 (0) [199] : 0x00 (0) [200] : 0x00 (0) [201] : 0x09 (9) [202] : 0x18 (24) [203] : 0x00 (0) [204] : 0x0c (12) [205] : 0x00 (0) [206] : 0x0f (15) [207] : 0x10 (16) [208] : 0x01 (1) [209] : 0x02 (2) [210] : 0x00 (0) [211] : 0x00 (0) [212] : 0x00 (0) [213] : 0x00 (0) [214] : 0x00 (0) [215] : 0x05 (5) [216] : 0x20 (32) [217] : 0x00 (0) [218] : 0x00 (0) [219] : 0x00 (0) [220] : 0x26 (38) [221] : 0x02 (2) [222] : 0x00 (0) [223] : 0x00 (0) [224] : 0x00 (0) [225] : 0x02 (2) [226] : 0x18 (24) [227] : 0x00 (0) [228] : 0x0c (12) [229] : 0x00 (0) [230] : 0x0f (15) [231] : 0x10 (16) [232] : 0x01 (1) [233] : 0x02 (2) [234] : 0x00 (0) [235] : 0x00 (0) [236] : 0x00 (0) [237] : 0x00 (0) [238] : 0x00 (0) [239] : 0x05 (5) [240] : 0x20 (32) [241] : 0x00 (0) [242] : 0x00 (0) [243] : 0x00 (0) [244] : 0x26 (38) [245] : 0x02 (2) [246] : 0x00 (0) [247] : 0x00 (0) data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x000000f8 (248) result : WERR_OK [2013/11/07 14:24:59.331738, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001b1-0000-0000-7b52-ab947f2c0000 [2013/11/07 14:24:59.332022, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 B1 01 00 00 00 00 00 00 7B 52 AB 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:59.332175, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 B1 01 00 00 00 00 00 00 7B 52 AB 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:59.332326, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:24:59.332438, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (2->1) [2013/11/07 14:24:59.332522, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:24:59.332861, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001b0-0000-0000-7b52-ab947f2c0000 [2013/11/07 14:24:59.333140, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 B0 01 00 00 00 00 00 00 7B 52 AB 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:59.333304, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 B0 01 00 00 00 00 00 00 7B 52 AB 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:59.333468, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:24:59.333549, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (1->0) [2013/11/07 14:24:59.333649, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:24:59.333981, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:416(close_policy_by_pipe) Deleted handle list for RPC connection \winreg [2013/11/07 14:24:59.334072, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x20020008 to 0x00020008 [2013/11/07 14:24:59.334153, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2013/11/07 14:24:59.334233, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2013/11/07 14:24:59.334312, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2013/11/07 14:24:59.334392, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2013/11/07 14:24:59.334471, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2013/11/07 14:24:59.334551, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2013/11/07 14:24:59.334633, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/printing/nt_printing.c:1844(print_access_check) access check was SUCCESS [2013/11/07 14:24:59.334716, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:1921(_spoolss_OpenPrinterEx) Setting printer access = PRINTER_ACCESS_USE [2013/11/07 14:24:59.334860, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) Create pipe requested \winreg [2013/11/07 14:24:59.334952, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:221(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \winreg [2013/11/07 14:24:59.335034, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg [2013/11/07 14:24:59.335160, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) Created internal pipe \winreg [2013/11/07 14:24:59.335260, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:24:59.335774, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2013/11/07 14:24:59.335858, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(2016, 5001) : sec_ctx_stack_ndx = 2 [2013/11/07 14:24:59.335944, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:485(push_conn_ctx) push_conn_ctx(2620291195) : conn_ctx_stack_ndx = 0 [2013/11/07 14:24:59.336026, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/11/07 14:24:59.336106, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/11/07 14:24:59.336185, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/11/07 14:24:59.336523, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (2016, 5001) - sec_ctx_stack_ndx = 1 [2013/11/07 14:24:59.336762, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:866(regdb_open) regdb_open: registry db opened. refcount reset (1) [2013/11/07 14:24:59.336849, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2013/11/07 14:24:59.336929, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2013/11/07 14:24:59.337012, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:59.337092, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM] [2013/11/07 14:24:59.337215, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2013/11/07 14:24:59.337356, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:24:59.337445, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 B2 01 00 00 00 00 00 00 7B 52 AB 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:59.337598, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001b2-0000-0000-7b52-ab947f2c0000 result : WERR_OK [2013/11/07 14:24:59.337953, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001b2-0000-0000-7b52-ab947f2c0000 keyname: struct winreg_String name_len : 0x008c (140) name_size : 0x008c (140) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:24:59.338974, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 B2 01 00 00 00 00 00 00 7B 52 AB 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:59.339129, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2013/11/07 14:24:59.339211, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (1->2) [2013/11/07 14:24:59.339297, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2013/11/07 14:24:59.339376, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2013/11/07 14:24:59.339459, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:59.339538, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE] [2013/11/07 14:24:59.339648, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2013/11/07 14:24:59.339749, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2013/11/07 14:24:59.339832, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (2->3) [2013/11/07 14:24:59.339915, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:59.339996, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:59.340079, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:59.340158, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:59.340263, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:59.340377, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2013/11/07 14:24:59.340504, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (3->4) [2013/11/07 14:24:59.340589, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:59.340668, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:59.340752, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:59.340831, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:59.340933, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:59.341034, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2013/11/07 14:24:59.341116, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (4->5) [2013/11/07 14:24:59.341201, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:59.341293, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:59.341380, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:59.341459, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:59.341581, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2013/11/07 14:24:59.341664, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (5->6) [2013/11/07 14:24:59.341749, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:59.341829, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:59.341915, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:59.341994, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:59.342114, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2013/11/07 14:24:59.342197, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (6->7) [2013/11/07 14:24:59.342282, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:59.342363, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:59.342450, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:59.342529, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:59.342632, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:59.342735, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [sprinter1] [2013/11/07 14:24:59.342816, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (7->8) [2013/11/07 14:24:59.342901, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:59.342982, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:59.343069, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:59.343148, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:59.343272, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:59.343375, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:24:59.343460, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (8->7) [2013/11/07 14:24:59.343544, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (7->6) [2013/11/07 14:24:59.343627, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (6->5) [2013/11/07 14:24:59.343709, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (5->4) [2013/11/07 14:24:59.343810, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (4->3) [2013/11/07 14:24:59.343894, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (3->2) [2013/11/07 14:24:59.343977, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 B3 01 00 00 00 00 00 00 7B 52 AB 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:59.344126, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001b3-0000-0000-7b52-ab947f2c0000 result : WERR_OK [2013/11/07 14:24:59.344500, 2, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/rpc_client/cli_winreg_spoolss.c:626(winreg_create_printer) winreg_create_printer: Skipping, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1 already exists [2013/11/07 14:24:59.344598, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001b3-0000-0000-7b52-ab947f2c0000 [2013/11/07 14:24:59.344879, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 B3 01 00 00 00 00 00 00 7B 52 AB 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:59.345030, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 B3 01 00 00 00 00 00 00 7B 52 AB 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:59.345179, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:24:59.345261, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (2->1) [2013/11/07 14:24:59.345355, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:24:59.345692, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001b2-0000-0000-7b52-ab947f2c0000 [2013/11/07 14:24:59.345985, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 B2 01 00 00 00 00 00 00 7B 52 AB 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:59.346139, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 B2 01 00 00 00 00 00 00 7B 52 AB 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:59.346290, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:24:59.346371, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (1->0) [2013/11/07 14:24:59.346469, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:24:59.346799, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:416(close_policy_by_pipe) Deleted handle list for RPC connection \winreg [2013/11/07 14:24:59.346890, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) spoolss_OpenPrinterEx: struct spoolss_OpenPrinterEx out: struct spoolss_OpenPrinterEx handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001af-0000-0000-7b52-ab947f2c0000 result : WERR_OK [2013/11/07 14:24:59.347216, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1417(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2013/11/07 14:24:59.347315, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (2016, 5001) - sec_ctx_stack_ndx = 0 [2013/11/07 14:24:59.347401, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 176 smbd_smb2_request_pending_queue: req->current_idx = 1 req->in.vector[0].iov_len = 0 req->in.vector[1].iov_len = 0 req->in.vector[2].iov_len = 64 req->in.vector[3].iov_len = 56 req->in.vector[4].iov_len = 192 req->out.vector[0].iov_len = 4 req->out.vector[1].iov_len = 0 req->out.vector[2].iov_len = 64 req->out.vector[3].iov_len = 8 req->out.vector[4].iov_len = 0 [2013/11/07 14:24:59.347897, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:128(smbd_smb2_ioctl_pipe_write_done) smbd_smb2_ioctl_pipe_write_done: received 192 [2013/11/07 14:24:59.347979, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:149(smbd_smb2_ioctl_pipe_write_done) smbd_smb2_ioctl_pipe_write_done: issuing np_read_send of size 1024 [2013/11/07 14:24:59.348064, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) name: \spoolss len: 1024 [2013/11/07 14:24:59.348147, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:347(read_from_internal_pipe) read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 24. [2013/11/07 14:24:59.348255, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0030 (48) auth_length : 0x0000 (0) call_id : 0x00000002 (2) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00000018 (24) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=24 [0000] 00 00 00 00 AF 01 00 00 00 00 00 00 7B 52 AB 94 ........ ....{R.. [0010] 7F 2C 00 00 00 00 00 00 .,...... [2013/11/07 14:24:59.349227, 3, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) free_pipe_context: destroying talloc pool of size 61 [2013/11/07 14:24:59.349347, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 48 bytes. There is no more data outstanding [2013/11/07 14:24:59.349430, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:178(smbd_smb2_ioctl_pipe_read_done) smbd_smb2_ioctl_pipe_read_done: np_read_recv nread = 48 is_data_outstanding = 0, status = NT_STATUS_OK [2013/11/07 14:24:59.349517, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl.c:291(smbd_smb2_request_ioctl_done) smbd_smb2_request_ioctl_done: smbd_smb2_ioctl_recv returned 48 status NT_STATUS_OK [2013/11/07 14:24:59.349601, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[48] dyn[yes:48] at ../source3/smbd/smb2_ioctl.c:358 [2013/11/07 14:24:59.349687, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/245/127 [2013/11/07 14:24:59.349887, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) smbd_smb2_request_incoming: idx[1] of 5 vectors [2013/11/07 14:24:59.349988, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) smb2_validate_sequence_number: clearing id 245 (position 245) from bitmap [2013/11/07 14:24:59.350074, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) smbd_smb2_request_dispatch: opcode[SMB2_OP_IOCTL] mid = 245 [2013/11/07 14:24:59.350177, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2013/11/07 14:24:59.350269, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) mid 245, CreditCharge: 1, NeededCharge: 1 [2013/11/07 14:24:59.350352, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl.c:394(smbd_smb2_ioctl_send) smbd_smb2_ioctl: ctl_code[0x0011c017] spoolss, fnum 3764318751 [2013/11/07 14:24:59.350440, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:59(smb2_ioctl_named_pipe) smbd_smb2_ioctl_send: np_write_send of size 4156 [2013/11/07 14:24:59.350537, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 4156 [2013/11/07 14:24:59.350619, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 4156 [2013/11/07 14:24:59.350700, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 4156 [2013/11/07 14:24:59.350781, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) fill_rpc_header: data_to_copy = 4156, len_needed_to_complete_hdr = 16, receive_len = 0 [2013/11/07 14:24:59.350863, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 16 [2013/11/07 14:24:59.350942, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 4140 [2013/11/07 14:24:59.351022, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 4140 [2013/11/07 14:24:59.351108, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 0 [2013/11/07 14:24:59.351188, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 4140 [2013/11/07 14:24:59.351267, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 4140, incoming data = 4140 [2013/11/07 14:24:59.351352, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) PDU is in Little Endian format! [2013/11/07 14:24:59.351443, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x103c (4156) auth_length : 0x0000 (0) call_id : 0x00000009 (9) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x00001024 (4132) context_id : 0x0000 (0) opnum : 0x0008 (8) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=4132 [0000] 00 00 00 00 7E 01 00 00 00 00 00 00 7B 52 AA 94 ....~... ....{R.. [0010] 7F 2C 00 00 02 00 00 00 00 00 02 00 00 10 00 00 .,...... ........ [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1020] 00 10 00 00 .... [2013/11/07 14:24:59.370213, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) Processing packet type 0 [2013/11/07 14:24:59.370300, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1472(dcesrv_auth_request) Checking request auth. [2013/11/07 14:24:59.370393, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(2016, 5001) : sec_ctx_stack_ndx = 1 [2013/11/07 14:24:59.370496, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (2016, 5001) - sec_ctx_stack_ndx = 1 [2013/11/07 14:24:59.370581, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (7): SID[ 0]: S-1-5-21-1094127309-486540266-3527182606-1118 SID[ 1]: S-1-5-21-1094127309-486540266-3527182606-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-32-545 SID[ 6]: S-1-5-32-554 Privileges (0x 800000): Privilege[ 0]: SeChangeNotifyPrivilege Rights (0x 400): Right[ 0]: SeRemoteInteractiveLogonRight [2013/11/07 14:24:59.371063, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 2016 Primary group is 5001 and contains 6 supplementary groups Group[ 0]: 5001 Group[ 1]: 5012 Group[ 2]: 5032 Group[ 3]: 5010 Group[ 4]: 5067 Group[ 5]: 5052 [2013/11/07 14:24:59.371407, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1324(api_pipe_request) Requested \spoolss rpc service [2013/11/07 14:24:59.371495, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1356(api_rpcTNP) api_rpcTNP: \spoolss op 0x8 - api_rpcTNP: rpc command: SPOOLSS_GETPRINTER [2013/11/07 14:24:59.371581, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1390(api_rpcTNP) api_rpc_cmds[8].fn == 0xb766e000 [2013/11/07 14:24:59.371671, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) spoolss_GetPrinter: struct spoolss_GetPrinter in: struct spoolss_GetPrinter handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000017e-0000-0000-7b52-aa947f2c0000 level : 0x00000002 (2) buffer : * buffer : DATA_BLOB length=4096 [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ offered : 0x00001000 (4096) [2013/11/07 14:24:59.500286, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[4] [0000] 00 00 00 00 7E 01 00 00 00 00 00 00 7B 52 AA 94 ....~... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:59.500516, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[4] [0000] 00 00 00 00 7E 01 00 00 00 00 00 00 7B 52 AA 94 ....~... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:59.500670, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:489(get_printer_snum) short name:sprinter1 [2013/11/07 14:24:59.500860, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) Create pipe requested \winreg [2013/11/07 14:24:59.500959, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:221(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \winreg [2013/11/07 14:24:59.501043, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg [2013/11/07 14:24:59.501194, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) Created internal pipe \winreg [2013/11/07 14:24:59.501329, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:24:59.501918, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2013/11/07 14:24:59.502006, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(2016, 5001) : sec_ctx_stack_ndx = 2 [2013/11/07 14:24:59.502096, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:485(push_conn_ctx) push_conn_ctx(2620291195) : conn_ctx_stack_ndx = 0 [2013/11/07 14:24:59.502179, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/11/07 14:24:59.502260, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/11/07 14:24:59.502341, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/11/07 14:24:59.502608, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (2016, 5001) - sec_ctx_stack_ndx = 1 [2013/11/07 14:24:59.502694, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:866(regdb_open) regdb_open: registry db opened. refcount reset (1) [2013/11/07 14:24:59.502780, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2013/11/07 14:24:59.502861, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2013/11/07 14:24:59.502944, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:59.503024, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM] [2013/11/07 14:24:59.503152, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2013/11/07 14:24:59.503256, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:24:59.503347, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 B4 01 00 00 00 00 00 00 7B 52 AB 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:59.503500, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001b4-0000-0000-7b52-ab947f2c0000 result : WERR_OK [2013/11/07 14:24:59.503869, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001b4-0000-0000-7b52-ab947f2c0000 keyname: struct winreg_String name_len : 0x008c (140) name_size : 0x008c (140) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:24:59.505056, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 B4 01 00 00 00 00 00 00 7B 52 AB 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:59.505213, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2013/11/07 14:24:59.505396, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (1->2) [2013/11/07 14:24:59.505485, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2013/11/07 14:24:59.505564, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2013/11/07 14:24:59.505649, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:59.505728, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE] [2013/11/07 14:24:59.505851, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2013/11/07 14:24:59.505954, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2013/11/07 14:24:59.506046, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (2->3) [2013/11/07 14:24:59.506130, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:59.506210, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:59.506294, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:59.506373, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:59.506497, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:59.506598, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2013/11/07 14:24:59.506682, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (3->4) [2013/11/07 14:24:59.506821, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:59.506901, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:59.506986, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:59.507065, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:59.507172, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:59.507275, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2013/11/07 14:24:59.507357, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (4->5) [2013/11/07 14:24:59.507442, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:59.507523, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:59.507608, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:59.507688, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:59.507815, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2013/11/07 14:24:59.507898, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (5->6) [2013/11/07 14:24:59.507982, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:59.508064, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:59.508153, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:59.508247, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:59.508357, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2013/11/07 14:24:59.508483, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (6->7) [2013/11/07 14:24:59.508571, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:59.508652, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:59.508741, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:59.508820, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:59.508926, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:59.509030, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [sprinter1] [2013/11/07 14:24:59.509113, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (7->8) [2013/11/07 14:24:59.509199, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:59.509294, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:59.509385, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:59.509465, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:59.509593, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:59.509697, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:24:59.509783, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (8->7) [2013/11/07 14:24:59.509867, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (7->6) [2013/11/07 14:24:59.509952, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (6->5) [2013/11/07 14:24:59.510052, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (5->4) [2013/11/07 14:24:59.510136, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (4->3) [2013/11/07 14:24:59.510220, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (3->2) [2013/11/07 14:24:59.510308, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 B5 01 00 00 00 00 00 00 7B 52 AB 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:59.510460, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001b5-0000-0000-7b52-ab947f2c0000 result : WERR_OK [2013/11/07 14:24:59.510925, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey in: struct winreg_QueryInfoKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001b5-0000-0000-7b52-ab947f2c0000 classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL [2013/11/07 14:24:59.511406, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 B5 01 00 00 00 00 00 00 7B 52 AB 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:59.511564, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' (ops 0xb6d86bc0) [2013/11/07 14:24:59.511649, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:59.511777, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[0]: name[Attributes] len[4] [2013/11/07 14:24:59.511864, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[1]: name[Description] len[2] [2013/11/07 14:24:59.511949, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[2]: name[Datatype] len[8] [2013/11/07 14:24:59.512096, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[3]: name[Default Priority] len[4] [2013/11/07 14:24:59.512200, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[4]: name[Port] len[38] [2013/11/07 14:24:59.512287, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[5]: name[Name] len[20] [2013/11/07 14:24:59.512373, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[6]: name[Print Processor] len[18] [2013/11/07 14:24:59.512500, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[7]: name[Priority] len[4] [2013/11/07 14:24:59.512752, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[8]: name[Security] len[248] [2013/11/07 14:24:59.512840, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[9]: name[Share Name] len[20] [2013/11/07 14:24:59.512963, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[10]: name[StartTime] len[4] [2013/11/07 14:24:59.513050, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[11]: name[UntilTime] len[4] [2013/11/07 14:24:59.513136, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[12]: name[ChangeID] len[4] [2013/11/07 14:24:59.513228, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:59.513357, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey out: struct winreg_QueryInfoKey classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL num_subkeys : * num_subkeys : 0x00000003 (3) max_subkeylen : * max_subkeylen : 0x00000022 (34) max_classlen : * max_classlen : 0x00000000 (0) num_values : * num_values : 0x0000000d (13) max_valnamelen : * max_valnamelen : 0x00000022 (34) max_valbufsize : * max_valbufsize : 0x000000f8 (248) secdescsize : * secdescsize : 0x00000078 (120) last_changed_time : * last_changed_time : NTTIME(0) result : WERR_OK [2013/11/07 14:24:59.514436, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001b5-0000-0000-7b52-ab947f2c0000 enum_index : 0x00000000 (0) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:59.515317, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 B5 01 00 00 00 00 00 00 7B 52 AB 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:59.515469, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:59.515559, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0016 (22) size : 0x0024 (36) name : * name : 'Attributes' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x48 (72) [1] : 0x10 (16) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:59.516645, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001b5-0000-0000-7b52-ab947f2c0000 enum_index : 0x00000001 (1) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:59.518193, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 B5 01 00 00 00 00 00 00 7B 52 AB 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:59.518416, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:59.518514, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0018 (24) size : 0x0024 (36) name : * name : 'Description' type : * type : REG_SZ (1) value : * value: ARRAY(2) [0] : 0x00 (0) [1] : 0x00 (0) size : * size : 0x00000002 (2) length : * length : 0x00000002 (2) result : WERR_OK [2013/11/07 14:24:59.519324, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001b5-0000-0000-7b52-ab947f2c0000 enum_index : 0x00000002 (2) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:59.520172, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 B5 01 00 00 00 00 00 00 7B 52 AB 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:59.520322, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:59.524508, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Datatype' type : * type : REG_SZ (1) value : * value: ARRAY(8) [0] : 0x52 (82) [1] : 0x00 (0) [2] : 0x41 (65) [3] : 0x00 (0) [4] : 0x57 (87) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) size : * size : 0x00000008 (8) length : * length : 0x00000008 (8) result : WERR_OK [2013/11/07 14:24:59.525799, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001b5-0000-0000-7b52-ab947f2c0000 enum_index : 0x00000003 (3) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:59.526660, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 B5 01 00 00 00 00 00 00 7B 52 AB 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:59.526812, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:59.526902, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0022 (34) size : 0x0024 (36) name : * name : 'Default Priority' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:59.527843, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001b5-0000-0000-7b52-ab947f2c0000 enum_index : 0x00000004 (4) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:59.532826, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 B5 01 00 00 00 00 00 00 7B 52 AB 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:59.532980, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:59.533075, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x000a (10) size : 0x0024 (36) name : * name : 'Port' type : * type : REG_SZ (1) value : * value: ARRAY(38) [0] : 0x53 (83) [1] : 0x00 (0) [2] : 0x61 (97) [3] : 0x00 (0) [4] : 0x6d (109) [5] : 0x00 (0) [6] : 0x62 (98) [7] : 0x00 (0) [8] : 0x61 (97) [9] : 0x00 (0) [10] : 0x20 (32) [11] : 0x00 (0) [12] : 0x50 (80) [13] : 0x00 (0) [14] : 0x72 (114) [15] : 0x00 (0) [16] : 0x69 (105) [17] : 0x00 (0) [18] : 0x6e (110) [19] : 0x00 (0) [20] : 0x74 (116) [21] : 0x00 (0) [22] : 0x65 (101) [23] : 0x00 (0) [24] : 0x72 (114) [25] : 0x00 (0) [26] : 0x20 (32) [27] : 0x00 (0) [28] : 0x50 (80) [29] : 0x00 (0) [30] : 0x6f (111) [31] : 0x00 (0) [32] : 0x72 (114) [33] : 0x00 (0) [34] : 0x74 (116) [35] : 0x00 (0) [36] : 0x00 (0) [37] : 0x00 (0) size : * size : 0x00000026 (38) length : * length : 0x00000026 (38) result : WERR_OK [2013/11/07 14:24:59.535468, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001b5-0000-0000-7b52-ab947f2c0000 enum_index : 0x00000005 (5) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:59.536347, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 B5 01 00 00 00 00 00 00 7B 52 AB 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:59.540573, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:59.540674, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x000a (10) size : 0x0024 (36) name : * name : 'Name' type : * type : REG_SZ (1) value : * value: ARRAY(20) [0] : 0x73 (115) [1] : 0x00 (0) [2] : 0x70 (112) [3] : 0x00 (0) [4] : 0x72 (114) [5] : 0x00 (0) [6] : 0x69 (105) [7] : 0x00 (0) [8] : 0x6e (110) [9] : 0x00 (0) [10] : 0x74 (116) [11] : 0x00 (0) [12] : 0x65 (101) [13] : 0x00 (0) [14] : 0x72 (114) [15] : 0x00 (0) [16] : 0x31 (49) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) size : * size : 0x00000014 (20) length : * length : 0x00000014 (20) result : WERR_OK [2013/11/07 14:24:59.542260, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001b5-0000-0000-7b52-ab947f2c0000 enum_index : 0x00000006 (6) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:59.543209, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 B5 01 00 00 00 00 00 00 7B 52 AB 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:59.543359, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:59.543450, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0020 (32) size : 0x0024 (36) name : * name : 'Print Processor' type : * type : REG_SZ (1) value : * value: ARRAY(18) [0] : 0x77 (119) [1] : 0x00 (0) [2] : 0x69 (105) [3] : 0x00 (0) [4] : 0x6e (110) [5] : 0x00 (0) [6] : 0x70 (112) [7] : 0x00 (0) [8] : 0x72 (114) [9] : 0x00 (0) [10] : 0x69 (105) [11] : 0x00 (0) [12] : 0x6e (110) [13] : 0x00 (0) [14] : 0x74 (116) [15] : 0x00 (0) [16] : 0x00 (0) [17] : 0x00 (0) size : * size : 0x00000012 (18) length : * length : 0x00000012 (18) result : WERR_OK [2013/11/07 14:24:59.549105, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001b5-0000-0000-7b52-ab947f2c0000 enum_index : 0x00000007 (7) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:59.550007, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 B5 01 00 00 00 00 00 00 7B 52 AB 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:59.550159, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:59.550253, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Priority' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:59.551166, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001b5-0000-0000-7b52-ab947f2c0000 enum_index : 0x00000008 (8) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:59.552054, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 B5 01 00 00 00 00 00 00 7B 52 AB 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:59.552203, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:59.552294, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Security' type : * type : REG_BINARY (3) value : * value: ARRAY(248) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0xc4 (196) [55] : 0x00 (0) [56] : 0x07 (7) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x24 (36) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x05 (5) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x15 (21) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0xcd (205) [101] : 0x0e (14) [102] : 0x37 (55) [103] : 0x41 (65) [104] : 0xea (234) [105] : 0x03 (3) [106] : 0x00 (0) [107] : 0x1d (29) [108] : 0x0e (14) [109] : 0x89 (137) [110] : 0x3c (60) [111] : 0xd2 (210) [112] : 0x00 (0) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x02 (2) [118] : 0x24 (36) [119] : 0x00 (0) [120] : 0x0c (12) [121] : 0x00 (0) [122] : 0x0f (15) [123] : 0x10 (16) [124] : 0x01 (1) [125] : 0x05 (5) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x05 (5) [132] : 0x15 (21) [133] : 0x00 (0) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0xcd (205) [137] : 0x0e (14) [138] : 0x37 (55) [139] : 0x41 (65) [140] : 0xea (234) [141] : 0x03 (3) [142] : 0x00 (0) [143] : 0x1d (29) [144] : 0x0e (14) [145] : 0x89 (137) [146] : 0x3c (60) [147] : 0xd2 (210) [148] : 0x00 (0) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x09 (9) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x20 (32) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x02 (2) [178] : 0x18 (24) [179] : 0x00 (0) [180] : 0x0c (12) [181] : 0x00 (0) [182] : 0x0f (15) [183] : 0x10 (16) [184] : 0x01 (1) [185] : 0x02 (2) [186] : 0x00 (0) [187] : 0x00 (0) [188] : 0x00 (0) [189] : 0x00 (0) [190] : 0x00 (0) [191] : 0x05 (5) [192] : 0x20 (32) [193] : 0x00 (0) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x20 (32) [197] : 0x02 (2) [198] : 0x00 (0) [199] : 0x00 (0) [200] : 0x00 (0) [201] : 0x09 (9) [202] : 0x18 (24) [203] : 0x00 (0) [204] : 0x0c (12) [205] : 0x00 (0) [206] : 0x0f (15) [207] : 0x10 (16) [208] : 0x01 (1) [209] : 0x02 (2) [210] : 0x00 (0) [211] : 0x00 (0) [212] : 0x00 (0) [213] : 0x00 (0) [214] : 0x00 (0) [215] : 0x05 (5) [216] : 0x20 (32) [217] : 0x00 (0) [218] : 0x00 (0) [219] : 0x00 (0) [220] : 0x26 (38) [221] : 0x02 (2) [222] : 0x00 (0) [223] : 0x00 (0) [224] : 0x00 (0) [225] : 0x02 (2) [226] : 0x18 (24) [227] : 0x00 (0) [228] : 0x0c (12) [229] : 0x00 (0) [230] : 0x0f (15) [231] : 0x10 (16) [232] : 0x01 (1) [233] : 0x02 (2) [234] : 0x00 (0) [235] : 0x00 (0) [236] : 0x00 (0) [237] : 0x00 (0) [238] : 0x00 (0) [239] : 0x05 (5) [240] : 0x20 (32) [241] : 0x00 (0) [242] : 0x00 (0) [243] : 0x00 (0) [244] : 0x26 (38) [245] : 0x02 (2) [246] : 0x00 (0) [247] : 0x00 (0) size : * size : 0x000000f8 (248) length : * length : 0x000000f8 (248) result : WERR_OK [2013/11/07 14:24:59.575452, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001b5-0000-0000-7b52-ab947f2c0000 enum_index : 0x00000009 (9) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:59.576364, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 B5 01 00 00 00 00 00 00 7B 52 AB 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:59.580605, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:59.580706, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0016 (22) size : 0x0024 (36) name : * name : 'Share Name' type : * type : REG_SZ (1) value : * value: ARRAY(20) [0] : 0x73 (115) [1] : 0x00 (0) [2] : 0x70 (112) [3] : 0x00 (0) [4] : 0x72 (114) [5] : 0x00 (0) [6] : 0x69 (105) [7] : 0x00 (0) [8] : 0x6e (110) [9] : 0x00 (0) [10] : 0x74 (116) [11] : 0x00 (0) [12] : 0x65 (101) [13] : 0x00 (0) [14] : 0x72 (114) [15] : 0x00 (0) [16] : 0x31 (49) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) size : * size : 0x00000014 (20) length : * length : 0x00000014 (20) result : WERR_OK [2013/11/07 14:24:59.582404, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001b5-0000-0000-7b52-ab947f2c0000 enum_index : 0x0000000a (10) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:59.583330, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 B5 01 00 00 00 00 00 00 7B 52 AB 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:59.583481, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:59.583593, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0014 (20) size : 0x0024 (36) name : * name : 'StartTime' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:59.588566, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001b5-0000-0000-7b52-ab947f2c0000 enum_index : 0x0000000b (11) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:59.589496, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 B5 01 00 00 00 00 00 00 7B 52 AB 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:59.589650, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:59.589789, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0014 (20) size : 0x0024 (36) name : * name : 'UntilTime' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:59.590700, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001b5-0000-0000-7b52-ab947f2c0000 enum_index : 0x0000000c (12) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:59.591574, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 B5 01 00 00 00 00 00 00 7B 52 AB 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:59.591723, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:59.591812, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'ChangeID' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x33 (51) [1] : 0xac (172) [2] : 0x0e (14) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:59.596873, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001b5-0000-0000-7b52-ab947f2c0000 value_name : * value_name: struct winreg_String name_len : 0x0020 (32) name_size : 0x0020 (32) name : * name : 'Default DevMode' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2013/11/07 14:24:59.597721, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 B5 01 00 00 00 00 00 00 7B 52 AB 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:59.597899, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:59.597983, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2013/11/07 14:24:59.598073, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:316(_winreg_QueryValue) _winreg_QueryValue: reg_queryvalue failed with: WERR_BADFILE [2013/11/07 14:24:59.598155, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) result : WERR_BADFILE [2013/11/07 14:24:59.598646, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:24:59.599200, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2013/11/07 14:24:59.599284, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (2->3) [2013/11/07 14:24:59.599370, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2013/11/07 14:24:59.599475, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2013/11/07 14:24:59.599560, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:59.599639, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM] [2013/11/07 14:24:59.599763, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2013/11/07 14:24:59.599868, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:24:59.599955, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[3] [0000] 00 00 00 00 B6 01 00 00 00 00 00 00 7B 52 AB 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:59.600108, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001b6-0000-0000-7b52-ab947f2c0000 result : WERR_OK [2013/11/07 14:24:59.604543, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001b6-0000-0000-7b52-ab947f2c0000 keyname: struct winreg_String name_len : 0x008c (140) name_size : 0x008c (140) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:24:59.605647, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 B6 01 00 00 00 00 00 00 7B 52 AB 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:59.605808, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2013/11/07 14:24:59.605891, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (3->4) [2013/11/07 14:24:59.605976, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2013/11/07 14:24:59.606056, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2013/11/07 14:24:59.606141, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:59.606220, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE] [2013/11/07 14:24:59.606362, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2013/11/07 14:24:59.606467, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2013/11/07 14:24:59.606550, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (4->5) [2013/11/07 14:24:59.606634, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:59.606713, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:59.606797, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:59.606876, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:59.606983, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:59.607083, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2013/11/07 14:24:59.607189, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (5->6) [2013/11/07 14:24:59.607275, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:59.607354, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:59.607454, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:59.607533, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:59.607638, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:59.607739, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2013/11/07 14:24:59.607821, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (6->7) [2013/11/07 14:24:59.607907, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:59.608011, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:59.608097, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:59.608175, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:59.608303, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2013/11/07 14:24:59.608800, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (7->8) [2013/11/07 14:24:59.608896, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:59.608978, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:59.609067, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:59.609146, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:59.609259, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2013/11/07 14:24:59.609363, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (8->9) [2013/11/07 14:24:59.609448, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:59.609529, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:59.609634, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:59.609740, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:59.609851, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:59.609956, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [sprinter1] [2013/11/07 14:24:59.610038, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (9->10) [2013/11/07 14:24:59.610126, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:59.610207, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:59.610295, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:59.610373, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:59.610516, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:59.610619, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:24:59.610705, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (10->9) [2013/11/07 14:24:59.610788, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (9->8) [2013/11/07 14:24:59.610872, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (8->7) [2013/11/07 14:24:59.610954, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (7->6) [2013/11/07 14:24:59.611037, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (6->5) [2013/11/07 14:24:59.611119, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (5->4) [2013/11/07 14:24:59.611204, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[4] [0000] 00 00 00 00 B7 01 00 00 00 00 00 00 7B 52 AB 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:59.611369, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001b7-0000-0000-7b52-ab947f2c0000 result : WERR_OK [2013/11/07 14:24:59.611758, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001b7-0000-0000-7b52-ab947f2c0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2013/11/07 14:24:59.612626, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 B7 01 00 00 00 00 00 00 7B 52 AB 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:59.612777, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:59.612859, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2013/11/07 14:24:59.612941, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' (ops 0xb6d86bc0) [2013/11/07 14:24:59.613024, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:59.613135, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[0]: name[Attributes] len[4] [2013/11/07 14:24:59.613220, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[1]: name[Description] len[2] [2013/11/07 14:24:59.613355, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[2]: name[Datatype] len[8] [2013/11/07 14:24:59.613440, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[3]: name[Default Priority] len[4] [2013/11/07 14:24:59.613525, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[4]: name[Port] len[38] [2013/11/07 14:24:59.613625, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[5]: name[Name] len[20] [2013/11/07 14:24:59.613709, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[6]: name[Print Processor] len[18] [2013/11/07 14:24:59.613794, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[7]: name[Priority] len[4] [2013/11/07 14:24:59.613878, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[8]: name[Security] len[248] [2013/11/07 14:24:59.613963, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[9]: name[Share Name] len[20] [2013/11/07 14:24:59.614047, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[10]: name[StartTime] len[4] [2013/11/07 14:24:59.614132, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[11]: name[UntilTime] len[4] [2013/11/07 14:24:59.614218, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[12]: name[ChangeID] len[4] [2013/11/07 14:24:59.614330, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : NULL data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x00000000 (0) result : WERR_OK [2013/11/07 14:24:59.614793, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001b7-0000-0000-7b52-ab947f2c0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_BINARY (3) data : * data: ARRAY(0) data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x00000000 (0) [2013/11/07 14:24:59.615663, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 B7 01 00 00 00 00 00 00 7B 52 AB 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:59.615816, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:59.615914, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2013/11/07 14:24:59.616003, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : * data: ARRAY(248) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0xc4 (196) [55] : 0x00 (0) [56] : 0x07 (7) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x24 (36) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x05 (5) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x15 (21) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0xcd (205) [101] : 0x0e (14) [102] : 0x37 (55) [103] : 0x41 (65) [104] : 0xea (234) [105] : 0x03 (3) [106] : 0x00 (0) [107] : 0x1d (29) [108] : 0x0e (14) [109] : 0x89 (137) [110] : 0x3c (60) [111] : 0xd2 (210) [112] : 0x00 (0) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x02 (2) [118] : 0x24 (36) [119] : 0x00 (0) [120] : 0x0c (12) [121] : 0x00 (0) [122] : 0x0f (15) [123] : 0x10 (16) [124] : 0x01 (1) [125] : 0x05 (5) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x05 (5) [132] : 0x15 (21) [133] : 0x00 (0) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0xcd (205) [137] : 0x0e (14) [138] : 0x37 (55) [139] : 0x41 (65) [140] : 0xea (234) [141] : 0x03 (3) [142] : 0x00 (0) [143] : 0x1d (29) [144] : 0x0e (14) [145] : 0x89 (137) [146] : 0x3c (60) [147] : 0xd2 (210) [148] : 0x00 (0) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x09 (9) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x20 (32) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x02 (2) [178] : 0x18 (24) [179] : 0x00 (0) [180] : 0x0c (12) [181] : 0x00 (0) [182] : 0x0f (15) [183] : 0x10 (16) [184] : 0x01 (1) [185] : 0x02 (2) [186] : 0x00 (0) [187] : 0x00 (0) [188] : 0x00 (0) [189] : 0x00 (0) [190] : 0x00 (0) [191] : 0x05 (5) [192] : 0x20 (32) [193] : 0x00 (0) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x20 (32) [197] : 0x02 (2) [198] : 0x00 (0) [199] : 0x00 (0) [200] : 0x00 (0) [201] : 0x09 (9) [202] : 0x18 (24) [203] : 0x00 (0) [204] : 0x0c (12) [205] : 0x00 (0) [206] : 0x0f (15) [207] : 0x10 (16) [208] : 0x01 (1) [209] : 0x02 (2) [210] : 0x00 (0) [211] : 0x00 (0) [212] : 0x00 (0) [213] : 0x00 (0) [214] : 0x00 (0) [215] : 0x05 (5) [216] : 0x20 (32) [217] : 0x00 (0) [218] : 0x00 (0) [219] : 0x00 (0) [220] : 0x26 (38) [221] : 0x02 (2) [222] : 0x00 (0) [223] : 0x00 (0) [224] : 0x00 (0) [225] : 0x02 (2) [226] : 0x18 (24) [227] : 0x00 (0) [228] : 0x0c (12) [229] : 0x00 (0) [230] : 0x0f (15) [231] : 0x10 (16) [232] : 0x01 (1) [233] : 0x02 (2) [234] : 0x00 (0) [235] : 0x00 (0) [236] : 0x00 (0) [237] : 0x00 (0) [238] : 0x00 (0) [239] : 0x05 (5) [240] : 0x20 (32) [241] : 0x00 (0) [242] : 0x00 (0) [243] : 0x00 (0) [244] : 0x26 (38) [245] : 0x02 (2) [246] : 0x00 (0) [247] : 0x00 (0) data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x000000f8 (248) result : WERR_OK [2013/11/07 14:24:59.626618, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001b7-0000-0000-7b52-ab947f2c0000 [2013/11/07 14:24:59.626932, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 B7 01 00 00 00 00 00 00 7B 52 AB 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:59.627084, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 B7 01 00 00 00 00 00 00 7B 52 AB 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:59.627253, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:24:59.627340, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (4->3) [2013/11/07 14:24:59.627425, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:24:59.627763, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001b6-0000-0000-7b52-ab947f2c0000 [2013/11/07 14:24:59.628044, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 B6 01 00 00 00 00 00 00 7B 52 AB 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:59.628192, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 B6 01 00 00 00 00 00 00 7B 52 AB 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:59.628338, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:24:59.628451, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (3->2) [2013/11/07 14:24:59.628534, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:24:59.628874, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001b5-0000-0000-7b52-ab947f2c0000 [2013/11/07 14:24:59.629222, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 B5 01 00 00 00 00 00 00 7B 52 AB 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:59.629393, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 B5 01 00 00 00 00 00 00 7B 52 AB 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:59.629556, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:24:59.629647, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (2->1) [2013/11/07 14:24:59.629731, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:24:59.630069, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001b4-0000-0000-7b52-ab947f2c0000 [2013/11/07 14:24:59.630349, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 B4 01 00 00 00 00 00 00 7B 52 AB 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:59.630500, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 B4 01 00 00 00 00 00 00 7B 52 AB 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:59.630649, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:24:59.630732, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (1->0) [2013/11/07 14:24:59.630840, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:24:59.631180, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:416(close_policy_by_pipe) Deleted handle list for RPC connection \winreg [2013/11/07 14:24:59.631403, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) spoolss_GetPrinter: struct spoolss_GetPrinter out: struct spoolss_GetPrinter info : * info : union spoolss_PrinterInfo(case 2) info2: struct spoolss_PrinterInfo2 servername : * servername : '\\SLAVER' printername : * printername : '\\SLAVER\sprinter1' sharename : * sharename : 'sprinter1' portname : * portname : 'Samba Printer Port' drivername : * drivername : '' comment : * comment : '' location : * location : '' devmode : * devmode: struct spoolss_DeviceMode devicename : '\\SLAVER\sprinter1' specversion : DMSPEC_NT4_AND_ABOVE (1025) driverversion : 0x0400 (1024) size : 0x00dc (220) __driverextra_length : 0x0000 (0) fields : 0x00014713 (83731) 1: DEVMODE_ORIENTATION 1: DEVMODE_PAPERSIZE 0: DEVMODE_PAPERLENGTH 0: DEVMODE_PAPERWIDTH 1: DEVMODE_SCALE 0: DEVMODE_POSITION 0: DEVMODE_NUP 1: DEVMODE_COPIES 1: DEVMODE_DEFAULTSOURCE 1: DEVMODE_PRINTQUALITY 0: DEVMODE_COLOR 0: DEVMODE_DUPLEX 0: DEVMODE_YRESOLUTION 1: DEVMODE_TTOPTION 0: DEVMODE_COLLATE 1: DEVMODE_FORMNAME 0: DEVMODE_LOGPIXELS 0: DEVMODE_BITSPERPEL 0: DEVMODE_PELSWIDTH 0: DEVMODE_PELSHEIGHT 0: DEVMODE_DISPLAYFLAGS 0: DEVMODE_DISPLAYFREQUENCY 0: DEVMODE_ICMMETHOD 0: DEVMODE_ICMINTENT 0: DEVMODE_MEDIATYPE 0: DEVMODE_DITHERTYPE 0: DEVMODE_PANNINGWIDTH 0: DEVMODE_PANNINGHEIGHT orientation : DMORIENT_PORTRAIT (1) papersize : DMPAPER_LETTER (1) paperlength : 0x0000 (0) paperwidth : 0x0000 (0) scale : 0x0064 (100) copies : 0x0001 (1) defaultsource : DMBIN_FORMSOURCE (15) printquality : DMRES_HIGH (65532) color : DMRES_MONOCHROME (1) duplex : DMDUP_SIMPLEX (1) yresolution : 0x0000 (0) ttoption : DMTT_SUBDEV (3) collate : DMCOLLATE_FALSE (0) formname : 'Letter' logpixels : 0x0000 (0) bitsperpel : 0x00000000 (0) pelswidth : 0x00000000 (0) pelsheight : 0x00000000 (0) displayflags : UNKNOWN_ENUM_VALUE (0) displayfrequency : 0x00000000 (0) icmmethod : UNKNOWN_ENUM_VALUE (0) icmintent : UNKNOWN_ENUM_VALUE (0) mediatype : UNKNOWN_ENUM_VALUE (0) dithertype : UNKNOWN_ENUM_VALUE (0) reserved1 : 0x00000000 (0) reserved2 : 0x00000000 (0) panningwidth : 0x00000000 (0) panningheight : 0x00000000 (0) driverextra_data : DATA_BLOB length=0 sepfile : * sepfile : '' printprocessor : * printprocessor : 'winprint' datatype : * datatype : 'RAW' parameters : * parameters : '' secdesc : * secdesc: struct security_descriptor revision : SECURITY_DESCRIPTOR_REVISION_1 (1) type : 0x8004 (32772) 0: SEC_DESC_OWNER_DEFAULTED 0: SEC_DESC_GROUP_DEFAULTED 1: SEC_DESC_DACL_PRESENT 0: SEC_DESC_DACL_DEFAULTED 0: SEC_DESC_SACL_PRESENT 0: SEC_DESC_SACL_DEFAULTED 0: SEC_DESC_DACL_TRUSTED 0: SEC_DESC_SERVER_SECURITY 0: SEC_DESC_DACL_AUTO_INHERIT_REQ 0: SEC_DESC_SACL_AUTO_INHERIT_REQ 0: SEC_DESC_DACL_AUTO_INHERITED 0: SEC_DESC_SACL_AUTO_INHERITED 0: SEC_DESC_DACL_PROTECTED 0: SEC_DESC_SACL_PROTECTED 0: SEC_DESC_RM_CONTROL_VALID 1: SEC_DESC_SELF_RELATIVE owner_sid : * owner_sid : S-1-5-32-544 group_sid : * group_sid : S-1-5-32-544 sacl : NULL dacl : * dacl: struct security_acl revision : SECURITY_ACL_REVISION_NT4 (2) size : 0x00c4 (196) num_aces : 0x00000007 (7) aces: ARRAY(7) aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0014 (20) access_mask : 0x20020008 (537001992) object : union security_ace_object_ctr(case 0) trustee : S-1-1-0 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x09 (9) 1: SEC_ACE_FLAG_OBJECT_INHERIT 0: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 1: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0024 (36) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-21-1094127309-486540266-3527182606-512 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0024 (36) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-21-1094127309-486540266-3527182606-512 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x09 (9) 1: SEC_ACE_FLAG_OBJECT_INHERIT 0: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 1: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-544 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-544 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x09 (9) 1: SEC_ACE_FLAG_OBJECT_INHERIT 0: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 1: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-550 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-550 attributes : 0x00001048 (4168) 0: PRINTER_ATTRIBUTE_QUEUED 0: PRINTER_ATTRIBUTE_DIRECT 0: PRINTER_ATTRIBUTE_DEFAULT 1: PRINTER_ATTRIBUTE_SHARED 0: PRINTER_ATTRIBUTE_NETWORK 0: PRINTER_ATTRIBUTE_HIDDEN 1: PRINTER_ATTRIBUTE_LOCAL 0: PRINTER_ATTRIBUTE_ENABLE_DEVQ 0: PRINTER_ATTRIBUTE_KEEPPRINTEDJOBS 0: PRINTER_ATTRIBUTE_DO_COMPLETE_FIRST 0: PRINTER_ATTRIBUTE_WORK_OFFLINE 0: PRINTER_ATTRIBUTE_ENABLE_BIDI 1: PRINTER_ATTRIBUTE_RAW_ONLY 0: PRINTER_ATTRIBUTE_PUBLISHED 0: PRINTER_ATTRIBUTE_FAX 0: PRINTER_ATTRIBUTE_TS priority : 0x00000001 (1) defaultpriority : 0x00000001 (1) starttime : 0x00000000 (0) untiltime : 0x00000000 (0) status : 0x00000000 (0) 0: PRINTER_STATUS_PAUSED 0: PRINTER_STATUS_ERROR 0: PRINTER_STATUS_PENDING_DELETION 0: PRINTER_STATUS_PAPER_JAM 0: PRINTER_STATUS_PAPER_OUT 0: PRINTER_STATUS_MANUAL_FEED 0: PRINTER_STATUS_PAPER_PROBLEM 0: PRINTER_STATUS_OFFLINE 0: PRINTER_STATUS_IO_ACTIVE 0: PRINTER_STATUS_BUSY 0: PRINTER_STATUS_PRINTING 0: PRINTER_STATUS_OUTPUT_BIN_FULL 0: PRINTER_STATUS_NOT_AVAILABLE 0: PRINTER_STATUS_WAITING 0: PRINTER_STATUS_PROCESSING 0: PRINTER_STATUS_INITIALIZING 0: PRINTER_STATUS_WARMING_UP 0: PRINTER_STATUS_TONER_LOW 0: PRINTER_STATUS_NO_TONER 0: PRINTER_STATUS_PAGE_PUNT 0: PRINTER_STATUS_USER_INTERVENTION 0: PRINTER_STATUS_OUT_OF_MEMORY 0: PRINTER_STATUS_DOOR_OPEN 0: PRINTER_STATUS_SERVER_UNKNOWN 0: PRINTER_STATUS_POWER_SAVE cjobs : 0x00000000 (0) averageppm : 0x00000000 (0) needed : * needed : 0x000002f0 (752) result : WERR_OK [2013/11/07 14:24:59.643231, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1417(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2013/11/07 14:24:59.643367, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (2016, 5001) - sec_ctx_stack_ndx = 0 [2013/11/07 14:24:59.643471, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 4140 smbd_smb2_request_pending_queue: req->current_idx = 1 req->in.vector[0].iov_len = 0 req->in.vector[1].iov_len = 0 req->in.vector[2].iov_len = 64 req->in.vector[3].iov_len = 56 req->in.vector[4].iov_len = 4156 req->out.vector[0].iov_len = 4 req->out.vector[1].iov_len = 0 req->out.vector[2].iov_len = 64 req->out.vector[3].iov_len = 8 req->out.vector[4].iov_len = 0 [2013/11/07 14:24:59.643992, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:128(smbd_smb2_ioctl_pipe_write_done) smbd_smb2_ioctl_pipe_write_done: received 4156 [2013/11/07 14:24:59.644078, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:149(smbd_smb2_ioctl_pipe_write_done) smbd_smb2_ioctl_pipe_write_done: issuing np_read_send of size 4136 [2013/11/07 14:24:59.644163, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) name: \spoolss len: 4136 [2013/11/07 14:24:59.644248, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:347(read_from_internal_pipe) read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 4112. [2013/11/07 14:24:59.644347, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x1028 (4136) auth_length : 0x0000 (0) call_id : 0x00000009 (9) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00001010 (4112) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=4112 [0000] 04 00 02 00 00 10 00 00 EE 0F 00 00 C8 0F 00 00 ........ ........ [0010] B4 0F 00 00 8E 0F 00 00 8C 0F 00 00 8A 0F 00 00 ........ ........ [0020] 88 0F 00 00 8C 0E 00 00 86 0F 00 00 74 0F 00 00 ........ ....t... [0030] 6C 0F 00 00 6A 0F 00 00 94 0D 00 00 48 10 00 00 l...j... ....H... [0040] 01 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 01 00 04 80 ........ ........ [0DA0] D8 00 00 00 E8 00 00 00 00 00 00 00 14 00 00 00 ........ ........ [0DB0] 02 00 C4 00 07 00 00 00 00 02 14 00 08 00 02 20 ........ ....... [0DC0] 01 01 00 00 00 00 00 01 00 00 00 00 00 09 24 00 ........ ......$. [0DD0] 0C 00 0F 10 01 05 00 00 00 00 00 05 15 00 00 00 ........ ........ [0DE0] CD 0E 37 41 EA 03 00 1D 0E 89 3C D2 00 02 00 00 ..7A.... ..<..... [0DF0] 00 02 24 00 0C 00 0F 10 01 05 00 00 00 00 00 05 ..$..... ........ [0E00] 15 00 00 00 CD 0E 37 41 EA 03 00 1D 0E 89 3C D2 ......7A ......<. [0E10] 00 02 00 00 00 09 18 00 0C 00 0F 10 01 02 00 00 ........ ........ [0E20] 00 00 00 05 20 00 00 00 20 02 00 00 00 02 18 00 .... ... ....... [0E30] 0C 00 0F 10 01 02 00 00 00 00 00 05 20 00 00 00 ........ .... ... [0E40] 20 02 00 00 00 09 18 00 0C 00 0F 10 01 02 00 00 ....... ........ [0E50] 00 00 00 05 20 00 00 00 26 02 00 00 00 02 18 00 .... ... &....... [0E60] 0C 00 0F 10 01 02 00 00 00 00 00 05 20 00 00 00 ........ .... ... [0E70] 26 02 00 00 01 02 00 00 00 00 00 05 20 00 00 00 &....... .... ... [0E80] 20 02 00 00 01 02 00 00 00 00 00 05 20 00 00 00 ....... .... ... [0E90] 20 02 00 00 5C 00 5C 00 53 00 4C 00 41 00 56 00 ...\.\. S.L.A.V. [0EA0] 45 00 52 00 5C 00 73 00 70 00 72 00 69 00 6E 00 E.R.\.s. p.r.i.n. [0EB0] 74 00 65 00 72 00 31 00 00 00 00 00 00 00 00 00 t.e.r.1. ........ [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0ED0] 00 00 00 00 01 04 00 04 DC 00 00 00 13 47 01 00 ........ .....G.. [0EE0] 01 00 01 00 00 00 00 00 64 00 01 00 0F 00 FC FF ........ d....... [0EF0] 01 00 01 00 00 00 03 00 00 00 4C 00 65 00 74 00 ........ ..L.e.t. [0F00] 74 00 65 00 72 00 00 00 00 00 00 00 00 00 00 00 t.e.r... ........ [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F70] 00 00 00 00 52 00 41 00 57 00 00 00 77 00 69 00 ....R.A. W...w.i. [0F80] 6E 00 70 00 72 00 69 00 6E 00 74 00 00 00 00 00 n.p.r.i. n.t..... [0F90] 00 00 00 00 00 00 53 00 61 00 6D 00 62 00 61 00 ......S. a.m.b.a. [0FA0] 20 00 50 00 72 00 69 00 6E 00 74 00 65 00 72 00 .P.r.i. n.t.e.r. [0FB0] 20 00 50 00 6F 00 72 00 74 00 00 00 73 00 70 00 .P.o.r. t...s.p. [0FC0] 72 00 69 00 6E 00 74 00 65 00 72 00 31 00 00 00 r.i.n.t. e.r.1... [0FD0] 5C 00 5C 00 53 00 4C 00 41 00 56 00 45 00 52 00 \.\.S.L. A.V.E.R. [0FE0] 5C 00 73 00 70 00 72 00 69 00 6E 00 74 00 65 00 \.s.p.r. i.n.t.e. [0FF0] 72 00 31 00 00 00 5C 00 5C 00 53 00 4C 00 41 00 r.1...\. \.S.L.A. [1000] 56 00 45 00 52 00 00 00 F0 02 00 00 00 00 00 00 V.E.R... ........ [2013/11/07 14:24:59.663249, 3, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) free_pipe_context: destroying talloc pool of size 1258 [2013/11/07 14:24:59.663367, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 4136 bytes. There is no more data outstanding [2013/11/07 14:24:59.663453, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:178(smbd_smb2_ioctl_pipe_read_done) smbd_smb2_ioctl_pipe_read_done: np_read_recv nread = 4136 is_data_outstanding = 0, status = NT_STATUS_OK [2013/11/07 14:24:59.663541, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl.c:291(smbd_smb2_request_ioctl_done) smbd_smb2_request_ioctl_done: smbd_smb2_ioctl_recv returned 4136 status NT_STATUS_OK [2013/11/07 14:24:59.663626, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[48] dyn[yes:4136] at ../source3/smbd/smb2_ioctl.c:358 [2013/11/07 14:24:59.663714, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/246/127 [2013/11/07 14:24:59.663992, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) smbd_smb2_request_incoming: idx[1] of 5 vectors [2013/11/07 14:24:59.664084, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) smb2_validate_sequence_number: clearing id 246 (position 246) from bitmap [2013/11/07 14:24:59.664169, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) smbd_smb2_request_dispatch: opcode[SMB2_OP_CREATE] mid = 246 [2013/11/07 14:24:59.664291, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2013/11/07 14:24:59.664482, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_create.c:451(smbd_smb2_create_send) smbd_smb2_create: name[spoolss] [2013/11/07 14:24:59.664587, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap.c:187(dbwrap_check_lock_order) check lock order 1 for /var/run/samba/smbXsrv_open_global.tdb [2013/11/07 14:24:59.664669, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) lock order: 1:/var/run/samba/smbXsrv_open_global.tdb 2: 3: [2013/11/07 14:24:59.664756, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) Locking key 719E44C0 [2013/11/07 14:24:59.664851, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap_tdb.c:143(db_tdb_fetch_locked_internal) Allocated locked data 0x0xb7b75738 [2013/11/07 14:24:59.665027, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smbXsrv_open.c:695(smbXsrv_open_global_store) [2013/11/07 14:24:59.665075, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smbXsrv_open.c:697(smbXsrv_open_global_store) smbXsrv_open_global_store: key '719E44C0' stored [2013/11/07 14:24:59.665158, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) &global_blob: struct smbXsrv_open_globalB version : SMBXSRV_VERSION_0 (0) seqnum : 0x00000001 (1) info : union smbXsrv_open_globalU(case 0) info0 : * info0: struct smbXsrv_open_global0 db_rec : * server_id: struct server_id pid : 0x0000000000002c7f (11391) task_id : 0x00000000 (0) vnn : 0xffffffff (4294967295) unique_id : 0xf0a57ba60aba1420 (-1106342180374834144) open_global_id : 0x719e44c0 (1906197696) open_persistent_id : 0x00000000719e44c0 (1906197696) open_volatile_id : 0x00000000e65f1f33 (3864993587) open_owner : S-1-5-21-1094127309-486540266-3527182606-1118 open_time : Do Nov 7 14:25:00 2013 CET create_guid : 00000000-0000-0000-0000-000000000000 client_guid : 4a76dfb5-4795-11e3-be7a-5254003f141e app_instance_id : 00000000-0000-0000-0000-000000000000 disconnect_time : NTTIME(0) durable_timeout_msec : 0x00000000 (0) durable : 0x00 (0) backend_cookie : DATA_BLOB length=0 [2013/11/07 14:24:59.666407, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) Unlocking key 719E44C0 [2013/11/07 14:24:59.666494, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor) release lock order 1 for /var/run/samba/smbXsrv_open_global.tdb [2013/11/07 14:24:59.666575, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) lock order: 1: 2: 3: [2013/11/07 14:24:59.666659, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smbXsrv_open.c:862(smbXsrv_open_create) [2013/11/07 14:24:59.666704, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smbXsrv_open.c:870(smbXsrv_open_create) smbXsrv_open_create: global_id (0x719e44c0) stored [2013/11/07 14:24:59.666784, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) &open_blob: struct smbXsrv_openB version : SMBXSRV_VERSION_0 (0) reserved : 0x00000000 (0) info : union smbXsrv_openU(case 0) info0 : * info0: struct smbXsrv_open table : * db_rec : NULL local_id : 0xe65f1f33 (3864993587) global : * global: struct smbXsrv_open_global0 db_rec : NULL server_id: struct server_id pid : 0x0000000000002c7f (11391) task_id : 0x00000000 (0) vnn : 0xffffffff (4294967295) unique_id : 0xf0a57ba60aba1420 (-1106342180374834144) open_global_id : 0x719e44c0 (1906197696) open_persistent_id : 0x00000000719e44c0 (1906197696) open_volatile_id : 0x00000000e65f1f33 (3864993587) open_owner : S-1-5-21-1094127309-486540266-3527182606-1118 open_time : Do Nov 7 14:25:00 2013 CET create_guid : 00000000-0000-0000-0000-000000000000 client_guid : 4a76dfb5-4795-11e3-be7a-5254003f141e app_instance_id : 00000000-0000-0000-0000-000000000000 disconnect_time : NTTIME(0) durable_timeout_msec : 0x00000000 (0) durable : 0x00 (0) backend_cookie : DATA_BLOB length=0 status : NT_STATUS_OK idle_time : Do Nov 7 14:25:00 2013 CET compat : NULL [2013/11/07 14:24:59.668131, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/files.c:125(file_new) allocated file structure fnum 3864993587 (6 used) [2013/11/07 14:24:59.668224, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/files.c:713(file_name_hash) file_name_hash: /tmp/spoolss hash 0x7d4e46e5 [2013/11/07 14:24:59.668336, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) Create pipe requested \spoolss [2013/11/07 14:24:59.668544, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 23 for pipe \spoolss [2013/11/07 14:24:59.668704, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) Created internal pipe \spoolss [2013/11/07 14:24:59.668791, 8, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/dosmode.c:631(dos_mode) dos_mode: spoolss [2013/11/07 14:24:59.668983, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_create.c:1053(smbd_smb2_create_send) smbd_smb2_create_send: spoolss - fnum 3864993587 [2013/11/07 14:24:59.669093, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[88] dyn[yes:0] at ../source3/smbd/smb2_create.c:369 [2013/11/07 14:24:59.669180, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/247/127 [2013/11/07 14:24:59.669385, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) smbd_smb2_request_incoming: idx[1] of 5 vectors [2013/11/07 14:24:59.669499, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) smb2_validate_sequence_number: clearing id 247 (position 247) from bitmap [2013/11/07 14:24:59.669583, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) smbd_smb2_request_dispatch: opcode[SMB2_OP_IOCTL] mid = 247 [2013/11/07 14:24:59.669680, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2013/11/07 14:24:59.669770, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) mid 247, CreditCharge: 1, NeededCharge: 1 [2013/11/07 14:24:59.669853, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl.c:394(smbd_smb2_ioctl_send) smbd_smb2_ioctl: ctl_code[0x0011c017] spoolss, fnum 3764318751 [2013/11/07 14:24:59.669941, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:59(smb2_ioctl_named_pipe) smbd_smb2_ioctl_send: np_write_send of size 4156 [2013/11/07 14:24:59.670023, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 4156 [2013/11/07 14:24:59.670105, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 4156 [2013/11/07 14:24:59.670186, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 4156 [2013/11/07 14:24:59.670268, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) fill_rpc_header: data_to_copy = 4156, len_needed_to_complete_hdr = 16, receive_len = 0 [2013/11/07 14:24:59.670350, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 16 [2013/11/07 14:24:59.670429, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 4140 [2013/11/07 14:24:59.670544, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 4140 [2013/11/07 14:24:59.670631, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 0 [2013/11/07 14:24:59.670710, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 4140 [2013/11/07 14:24:59.670790, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 4140, incoming data = 4140 [2013/11/07 14:24:59.670876, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) PDU is in Little Endian format! [2013/11/07 14:24:59.670968, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x103c (4156) auth_length : 0x0000 (0) call_id : 0x0000000a (10) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x00001024 (4132) context_id : 0x0000 (0) opnum : 0x0008 (8) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=4132 [0000] 00 00 00 00 7E 01 00 00 00 00 00 00 7B 52 AA 94 ....~... ....{R.. [0010] 7F 2C 00 00 02 00 00 00 00 00 02 00 00 10 00 00 .,...... ........ [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1020] 00 10 00 00 .... [2013/11/07 14:24:59.689800, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) Processing packet type 0 [2013/11/07 14:24:59.689890, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1472(dcesrv_auth_request) Checking request auth. [2013/11/07 14:24:59.689983, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(2016, 5001) : sec_ctx_stack_ndx = 1 [2013/11/07 14:24:59.690075, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (2016, 5001) - sec_ctx_stack_ndx = 1 [2013/11/07 14:24:59.690160, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (7): SID[ 0]: S-1-5-21-1094127309-486540266-3527182606-1118 SID[ 1]: S-1-5-21-1094127309-486540266-3527182606-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-32-545 SID[ 6]: S-1-5-32-554 Privileges (0x 800000): Privilege[ 0]: SeChangeNotifyPrivilege Rights (0x 400): Right[ 0]: SeRemoteInteractiveLogonRight [2013/11/07 14:24:59.690644, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 2016 Primary group is 5001 and contains 6 supplementary groups Group[ 0]: 5001 Group[ 1]: 5012 Group[ 2]: 5032 Group[ 3]: 5010 Group[ 4]: 5067 Group[ 5]: 5052 [2013/11/07 14:24:59.690991, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1324(api_pipe_request) Requested \spoolss rpc service [2013/11/07 14:24:59.691078, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1356(api_rpcTNP) api_rpcTNP: \spoolss op 0x8 - api_rpcTNP: rpc command: SPOOLSS_GETPRINTER [2013/11/07 14:24:59.691165, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1390(api_rpcTNP) api_rpc_cmds[8].fn == 0xb766e000 [2013/11/07 14:24:59.691254, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) spoolss_GetPrinter: struct spoolss_GetPrinter in: struct spoolss_GetPrinter handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000017e-0000-0000-7b52-aa947f2c0000 level : 0x00000002 (2) buffer : * buffer : DATA_BLOB length=4096 [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ offered : 0x00001000 (4096) [2013/11/07 14:24:59.709782, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[4] [0000] 00 00 00 00 7E 01 00 00 00 00 00 00 7B 52 AA 94 ....~... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:59.709943, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[4] [0000] 00 00 00 00 7E 01 00 00 00 00 00 00 7B 52 AA 94 ....~... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:59.710106, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:489(get_printer_snum) short name:sprinter1 [2013/11/07 14:24:59.710293, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) Create pipe requested \winreg [2013/11/07 14:24:59.710388, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:221(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \winreg [2013/11/07 14:24:59.710470, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg [2013/11/07 14:24:59.710638, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) Created internal pipe \winreg [2013/11/07 14:24:59.710754, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:24:59.711258, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2013/11/07 14:24:59.711344, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(2016, 5001) : sec_ctx_stack_ndx = 2 [2013/11/07 14:24:59.711431, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:485(push_conn_ctx) push_conn_ctx(2620291195) : conn_ctx_stack_ndx = 0 [2013/11/07 14:24:59.711513, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/11/07 14:24:59.711593, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/11/07 14:24:59.711695, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/11/07 14:24:59.711951, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (2016, 5001) - sec_ctx_stack_ndx = 1 [2013/11/07 14:24:59.712036, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:866(regdb_open) regdb_open: registry db opened. refcount reset (1) [2013/11/07 14:24:59.712123, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2013/11/07 14:24:59.712203, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2013/11/07 14:24:59.712287, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:59.712366, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM] [2013/11/07 14:24:59.712560, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2013/11/07 14:24:59.712683, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:24:59.712802, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 B8 01 00 00 00 00 00 00 7B 52 AB 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:59.712965, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001b8-0000-0000-7b52-ab947f2c0000 result : WERR_OK [2013/11/07 14:24:59.713357, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001b8-0000-0000-7b52-ab947f2c0000 keyname: struct winreg_String name_len : 0x008c (140) name_size : 0x008c (140) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:24:59.714383, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 B8 01 00 00 00 00 00 00 7B 52 AB 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:59.714541, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2013/11/07 14:24:59.714624, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (1->2) [2013/11/07 14:24:59.714761, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2013/11/07 14:24:59.714841, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2013/11/07 14:24:59.714925, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:59.715004, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE] [2013/11/07 14:24:59.715135, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2013/11/07 14:24:59.715237, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2013/11/07 14:24:59.715320, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (2->3) [2013/11/07 14:24:59.715405, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:59.715484, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:59.715568, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:59.715647, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:59.715752, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:59.715852, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2013/11/07 14:24:59.715933, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (3->4) [2013/11/07 14:24:59.716019, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:59.716098, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:59.716182, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:59.716260, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:59.716362, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:59.716527, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2013/11/07 14:24:59.716609, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (4->5) [2013/11/07 14:24:59.716695, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:59.716775, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:59.716860, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:59.716953, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:59.717077, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2013/11/07 14:24:59.717160, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (5->6) [2013/11/07 14:24:59.717244, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:59.717339, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:59.717454, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:59.717533, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:59.717644, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2013/11/07 14:24:59.717727, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (6->7) [2013/11/07 14:24:59.717811, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:59.717891, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:59.717979, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:59.718058, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:59.718160, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:59.718264, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [sprinter1] [2013/11/07 14:24:59.718346, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (7->8) [2013/11/07 14:24:59.718517, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:59.718600, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:59.718688, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:59.718785, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:59.718914, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:59.719018, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:24:59.719104, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (8->7) [2013/11/07 14:24:59.719187, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (7->6) [2013/11/07 14:24:59.719271, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (6->5) [2013/11/07 14:24:59.719354, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (5->4) [2013/11/07 14:24:59.719436, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (4->3) [2013/11/07 14:24:59.719519, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (3->2) [2013/11/07 14:24:59.719629, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 B9 01 00 00 00 00 00 00 7B 52 AB 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:59.719780, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001b9-0000-0000-7b52-ab947f2c0000 result : WERR_OK [2013/11/07 14:24:59.720131, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey in: struct winreg_QueryInfoKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001b9-0000-0000-7b52-ab947f2c0000 classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL [2013/11/07 14:24:59.720717, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 B9 01 00 00 00 00 00 00 7B 52 AB 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:59.720874, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' (ops 0xb6d86bc0) [2013/11/07 14:24:59.720974, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:59.721099, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[0]: name[Attributes] len[4] [2013/11/07 14:24:59.721185, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[1]: name[Description] len[2] [2013/11/07 14:24:59.721269, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[2]: name[Datatype] len[8] [2013/11/07 14:24:59.721380, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[3]: name[Default Priority] len[4] [2013/11/07 14:24:59.721465, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[4]: name[Port] len[38] [2013/11/07 14:24:59.721549, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[5]: name[Name] len[20] [2013/11/07 14:24:59.721633, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[6]: name[Print Processor] len[18] [2013/11/07 14:24:59.721768, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[7]: name[Priority] len[4] [2013/11/07 14:24:59.721854, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[8]: name[Security] len[248] [2013/11/07 14:24:59.721940, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[9]: name[Share Name] len[20] [2013/11/07 14:24:59.722024, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[10]: name[StartTime] len[4] [2013/11/07 14:24:59.722109, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[11]: name[UntilTime] len[4] [2013/11/07 14:24:59.722194, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[12]: name[ChangeID] len[4] [2013/11/07 14:24:59.722283, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:59.722391, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey out: struct winreg_QueryInfoKey classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL num_subkeys : * num_subkeys : 0x00000003 (3) max_subkeylen : * max_subkeylen : 0x00000022 (34) max_classlen : * max_classlen : 0x00000000 (0) num_values : * num_values : 0x0000000d (13) max_valnamelen : * max_valnamelen : 0x00000022 (34) max_valbufsize : * max_valbufsize : 0x000000f8 (248) secdescsize : * secdescsize : 0x00000078 (120) last_changed_time : * last_changed_time : NTTIME(0) result : WERR_OK [2013/11/07 14:24:59.723396, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001b9-0000-0000-7b52-ab947f2c0000 enum_index : 0x00000000 (0) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:59.724244, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 B9 01 00 00 00 00 00 00 7B 52 AB 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:59.724449, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:59.724543, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0016 (22) size : 0x0024 (36) name : * name : 'Attributes' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x48 (72) [1] : 0x10 (16) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:59.725434, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001b9-0000-0000-7b52-ab947f2c0000 enum_index : 0x00000001 (1) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:59.726294, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 B9 01 00 00 00 00 00 00 7B 52 AB 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:59.726444, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:59.726531, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0018 (24) size : 0x0024 (36) name : * name : 'Description' type : * type : REG_SZ (1) value : * value: ARRAY(2) [0] : 0x00 (0) [1] : 0x00 (0) size : * size : 0x00000002 (2) length : * length : 0x00000002 (2) result : WERR_OK [2013/11/07 14:24:59.727359, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001b9-0000-0000-7b52-ab947f2c0000 enum_index : 0x00000002 (2) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:59.728232, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 B9 01 00 00 00 00 00 00 7B 52 AB 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:59.728431, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:59.728523, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Datatype' type : * type : REG_SZ (1) value : * value: ARRAY(8) [0] : 0x52 (82) [1] : 0x00 (0) [2] : 0x41 (65) [3] : 0x00 (0) [4] : 0x57 (87) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) size : * size : 0x00000008 (8) length : * length : 0x00000008 (8) result : WERR_OK [2013/11/07 14:24:59.729689, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001b9-0000-0000-7b52-ab947f2c0000 enum_index : 0x00000003 (3) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:59.730566, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 B9 01 00 00 00 00 00 00 7B 52 AB 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:59.730715, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:59.730806, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0022 (34) size : 0x0024 (36) name : * name : 'Default Priority' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:59.731725, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001b9-0000-0000-7b52-ab947f2c0000 enum_index : 0x00000004 (4) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:59.732628, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 B9 01 00 00 00 00 00 00 7B 52 AB 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:59.732778, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:59.732867, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x000a (10) size : 0x0024 (36) name : * name : 'Port' type : * type : REG_SZ (1) value : * value: ARRAY(38) [0] : 0x53 (83) [1] : 0x00 (0) [2] : 0x61 (97) [3] : 0x00 (0) [4] : 0x6d (109) [5] : 0x00 (0) [6] : 0x62 (98) [7] : 0x00 (0) [8] : 0x61 (97) [9] : 0x00 (0) [10] : 0x20 (32) [11] : 0x00 (0) [12] : 0x50 (80) [13] : 0x00 (0) [14] : 0x72 (114) [15] : 0x00 (0) [16] : 0x69 (105) [17] : 0x00 (0) [18] : 0x6e (110) [19] : 0x00 (0) [20] : 0x74 (116) [21] : 0x00 (0) [22] : 0x65 (101) [23] : 0x00 (0) [24] : 0x72 (114) [25] : 0x00 (0) [26] : 0x20 (32) [27] : 0x00 (0) [28] : 0x50 (80) [29] : 0x00 (0) [30] : 0x6f (111) [31] : 0x00 (0) [32] : 0x72 (114) [33] : 0x00 (0) [34] : 0x74 (116) [35] : 0x00 (0) [36] : 0x00 (0) [37] : 0x00 (0) size : * size : 0x00000026 (38) length : * length : 0x00000026 (38) result : WERR_OK [2013/11/07 14:24:59.735159, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001b9-0000-0000-7b52-ab947f2c0000 enum_index : 0x00000005 (5) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:59.736060, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 B9 01 00 00 00 00 00 00 7B 52 AB 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:59.736209, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:59.736298, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x000a (10) size : 0x0024 (36) name : * name : 'Name' type : * type : REG_SZ (1) value : * value: ARRAY(20) [0] : 0x73 (115) [1] : 0x00 (0) [2] : 0x70 (112) [3] : 0x00 (0) [4] : 0x72 (114) [5] : 0x00 (0) [6] : 0x69 (105) [7] : 0x00 (0) [8] : 0x6e (110) [9] : 0x00 (0) [10] : 0x74 (116) [11] : 0x00 (0) [12] : 0x65 (101) [13] : 0x00 (0) [14] : 0x72 (114) [15] : 0x00 (0) [16] : 0x31 (49) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) size : * size : 0x00000014 (20) length : * length : 0x00000014 (20) result : WERR_OK [2013/11/07 14:24:59.738068, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001b9-0000-0000-7b52-ab947f2c0000 enum_index : 0x00000006 (6) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:59.738954, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 B9 01 00 00 00 00 00 00 7B 52 AB 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:59.739104, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:59.739195, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0020 (32) size : 0x0024 (36) name : * name : 'Print Processor' type : * type : REG_SZ (1) value : * value: ARRAY(18) [0] : 0x77 (119) [1] : 0x00 (0) [2] : 0x69 (105) [3] : 0x00 (0) [4] : 0x6e (110) [5] : 0x00 (0) [6] : 0x70 (112) [7] : 0x00 (0) [8] : 0x72 (114) [9] : 0x00 (0) [10] : 0x69 (105) [11] : 0x00 (0) [12] : 0x6e (110) [13] : 0x00 (0) [14] : 0x74 (116) [15] : 0x00 (0) [16] : 0x00 (0) [17] : 0x00 (0) size : * size : 0x00000012 (18) length : * length : 0x00000012 (18) result : WERR_OK [2013/11/07 14:24:59.740702, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001b9-0000-0000-7b52-ab947f2c0000 enum_index : 0x00000007 (7) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:59.741593, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 B9 01 00 00 00 00 00 00 7B 52 AB 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:59.741742, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:59.741831, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Priority' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:59.742748, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001b9-0000-0000-7b52-ab947f2c0000 enum_index : 0x00000008 (8) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:59.743599, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 B9 01 00 00 00 00 00 00 7B 52 AB 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:59.743747, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:59.743833, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Security' type : * type : REG_BINARY (3) value : * value: ARRAY(248) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0xc4 (196) [55] : 0x00 (0) [56] : 0x07 (7) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x24 (36) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x05 (5) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x15 (21) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0xcd (205) [101] : 0x0e (14) [102] : 0x37 (55) [103] : 0x41 (65) [104] : 0xea (234) [105] : 0x03 (3) [106] : 0x00 (0) [107] : 0x1d (29) [108] : 0x0e (14) [109] : 0x89 (137) [110] : 0x3c (60) [111] : 0xd2 (210) [112] : 0x00 (0) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x02 (2) [118] : 0x24 (36) [119] : 0x00 (0) [120] : 0x0c (12) [121] : 0x00 (0) [122] : 0x0f (15) [123] : 0x10 (16) [124] : 0x01 (1) [125] : 0x05 (5) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x05 (5) [132] : 0x15 (21) [133] : 0x00 (0) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0xcd (205) [137] : 0x0e (14) [138] : 0x37 (55) [139] : 0x41 (65) [140] : 0xea (234) [141] : 0x03 (3) [142] : 0x00 (0) [143] : 0x1d (29) [144] : 0x0e (14) [145] : 0x89 (137) [146] : 0x3c (60) [147] : 0xd2 (210) [148] : 0x00 (0) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x09 (9) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x20 (32) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x02 (2) [178] : 0x18 (24) [179] : 0x00 (0) [180] : 0x0c (12) [181] : 0x00 (0) [182] : 0x0f (15) [183] : 0x10 (16) [184] : 0x01 (1) [185] : 0x02 (2) [186] : 0x00 (0) [187] : 0x00 (0) [188] : 0x00 (0) [189] : 0x00 (0) [190] : 0x00 (0) [191] : 0x05 (5) [192] : 0x20 (32) [193] : 0x00 (0) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x20 (32) [197] : 0x02 (2) [198] : 0x00 (0) [199] : 0x00 (0) [200] : 0x00 (0) [201] : 0x09 (9) [202] : 0x18 (24) [203] : 0x00 (0) [204] : 0x0c (12) [205] : 0x00 (0) [206] : 0x0f (15) [207] : 0x10 (16) [208] : 0x01 (1) [209] : 0x02 (2) [210] : 0x00 (0) [211] : 0x00 (0) [212] : 0x00 (0) [213] : 0x00 (0) [214] : 0x00 (0) [215] : 0x05 (5) [216] : 0x20 (32) [217] : 0x00 (0) [218] : 0x00 (0) [219] : 0x00 (0) [220] : 0x26 (38) [221] : 0x02 (2) [222] : 0x00 (0) [223] : 0x00 (0) [224] : 0x00 (0) [225] : 0x02 (2) [226] : 0x18 (24) [227] : 0x00 (0) [228] : 0x0c (12) [229] : 0x00 (0) [230] : 0x0f (15) [231] : 0x10 (16) [232] : 0x01 (1) [233] : 0x02 (2) [234] : 0x00 (0) [235] : 0x00 (0) [236] : 0x00 (0) [237] : 0x00 (0) [238] : 0x00 (0) [239] : 0x05 (5) [240] : 0x20 (32) [241] : 0x00 (0) [242] : 0x00 (0) [243] : 0x00 (0) [244] : 0x26 (38) [245] : 0x02 (2) [246] : 0x00 (0) [247] : 0x00 (0) size : * size : 0x000000f8 (248) length : * length : 0x000000f8 (248) result : WERR_OK [2013/11/07 14:24:59.754450, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001b9-0000-0000-7b52-ab947f2c0000 enum_index : 0x00000009 (9) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:59.755324, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 B9 01 00 00 00 00 00 00 7B 52 AB 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:59.755476, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:59.755592, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0016 (22) size : 0x0024 (36) name : * name : 'Share Name' type : * type : REG_SZ (1) value : * value: ARRAY(20) [0] : 0x73 (115) [1] : 0x00 (0) [2] : 0x70 (112) [3] : 0x00 (0) [4] : 0x72 (114) [5] : 0x00 (0) [6] : 0x69 (105) [7] : 0x00 (0) [8] : 0x6e (110) [9] : 0x00 (0) [10] : 0x74 (116) [11] : 0x00 (0) [12] : 0x65 (101) [13] : 0x00 (0) [14] : 0x72 (114) [15] : 0x00 (0) [16] : 0x31 (49) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) size : * size : 0x00000014 (20) length : * length : 0x00000014 (20) result : WERR_OK [2013/11/07 14:24:59.757145, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001b9-0000-0000-7b52-ab947f2c0000 enum_index : 0x0000000a (10) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:59.758072, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 B9 01 00 00 00 00 00 00 7B 52 AB 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:59.758221, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:59.758312, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0014 (20) size : 0x0024 (36) name : * name : 'StartTime' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:59.759227, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001b9-0000-0000-7b52-ab947f2c0000 enum_index : 0x0000000b (11) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:59.760130, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 B9 01 00 00 00 00 00 00 7B 52 AB 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:59.760278, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:59.760369, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0014 (20) size : 0x0024 (36) name : * name : 'UntilTime' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:59.761312, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001b9-0000-0000-7b52-ab947f2c0000 enum_index : 0x0000000c (12) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:59.762188, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 B9 01 00 00 00 00 00 00 7B 52 AB 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:59.762419, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:59.762511, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'ChangeID' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x33 (51) [1] : 0xac (172) [2] : 0x0e (14) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:59.763470, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001b9-0000-0000-7b52-ab947f2c0000 value_name : * value_name: struct winreg_String name_len : 0x0020 (32) name_size : 0x0020 (32) name : * name : 'Default DevMode' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2013/11/07 14:24:59.764272, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 B9 01 00 00 00 00 00 00 7B 52 AB 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:59.764454, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:59.764537, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2013/11/07 14:24:59.764642, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:316(_winreg_QueryValue) _winreg_QueryValue: reg_queryvalue failed with: WERR_BADFILE [2013/11/07 14:24:59.764723, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) result : WERR_BADFILE [2013/11/07 14:24:59.765215, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:24:59.765735, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2013/11/07 14:24:59.765819, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (2->3) [2013/11/07 14:24:59.765904, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2013/11/07 14:24:59.766008, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2013/11/07 14:24:59.766094, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:59.766173, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM] [2013/11/07 14:24:59.766302, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2013/11/07 14:24:59.766407, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:24:59.766495, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[3] [0000] 00 00 00 00 BA 01 00 00 00 00 00 00 7B 52 AB 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:59.766648, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001ba-0000-0000-7b52-ab947f2c0000 result : WERR_OK [2013/11/07 14:24:59.767011, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001ba-0000-0000-7b52-ab947f2c0000 keyname: struct winreg_String name_len : 0x008c (140) name_size : 0x008c (140) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:24:59.768065, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 BA 01 00 00 00 00 00 00 7B 52 AB 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:59.768223, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2013/11/07 14:24:59.768306, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (3->4) [2013/11/07 14:24:59.768417, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2013/11/07 14:24:59.768501, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2013/11/07 14:24:59.768585, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:59.768664, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE] [2013/11/07 14:24:59.768801, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2013/11/07 14:24:59.768904, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2013/11/07 14:24:59.768986, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (4->5) [2013/11/07 14:24:59.769070, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:59.769149, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:59.769234, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:59.769372, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:59.769482, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:59.769581, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2013/11/07 14:24:59.769663, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (5->6) [2013/11/07 14:24:59.769774, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:59.769853, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:59.769938, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:59.770017, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:59.770122, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:59.770222, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2013/11/07 14:24:59.770304, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (6->7) [2013/11/07 14:24:59.770388, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:59.770468, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:59.770553, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:59.770656, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:59.770783, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2013/11/07 14:24:59.770867, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (7->8) [2013/11/07 14:24:59.770952, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:59.771032, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:59.771133, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:59.771212, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:59.771320, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2013/11/07 14:24:59.771403, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (8->9) [2013/11/07 14:24:59.771488, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:59.771592, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:59.771682, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:59.771761, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:59.771869, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:59.771972, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [sprinter1] [2013/11/07 14:24:59.772055, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (9->10) [2013/11/07 14:24:59.772140, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:59.772221, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:59.772308, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:59.772411, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:59.772527, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:59.772629, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:24:59.772765, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (10->9) [2013/11/07 14:24:59.772850, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (9->8) [2013/11/07 14:24:59.772949, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (8->7) [2013/11/07 14:24:59.773032, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (7->6) [2013/11/07 14:24:59.773196, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (6->5) [2013/11/07 14:24:59.773290, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (5->4) [2013/11/07 14:24:59.773376, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[4] [0000] 00 00 00 00 BB 01 00 00 00 00 00 00 7B 52 AB 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:59.773556, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001bb-0000-0000-7b52-ab947f2c0000 result : WERR_OK [2013/11/07 14:24:59.773921, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001bb-0000-0000-7b52-ab947f2c0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2013/11/07 14:24:59.774766, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 BB 01 00 00 00 00 00 00 7B 52 AB 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:59.774916, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:59.774999, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2013/11/07 14:24:59.775105, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' (ops 0xb6d86bc0) [2013/11/07 14:24:59.775190, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:59.775321, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[0]: name[Attributes] len[4] [2013/11/07 14:24:59.775406, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[1]: name[Description] len[2] [2013/11/07 14:24:59.775490, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[2]: name[Datatype] len[8] [2013/11/07 14:24:59.775574, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[3]: name[Default Priority] len[4] [2013/11/07 14:24:59.775659, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[4]: name[Port] len[38] [2013/11/07 14:24:59.775743, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[5]: name[Name] len[20] [2013/11/07 14:24:59.775827, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[6]: name[Print Processor] len[18] [2013/11/07 14:24:59.775937, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[7]: name[Priority] len[4] [2013/11/07 14:24:59.776022, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[8]: name[Security] len[248] [2013/11/07 14:24:59.776107, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[9]: name[Share Name] len[20] [2013/11/07 14:24:59.776192, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[10]: name[StartTime] len[4] [2013/11/07 14:24:59.776277, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[11]: name[UntilTime] len[4] [2013/11/07 14:24:59.776362, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[12]: name[ChangeID] len[4] [2013/11/07 14:24:59.776484, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : NULL data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x00000000 (0) result : WERR_OK [2013/11/07 14:24:59.776971, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001bb-0000-0000-7b52-ab947f2c0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_BINARY (3) data : * data: ARRAY(0) data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x00000000 (0) [2013/11/07 14:24:59.777820, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 BB 01 00 00 00 00 00 00 7B 52 AB 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:59.777969, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:59.778076, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2013/11/07 14:24:59.778165, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : * data: ARRAY(248) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0xc4 (196) [55] : 0x00 (0) [56] : 0x07 (7) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x24 (36) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x05 (5) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x15 (21) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0xcd (205) [101] : 0x0e (14) [102] : 0x37 (55) [103] : 0x41 (65) [104] : 0xea (234) [105] : 0x03 (3) [106] : 0x00 (0) [107] : 0x1d (29) [108] : 0x0e (14) [109] : 0x89 (137) [110] : 0x3c (60) [111] : 0xd2 (210) [112] : 0x00 (0) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x02 (2) [118] : 0x24 (36) [119] : 0x00 (0) [120] : 0x0c (12) [121] : 0x00 (0) [122] : 0x0f (15) [123] : 0x10 (16) [124] : 0x01 (1) [125] : 0x05 (5) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x05 (5) [132] : 0x15 (21) [133] : 0x00 (0) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0xcd (205) [137] : 0x0e (14) [138] : 0x37 (55) [139] : 0x41 (65) [140] : 0xea (234) [141] : 0x03 (3) [142] : 0x00 (0) [143] : 0x1d (29) [144] : 0x0e (14) [145] : 0x89 (137) [146] : 0x3c (60) [147] : 0xd2 (210) [148] : 0x00 (0) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x09 (9) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x20 (32) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x02 (2) [178] : 0x18 (24) [179] : 0x00 (0) [180] : 0x0c (12) [181] : 0x00 (0) [182] : 0x0f (15) [183] : 0x10 (16) [184] : 0x01 (1) [185] : 0x02 (2) [186] : 0x00 (0) [187] : 0x00 (0) [188] : 0x00 (0) [189] : 0x00 (0) [190] : 0x00 (0) [191] : 0x05 (5) [192] : 0x20 (32) [193] : 0x00 (0) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x20 (32) [197] : 0x02 (2) [198] : 0x00 (0) [199] : 0x00 (0) [200] : 0x00 (0) [201] : 0x09 (9) [202] : 0x18 (24) [203] : 0x00 (0) [204] : 0x0c (12) [205] : 0x00 (0) [206] : 0x0f (15) [207] : 0x10 (16) [208] : 0x01 (1) [209] : 0x02 (2) [210] : 0x00 (0) [211] : 0x00 (0) [212] : 0x00 (0) [213] : 0x00 (0) [214] : 0x00 (0) [215] : 0x05 (5) [216] : 0x20 (32) [217] : 0x00 (0) [218] : 0x00 (0) [219] : 0x00 (0) [220] : 0x26 (38) [221] : 0x02 (2) [222] : 0x00 (0) [223] : 0x00 (0) [224] : 0x00 (0) [225] : 0x02 (2) [226] : 0x18 (24) [227] : 0x00 (0) [228] : 0x0c (12) [229] : 0x00 (0) [230] : 0x0f (15) [231] : 0x10 (16) [232] : 0x01 (1) [233] : 0x02 (2) [234] : 0x00 (0) [235] : 0x00 (0) [236] : 0x00 (0) [237] : 0x00 (0) [238] : 0x00 (0) [239] : 0x05 (5) [240] : 0x20 (32) [241] : 0x00 (0) [242] : 0x00 (0) [243] : 0x00 (0) [244] : 0x26 (38) [245] : 0x02 (2) [246] : 0x00 (0) [247] : 0x00 (0) data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x000000f8 (248) result : WERR_OK [2013/11/07 14:24:59.788747, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001bb-0000-0000-7b52-ab947f2c0000 [2013/11/07 14:24:59.789036, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 BB 01 00 00 00 00 00 00 7B 52 AB 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:59.789186, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 BB 01 00 00 00 00 00 00 7B 52 AB 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:59.789374, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:24:59.789463, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (4->3) [2013/11/07 14:24:59.789546, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:24:59.789885, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001ba-0000-0000-7b52-ab947f2c0000 [2013/11/07 14:24:59.790214, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 BA 01 00 00 00 00 00 00 7B 52 AB 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:59.790367, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 BA 01 00 00 00 00 00 00 7B 52 AB 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:59.790519, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:24:59.790602, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (3->2) [2013/11/07 14:24:59.790684, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:24:59.791066, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001b9-0000-0000-7b52-ab947f2c0000 [2013/11/07 14:24:59.791347, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 B9 01 00 00 00 00 00 00 7B 52 AB 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:59.791498, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 B9 01 00 00 00 00 00 00 7B 52 AB 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:59.791699, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:24:59.791811, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (2->1) [2013/11/07 14:24:59.791896, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:24:59.792234, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001b8-0000-0000-7b52-ab947f2c0000 [2013/11/07 14:24:59.792573, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 B8 01 00 00 00 00 00 00 7B 52 AB 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:59.792727, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 B8 01 00 00 00 00 00 00 7B 52 AB 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:59.792876, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:24:59.792960, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (1->0) [2013/11/07 14:24:59.793066, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:24:59.793458, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:416(close_policy_by_pipe) Deleted handle list for RPC connection \winreg [2013/11/07 14:24:59.793705, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) spoolss_GetPrinter: struct spoolss_GetPrinter out: struct spoolss_GetPrinter info : * info : union spoolss_PrinterInfo(case 2) info2: struct spoolss_PrinterInfo2 servername : * servername : '\\SLAVER' printername : * printername : '\\SLAVER\sprinter1' sharename : * sharename : 'sprinter1' portname : * portname : 'Samba Printer Port' drivername : * drivername : '' comment : * comment : '' location : * location : '' devmode : * devmode: struct spoolss_DeviceMode devicename : '\\SLAVER\sprinter1' specversion : DMSPEC_NT4_AND_ABOVE (1025) driverversion : 0x0400 (1024) size : 0x00dc (220) __driverextra_length : 0x0000 (0) fields : 0x00014713 (83731) 1: DEVMODE_ORIENTATION 1: DEVMODE_PAPERSIZE 0: DEVMODE_PAPERLENGTH 0: DEVMODE_PAPERWIDTH 1: DEVMODE_SCALE 0: DEVMODE_POSITION 0: DEVMODE_NUP 1: DEVMODE_COPIES 1: DEVMODE_DEFAULTSOURCE 1: DEVMODE_PRINTQUALITY 0: DEVMODE_COLOR 0: DEVMODE_DUPLEX 0: DEVMODE_YRESOLUTION 1: DEVMODE_TTOPTION 0: DEVMODE_COLLATE 1: DEVMODE_FORMNAME 0: DEVMODE_LOGPIXELS 0: DEVMODE_BITSPERPEL 0: DEVMODE_PELSWIDTH 0: DEVMODE_PELSHEIGHT 0: DEVMODE_DISPLAYFLAGS 0: DEVMODE_DISPLAYFREQUENCY 0: DEVMODE_ICMMETHOD 0: DEVMODE_ICMINTENT 0: DEVMODE_MEDIATYPE 0: DEVMODE_DITHERTYPE 0: DEVMODE_PANNINGWIDTH 0: DEVMODE_PANNINGHEIGHT orientation : DMORIENT_PORTRAIT (1) papersize : DMPAPER_LETTER (1) paperlength : 0x0000 (0) paperwidth : 0x0000 (0) scale : 0x0064 (100) copies : 0x0001 (1) defaultsource : DMBIN_FORMSOURCE (15) printquality : DMRES_HIGH (65532) color : DMRES_MONOCHROME (1) duplex : DMDUP_SIMPLEX (1) yresolution : 0x0000 (0) ttoption : DMTT_SUBDEV (3) collate : DMCOLLATE_FALSE (0) formname : 'Letter' logpixels : 0x0000 (0) bitsperpel : 0x00000000 (0) pelswidth : 0x00000000 (0) pelsheight : 0x00000000 (0) displayflags : UNKNOWN_ENUM_VALUE (0) displayfrequency : 0x00000000 (0) icmmethod : UNKNOWN_ENUM_VALUE (0) icmintent : UNKNOWN_ENUM_VALUE (0) mediatype : UNKNOWN_ENUM_VALUE (0) dithertype : UNKNOWN_ENUM_VALUE (0) reserved1 : 0x00000000 (0) reserved2 : 0x00000000 (0) panningwidth : 0x00000000 (0) panningheight : 0x00000000 (0) driverextra_data : DATA_BLOB length=0 sepfile : * sepfile : '' printprocessor : * printprocessor : 'winprint' datatype : * datatype : 'RAW' parameters : * parameters : '' secdesc : * secdesc: struct security_descriptor revision : SECURITY_DESCRIPTOR_REVISION_1 (1) type : 0x8004 (32772) 0: SEC_DESC_OWNER_DEFAULTED 0: SEC_DESC_GROUP_DEFAULTED 1: SEC_DESC_DACL_PRESENT 0: SEC_DESC_DACL_DEFAULTED 0: SEC_DESC_SACL_PRESENT 0: SEC_DESC_SACL_DEFAULTED 0: SEC_DESC_DACL_TRUSTED 0: SEC_DESC_SERVER_SECURITY 0: SEC_DESC_DACL_AUTO_INHERIT_REQ 0: SEC_DESC_SACL_AUTO_INHERIT_REQ 0: SEC_DESC_DACL_AUTO_INHERITED 0: SEC_DESC_SACL_AUTO_INHERITED 0: SEC_DESC_DACL_PROTECTED 0: SEC_DESC_SACL_PROTECTED 0: SEC_DESC_RM_CONTROL_VALID 1: SEC_DESC_SELF_RELATIVE owner_sid : * owner_sid : S-1-5-32-544 group_sid : * group_sid : S-1-5-32-544 sacl : NULL dacl : * dacl: struct security_acl revision : SECURITY_ACL_REVISION_NT4 (2) size : 0x00c4 (196) num_aces : 0x00000007 (7) aces: ARRAY(7) aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0014 (20) access_mask : 0x20020008 (537001992) object : union security_ace_object_ctr(case 0) trustee : S-1-1-0 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x09 (9) 1: SEC_ACE_FLAG_OBJECT_INHERIT 0: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 1: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0024 (36) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-21-1094127309-486540266-3527182606-512 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0024 (36) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-21-1094127309-486540266-3527182606-512 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x09 (9) 1: SEC_ACE_FLAG_OBJECT_INHERIT 0: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 1: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-544 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-544 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x09 (9) 1: SEC_ACE_FLAG_OBJECT_INHERIT 0: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 1: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-550 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-550 attributes : 0x00001048 (4168) 0: PRINTER_ATTRIBUTE_QUEUED 0: PRINTER_ATTRIBUTE_DIRECT 0: PRINTER_ATTRIBUTE_DEFAULT 1: PRINTER_ATTRIBUTE_SHARED 0: PRINTER_ATTRIBUTE_NETWORK 0: PRINTER_ATTRIBUTE_HIDDEN 1: PRINTER_ATTRIBUTE_LOCAL 0: PRINTER_ATTRIBUTE_ENABLE_DEVQ 0: PRINTER_ATTRIBUTE_KEEPPRINTEDJOBS 0: PRINTER_ATTRIBUTE_DO_COMPLETE_FIRST 0: PRINTER_ATTRIBUTE_WORK_OFFLINE 0: PRINTER_ATTRIBUTE_ENABLE_BIDI 1: PRINTER_ATTRIBUTE_RAW_ONLY 0: PRINTER_ATTRIBUTE_PUBLISHED 0: PRINTER_ATTRIBUTE_FAX 0: PRINTER_ATTRIBUTE_TS priority : 0x00000001 (1) defaultpriority : 0x00000001 (1) starttime : 0x00000000 (0) untiltime : 0x00000000 (0) status : 0x00000000 (0) 0: PRINTER_STATUS_PAUSED 0: PRINTER_STATUS_ERROR 0: PRINTER_STATUS_PENDING_DELETION 0: PRINTER_STATUS_PAPER_JAM 0: PRINTER_STATUS_PAPER_OUT 0: PRINTER_STATUS_MANUAL_FEED 0: PRINTER_STATUS_PAPER_PROBLEM 0: PRINTER_STATUS_OFFLINE 0: PRINTER_STATUS_IO_ACTIVE 0: PRINTER_STATUS_BUSY 0: PRINTER_STATUS_PRINTING 0: PRINTER_STATUS_OUTPUT_BIN_FULL 0: PRINTER_STATUS_NOT_AVAILABLE 0: PRINTER_STATUS_WAITING 0: PRINTER_STATUS_PROCESSING 0: PRINTER_STATUS_INITIALIZING 0: PRINTER_STATUS_WARMING_UP 0: PRINTER_STATUS_TONER_LOW 0: PRINTER_STATUS_NO_TONER 0: PRINTER_STATUS_PAGE_PUNT 0: PRINTER_STATUS_USER_INTERVENTION 0: PRINTER_STATUS_OUT_OF_MEMORY 0: PRINTER_STATUS_DOOR_OPEN 0: PRINTER_STATUS_SERVER_UNKNOWN 0: PRINTER_STATUS_POWER_SAVE cjobs : 0x00000000 (0) averageppm : 0x00000000 (0) needed : * needed : 0x000002f0 (752) result : WERR_OK [2013/11/07 14:24:59.805345, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1417(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2013/11/07 14:24:59.805470, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (2016, 5001) - sec_ctx_stack_ndx = 0 [2013/11/07 14:24:59.805560, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 4140 smbd_smb2_request_pending_queue: req->current_idx = 1 req->in.vector[0].iov_len = 0 req->in.vector[1].iov_len = 0 req->in.vector[2].iov_len = 64 req->in.vector[3].iov_len = 56 req->in.vector[4].iov_len = 4156 req->out.vector[0].iov_len = 4 req->out.vector[1].iov_len = 0 req->out.vector[2].iov_len = 64 req->out.vector[3].iov_len = 8 req->out.vector[4].iov_len = 0 [2013/11/07 14:24:59.806090, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:128(smbd_smb2_ioctl_pipe_write_done) smbd_smb2_ioctl_pipe_write_done: received 4156 [2013/11/07 14:24:59.806175, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:149(smbd_smb2_ioctl_pipe_write_done) smbd_smb2_ioctl_pipe_write_done: issuing np_read_send of size 4136 [2013/11/07 14:24:59.806261, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) name: \spoolss len: 4136 [2013/11/07 14:24:59.806345, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:347(read_from_internal_pipe) read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 4112. [2013/11/07 14:24:59.806443, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x1028 (4136) auth_length : 0x0000 (0) call_id : 0x0000000a (10) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00001010 (4112) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=4112 [0000] 04 00 02 00 00 10 00 00 EE 0F 00 00 C8 0F 00 00 ........ ........ [0010] B4 0F 00 00 8E 0F 00 00 8C 0F 00 00 8A 0F 00 00 ........ ........ [0020] 88 0F 00 00 8C 0E 00 00 86 0F 00 00 74 0F 00 00 ........ ....t... [0030] 6C 0F 00 00 6A 0F 00 00 94 0D 00 00 48 10 00 00 l...j... ....H... [0040] 01 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 01 00 04 80 ........ ........ [0DA0] D8 00 00 00 E8 00 00 00 00 00 00 00 14 00 00 00 ........ ........ [0DB0] 02 00 C4 00 07 00 00 00 00 02 14 00 08 00 02 20 ........ ....... [0DC0] 01 01 00 00 00 00 00 01 00 00 00 00 00 09 24 00 ........ ......$. [0DD0] 0C 00 0F 10 01 05 00 00 00 00 00 05 15 00 00 00 ........ ........ [0DE0] CD 0E 37 41 EA 03 00 1D 0E 89 3C D2 00 02 00 00 ..7A.... ..<..... [0DF0] 00 02 24 00 0C 00 0F 10 01 05 00 00 00 00 00 05 ..$..... ........ [0E00] 15 00 00 00 CD 0E 37 41 EA 03 00 1D 0E 89 3C D2 ......7A ......<. [0E10] 00 02 00 00 00 09 18 00 0C 00 0F 10 01 02 00 00 ........ ........ [0E20] 00 00 00 05 20 00 00 00 20 02 00 00 00 02 18 00 .... ... ....... [0E30] 0C 00 0F 10 01 02 00 00 00 00 00 05 20 00 00 00 ........ .... ... [0E40] 20 02 00 00 00 09 18 00 0C 00 0F 10 01 02 00 00 ....... ........ [0E50] 00 00 00 05 20 00 00 00 26 02 00 00 00 02 18 00 .... ... &....... [0E60] 0C 00 0F 10 01 02 00 00 00 00 00 05 20 00 00 00 ........ .... ... [0E70] 26 02 00 00 01 02 00 00 00 00 00 05 20 00 00 00 &....... .... ... [0E80] 20 02 00 00 01 02 00 00 00 00 00 05 20 00 00 00 ....... .... ... [0E90] 20 02 00 00 5C 00 5C 00 53 00 4C 00 41 00 56 00 ...\.\. S.L.A.V. [0EA0] 45 00 52 00 5C 00 73 00 70 00 72 00 69 00 6E 00 E.R.\.s. p.r.i.n. [0EB0] 74 00 65 00 72 00 31 00 00 00 00 00 00 00 00 00 t.e.r.1. ........ [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0ED0] 00 00 00 00 01 04 00 04 DC 00 00 00 13 47 01 00 ........ .....G.. [0EE0] 01 00 01 00 00 00 00 00 64 00 01 00 0F 00 FC FF ........ d....... [0EF0] 01 00 01 00 00 00 03 00 00 00 4C 00 65 00 74 00 ........ ..L.e.t. [0F00] 74 00 65 00 72 00 00 00 00 00 00 00 00 00 00 00 t.e.r... ........ [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F70] 00 00 00 00 52 00 41 00 57 00 00 00 77 00 69 00 ....R.A. W...w.i. [0F80] 6E 00 70 00 72 00 69 00 6E 00 74 00 00 00 00 00 n.p.r.i. n.t..... [0F90] 00 00 00 00 00 00 53 00 61 00 6D 00 62 00 61 00 ......S. a.m.b.a. [0FA0] 20 00 50 00 72 00 69 00 6E 00 74 00 65 00 72 00 .P.r.i. n.t.e.r. [0FB0] 20 00 50 00 6F 00 72 00 74 00 00 00 73 00 70 00 .P.o.r. t...s.p. [0FC0] 72 00 69 00 6E 00 74 00 65 00 72 00 31 00 00 00 r.i.n.t. e.r.1... [0FD0] 5C 00 5C 00 53 00 4C 00 41 00 56 00 45 00 52 00 \.\.S.L. A.V.E.R. [0FE0] 5C 00 73 00 70 00 72 00 69 00 6E 00 74 00 65 00 \.s.p.r. i.n.t.e. [0FF0] 72 00 31 00 00 00 5C 00 5C 00 53 00 4C 00 41 00 r.1...\. \.S.L.A. [1000] 56 00 45 00 52 00 00 00 F0 02 00 00 00 00 00 00 V.E.R... ........ [2013/11/07 14:24:59.825231, 3, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) free_pipe_context: destroying talloc pool of size 1258 [2013/11/07 14:24:59.825376, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 4136 bytes. There is no more data outstanding [2013/11/07 14:24:59.825479, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:178(smbd_smb2_ioctl_pipe_read_done) smbd_smb2_ioctl_pipe_read_done: np_read_recv nread = 4136 is_data_outstanding = 0, status = NT_STATUS_OK [2013/11/07 14:24:59.825569, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl.c:291(smbd_smb2_request_ioctl_done) smbd_smb2_request_ioctl_done: smbd_smb2_ioctl_recv returned 4136 status NT_STATUS_OK [2013/11/07 14:24:59.825668, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[48] dyn[yes:4136] at ../source3/smbd/smb2_ioctl.c:358 [2013/11/07 14:24:59.825756, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/248/127 [2013/11/07 14:24:59.826035, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) smbd_smb2_request_incoming: idx[1] of 5 vectors [2013/11/07 14:24:59.826126, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) smb2_validate_sequence_number: clearing id 248 (position 248) from bitmap [2013/11/07 14:24:59.826212, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) smbd_smb2_request_dispatch: opcode[SMB2_OP_WRITE] mid = 248 [2013/11/07 14:24:59.826341, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2013/11/07 14:24:59.826436, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) mid 248, CreditCharge: 1, NeededCharge: 1 [2013/11/07 14:24:59.826519, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_write.c:271(smbd_smb2_write_send) smbd_smb2_write: spoolss - fnum 3864993587 [2013/11/07 14:24:59.826608, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 160 [2013/11/07 14:24:59.826691, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 160 [2013/11/07 14:24:59.826772, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 160 [2013/11/07 14:24:59.826854, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) fill_rpc_header: data_to_copy = 160, len_needed_to_complete_hdr = 16, receive_len = 0 [2013/11/07 14:24:59.826994, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 16 [2013/11/07 14:24:59.827074, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 144 [2013/11/07 14:24:59.827171, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 144 [2013/11/07 14:24:59.827258, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 0 [2013/11/07 14:24:59.827338, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 144 [2013/11/07 14:24:59.827417, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 144, incoming data = 144 [2013/11/07 14:24:59.827502, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) PDU is in Little Endian format! [2013/11/07 14:24:59.827612, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_BIND (11) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x00a0 (160) auth_length : 0x0000 (0) call_id : 0x00000002 (2) u : union dcerpc_payload(case 11) bind: struct dcerpc_bind max_xmit_frag : 0x10b8 (4280) max_recv_frag : 0x10b8 (4280) assoc_group_id : 0x00000000 (0) num_contexts : 0x03 (3) ctx_list: ARRAY(3) ctx_list: struct dcerpc_ctx_list context_id : 0x0000 (0) num_transfer_syntaxes : 0x01 (1) abstract_syntax: struct ndr_syntax_id uuid : 12345678-1234-abcd-ef00-0123456789ab if_version : 0x00000001 (1) transfer_syntaxes: ARRAY(1) transfer_syntaxes: struct ndr_syntax_id uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 if_version : 0x00000002 (2) ctx_list: struct dcerpc_ctx_list context_id : 0x0001 (1) num_transfer_syntaxes : 0x01 (1) abstract_syntax: struct ndr_syntax_id uuid : 12345678-1234-abcd-ef00-0123456789ab if_version : 0x00000001 (1) transfer_syntaxes: ARRAY(1) transfer_syntaxes: struct ndr_syntax_id uuid : 71710533-beba-4937-8319-b5dbef9ccc36 if_version : 0x00000001 (1) ctx_list: struct dcerpc_ctx_list context_id : 0x0002 (2) num_transfer_syntaxes : 0x01 (1) abstract_syntax: struct ndr_syntax_id uuid : 12345678-1234-abcd-ef00-0123456789ab if_version : 0x00000001 (1) transfer_syntaxes: ARRAY(1) transfer_syntaxes: struct ndr_syntax_id uuid : 6cb71c2c-9812-4540-0300-000000000000 if_version : 0x00000001 (1) auth_info : DATA_BLOB length=0 [2013/11/07 14:24:59.830128, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) Processing packet type 11 [2013/11/07 14:24:59.830220, 3, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:693(api_pipe_bind_req) api_pipe_bind_req: spoolss -> spoolss rpc service [2013/11/07 14:24:59.830304, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:724(api_pipe_bind_req) api_pipe_bind_req: make response. 724 [2013/11/07 14:24:59.830386, 3, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:342(check_bind_req) check_bind_req for \spoolss [2013/11/07 14:24:59.830472, 3, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:349(check_bind_req) check_bind_req: spoolss -> spoolss rpc service [2013/11/07 14:24:59.830573, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 24 for pipe \spoolss [2013/11/07 14:24:59.830678, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_BIND_ACK (12) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0044 (68) auth_length : 0x0000 (0) call_id : 0x00000002 (2) u : union dcerpc_payload(case 12) bind_ack: struct dcerpc_bind_ack max_xmit_frag : 0x10b8 (4280) max_recv_frag : 0x10b8 (4280) assoc_group_id : 0x000053f0 (21488) secondary_address_size : 0x000e (14) secondary_address : '\PIPE\spoolss' _pad1 : DATA_BLOB length=0 num_results : 0x01 (1) ctx_list: ARRAY(1) ctx_list: struct dcerpc_ack_ctx result : 0x0000 (0) reason : 0x0000 (0) syntax: struct ndr_syntax_id uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 if_version : 0x00000002 (2) auth_info : DATA_BLOB length=0 [2013/11/07 14:24:59.831935, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 144 smbd_smb2_request_pending_queue: req->current_idx = 1 req->in.vector[0].iov_len = 0 req->in.vector[1].iov_len = 0 req->in.vector[2].iov_len = 64 req->in.vector[3].iov_len = 48 req->in.vector[4].iov_len = 160 req->out.vector[0].iov_len = 4 req->out.vector[1].iov_len = 0 req->out.vector[2].iov_len = 64 req->out.vector[3].iov_len = 8 req->out.vector[4].iov_len = 0 [2013/11/07 14:24:59.832454, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[16] dyn[yes:0] at ../source3/smbd/smb2_write.c:150 [2013/11/07 14:24:59.832563, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/249/127 [2013/11/07 14:24:59.832735, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) smbd_smb2_request_incoming: idx[1] of 5 vectors [2013/11/07 14:24:59.832828, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) smb2_validate_sequence_number: clearing id 249 (position 249) from bitmap [2013/11/07 14:24:59.832912, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) smbd_smb2_request_dispatch: opcode[SMB2_OP_IOCTL] mid = 249 [2013/11/07 14:24:59.833008, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2013/11/07 14:24:59.833097, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) mid 249, CreditCharge: 1, NeededCharge: 1 [2013/11/07 14:24:59.833195, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl.c:394(smbd_smb2_ioctl_send) smbd_smb2_ioctl: ctl_code[0x0011c017] spoolss, fnum 3764318751 [2013/11/07 14:24:59.833330, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:59(smb2_ioctl_named_pipe) smbd_smb2_ioctl_send: np_write_send of size 4156 [2013/11/07 14:24:59.833414, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 4156 [2013/11/07 14:24:59.833495, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 4156 [2013/11/07 14:24:59.833576, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 4156 [2013/11/07 14:24:59.833658, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) fill_rpc_header: data_to_copy = 4156, len_needed_to_complete_hdr = 16, receive_len = 0 [2013/11/07 14:24:59.833779, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 16 [2013/11/07 14:24:59.833859, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 4140 [2013/11/07 14:24:59.833939, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 4140 [2013/11/07 14:24:59.834025, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 0 [2013/11/07 14:24:59.834105, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 4140 [2013/11/07 14:24:59.834184, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 4140, incoming data = 4140 [2013/11/07 14:24:59.834269, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) PDU is in Little Endian format! [2013/11/07 14:24:59.834359, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x103c (4156) auth_length : 0x0000 (0) call_id : 0x0000000b (11) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x00001024 (4132) context_id : 0x0000 (0) opnum : 0x0008 (8) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=4132 [0000] 00 00 00 00 7E 01 00 00 00 00 00 00 7B 52 AA 94 ....~... ....{R.. [0010] 7F 2C 00 00 02 00 00 00 00 00 02 00 00 10 00 00 .,...... ........ [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1020] 00 10 00 00 .... [2013/11/07 14:24:59.853460, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) Processing packet type 0 [2013/11/07 14:24:59.853570, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1472(dcesrv_auth_request) Checking request auth. [2013/11/07 14:24:59.853666, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(2016, 5001) : sec_ctx_stack_ndx = 1 [2013/11/07 14:24:59.853758, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (2016, 5001) - sec_ctx_stack_ndx = 1 [2013/11/07 14:24:59.853843, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (7): SID[ 0]: S-1-5-21-1094127309-486540266-3527182606-1118 SID[ 1]: S-1-5-21-1094127309-486540266-3527182606-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-32-545 SID[ 6]: S-1-5-32-554 Privileges (0x 800000): Privilege[ 0]: SeChangeNotifyPrivilege Rights (0x 400): Right[ 0]: SeRemoteInteractiveLogonRight [2013/11/07 14:24:59.854328, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 2016 Primary group is 5001 and contains 6 supplementary groups Group[ 0]: 5001 Group[ 1]: 5012 Group[ 2]: 5032 Group[ 3]: 5010 Group[ 4]: 5067 Group[ 5]: 5052 [2013/11/07 14:24:59.854747, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1324(api_pipe_request) Requested \spoolss rpc service [2013/11/07 14:24:59.854836, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1356(api_rpcTNP) api_rpcTNP: \spoolss op 0x8 - api_rpcTNP: rpc command: SPOOLSS_GETPRINTER [2013/11/07 14:24:59.854921, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1390(api_rpcTNP) api_rpc_cmds[8].fn == 0xb766e000 [2013/11/07 14:24:59.855011, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) spoolss_GetPrinter: struct spoolss_GetPrinter in: struct spoolss_GetPrinter handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000017e-0000-0000-7b52-aa947f2c0000 level : 0x00000002 (2) buffer : * buffer : DATA_BLOB length=4096 [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ offered : 0x00001000 (4096) [2013/11/07 14:24:59.873647, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[4] [0000] 00 00 00 00 7E 01 00 00 00 00 00 00 7B 52 AA 94 ....~... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:59.873807, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[4] [0000] 00 00 00 00 7E 01 00 00 00 00 00 00 7B 52 AA 94 ....~... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:59.873954, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:489(get_printer_snum) short name:sprinter1 [2013/11/07 14:24:59.874143, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) Create pipe requested \winreg [2013/11/07 14:24:59.874240, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:221(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \winreg [2013/11/07 14:24:59.874324, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg [2013/11/07 14:24:59.874468, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) Created internal pipe \winreg [2013/11/07 14:24:59.874602, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:24:59.875113, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2013/11/07 14:24:59.875198, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(2016, 5001) : sec_ctx_stack_ndx = 2 [2013/11/07 14:24:59.875286, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:485(push_conn_ctx) push_conn_ctx(2620291195) : conn_ctx_stack_ndx = 0 [2013/11/07 14:24:59.875369, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/11/07 14:24:59.875449, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/11/07 14:24:59.875529, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/11/07 14:24:59.875784, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (2016, 5001) - sec_ctx_stack_ndx = 1 [2013/11/07 14:24:59.875869, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:866(regdb_open) regdb_open: registry db opened. refcount reset (1) [2013/11/07 14:24:59.875956, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2013/11/07 14:24:59.876063, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2013/11/07 14:24:59.876149, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:59.876229, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM] [2013/11/07 14:24:59.876357, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2013/11/07 14:24:59.876529, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:24:59.876619, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 BC 01 00 00 00 00 00 00 7B 52 AB 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:59.876781, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001bc-0000-0000-7b52-ab947f2c0000 result : WERR_OK [2013/11/07 14:24:59.877207, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001bc-0000-0000-7b52-ab947f2c0000 keyname: struct winreg_String name_len : 0x008c (140) name_size : 0x008c (140) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:24:59.878263, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 BC 01 00 00 00 00 00 00 7B 52 AB 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:59.878425, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2013/11/07 14:24:59.878508, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (1->2) [2013/11/07 14:24:59.878594, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2013/11/07 14:24:59.878674, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2013/11/07 14:24:59.878758, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:59.878837, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE] [2013/11/07 14:24:59.878950, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2013/11/07 14:24:59.879052, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2013/11/07 14:24:59.879160, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (2->3) [2013/11/07 14:24:59.879246, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:59.879340, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:59.879425, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:59.879586, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:59.879696, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:59.879796, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2013/11/07 14:24:59.879880, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (3->4) [2013/11/07 14:24:59.879964, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:59.880072, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:59.880157, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:59.880237, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:59.880343, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:59.880480, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2013/11/07 14:24:59.880562, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (4->5) [2013/11/07 14:24:59.880647, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:59.880727, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:59.880813, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:59.880917, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:59.881046, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2013/11/07 14:24:59.881129, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (5->6) [2013/11/07 14:24:59.881214, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:59.881321, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:59.881409, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:59.881489, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:59.881597, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2013/11/07 14:24:59.881705, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (6->7) [2013/11/07 14:24:59.881791, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:59.881871, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:59.881959, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:59.882038, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:59.882146, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:59.882249, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [sprinter1] [2013/11/07 14:24:59.882332, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (7->8) [2013/11/07 14:24:59.882419, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:59.882500, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:59.882612, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:59.882691, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:59.882823, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:59.882928, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:24:59.883026, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (8->7) [2013/11/07 14:24:59.883110, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (7->6) [2013/11/07 14:24:59.883194, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (6->5) [2013/11/07 14:24:59.883276, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (5->4) [2013/11/07 14:24:59.883359, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (4->3) [2013/11/07 14:24:59.883441, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (3->2) [2013/11/07 14:24:59.883526, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 BD 01 00 00 00 00 00 00 7B 52 AB 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:59.883701, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001bd-0000-0000-7b52-ab947f2c0000 result : WERR_OK [2013/11/07 14:24:59.884055, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey in: struct winreg_QueryInfoKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001bd-0000-0000-7b52-ab947f2c0000 classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL [2013/11/07 14:24:59.884567, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 BD 01 00 00 00 00 00 00 7B 52 AB 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:59.884726, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' (ops 0xb6d86bc0) [2013/11/07 14:24:59.884837, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:59.884961, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[0]: name[Attributes] len[4] [2013/11/07 14:24:59.885047, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[1]: name[Description] len[2] [2013/11/07 14:24:59.885130, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[2]: name[Datatype] len[8] [2013/11/07 14:24:59.885228, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[3]: name[Default Priority] len[4] [2013/11/07 14:24:59.885325, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[4]: name[Port] len[38] [2013/11/07 14:24:59.885410, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[5]: name[Name] len[20] [2013/11/07 14:24:59.885495, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[6]: name[Print Processor] len[18] [2013/11/07 14:24:59.885579, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[7]: name[Priority] len[4] [2013/11/07 14:24:59.885664, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[8]: name[Security] len[248] [2013/11/07 14:24:59.885772, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[9]: name[Share Name] len[20] [2013/11/07 14:24:59.885860, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[10]: name[StartTime] len[4] [2013/11/07 14:24:59.885946, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[11]: name[UntilTime] len[4] [2013/11/07 14:24:59.886031, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[12]: name[ChangeID] len[4] [2013/11/07 14:24:59.886120, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:59.886227, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey out: struct winreg_QueryInfoKey classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL num_subkeys : * num_subkeys : 0x00000003 (3) max_subkeylen : * max_subkeylen : 0x00000022 (34) max_classlen : * max_classlen : 0x00000000 (0) num_values : * num_values : 0x0000000d (13) max_valnamelen : * max_valnamelen : 0x00000022 (34) max_valbufsize : * max_valbufsize : 0x000000f8 (248) secdescsize : * secdescsize : 0x00000078 (120) last_changed_time : * last_changed_time : NTTIME(0) result : WERR_OK [2013/11/07 14:24:59.887242, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001bd-0000-0000-7b52-ab947f2c0000 enum_index : 0x00000000 (0) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:59.888131, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 BD 01 00 00 00 00 00 00 7B 52 AB 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:59.888283, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:59.888374, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0016 (22) size : 0x0024 (36) name : * name : 'Attributes' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x48 (72) [1] : 0x10 (16) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:59.889376, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001bd-0000-0000-7b52-ab947f2c0000 enum_index : 0x00000001 (1) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:59.890268, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 BD 01 00 00 00 00 00 00 7B 52 AB 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:59.890420, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:59.890510, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0018 (24) size : 0x0024 (36) name : * name : 'Description' type : * type : REG_SZ (1) value : * value: ARRAY(2) [0] : 0x00 (0) [1] : 0x00 (0) size : * size : 0x00000002 (2) length : * length : 0x00000002 (2) result : WERR_OK [2013/11/07 14:24:59.891336, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001bd-0000-0000-7b52-ab947f2c0000 enum_index : 0x00000002 (2) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:59.892181, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 BD 01 00 00 00 00 00 00 7B 52 AB 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:59.892359, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:59.892483, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Datatype' type : * type : REG_SZ (1) value : * value: ARRAY(8) [0] : 0x52 (82) [1] : 0x00 (0) [2] : 0x41 (65) [3] : 0x00 (0) [4] : 0x57 (87) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) size : * size : 0x00000008 (8) length : * length : 0x00000008 (8) result : WERR_OK [2013/11/07 14:24:59.893542, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001bd-0000-0000-7b52-ab947f2c0000 enum_index : 0x00000003 (3) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:59.894421, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 BD 01 00 00 00 00 00 00 7B 52 AB 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:59.894594, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:59.894684, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0022 (34) size : 0x0024 (36) name : * name : 'Default Priority' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:59.895591, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001bd-0000-0000-7b52-ab947f2c0000 enum_index : 0x00000004 (4) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:59.896485, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 BD 01 00 00 00 00 00 00 7B 52 AB 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:59.896663, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:59.896755, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x000a (10) size : 0x0024 (36) name : * name : 'Port' type : * type : REG_SZ (1) value : * value: ARRAY(38) [0] : 0x53 (83) [1] : 0x00 (0) [2] : 0x61 (97) [3] : 0x00 (0) [4] : 0x6d (109) [5] : 0x00 (0) [6] : 0x62 (98) [7] : 0x00 (0) [8] : 0x61 (97) [9] : 0x00 (0) [10] : 0x20 (32) [11] : 0x00 (0) [12] : 0x50 (80) [13] : 0x00 (0) [14] : 0x72 (114) [15] : 0x00 (0) [16] : 0x69 (105) [17] : 0x00 (0) [18] : 0x6e (110) [19] : 0x00 (0) [20] : 0x74 (116) [21] : 0x00 (0) [22] : 0x65 (101) [23] : 0x00 (0) [24] : 0x72 (114) [25] : 0x00 (0) [26] : 0x20 (32) [27] : 0x00 (0) [28] : 0x50 (80) [29] : 0x00 (0) [30] : 0x6f (111) [31] : 0x00 (0) [32] : 0x72 (114) [33] : 0x00 (0) [34] : 0x74 (116) [35] : 0x00 (0) [36] : 0x00 (0) [37] : 0x00 (0) size : * size : 0x00000026 (38) length : * length : 0x00000026 (38) result : WERR_OK [2013/11/07 14:24:59.899076, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001bd-0000-0000-7b52-ab947f2c0000 enum_index : 0x00000005 (5) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:59.899949, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 BD 01 00 00 00 00 00 00 7B 52 AB 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:59.900122, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:59.900212, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x000a (10) size : 0x0024 (36) name : * name : 'Name' type : * type : REG_SZ (1) value : * value: ARRAY(20) [0] : 0x73 (115) [1] : 0x00 (0) [2] : 0x70 (112) [3] : 0x00 (0) [4] : 0x72 (114) [5] : 0x00 (0) [6] : 0x69 (105) [7] : 0x00 (0) [8] : 0x6e (110) [9] : 0x00 (0) [10] : 0x74 (116) [11] : 0x00 (0) [12] : 0x65 (101) [13] : 0x00 (0) [14] : 0x72 (114) [15] : 0x00 (0) [16] : 0x31 (49) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) size : * size : 0x00000014 (20) length : * length : 0x00000014 (20) result : WERR_OK [2013/11/07 14:24:59.901867, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001bd-0000-0000-7b52-ab947f2c0000 enum_index : 0x00000006 (6) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:59.902766, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 BD 01 00 00 00 00 00 00 7B 52 AB 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:59.902916, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:59.903006, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0020 (32) size : 0x0024 (36) name : * name : 'Print Processor' type : * type : REG_SZ (1) value : * value: ARRAY(18) [0] : 0x77 (119) [1] : 0x00 (0) [2] : 0x69 (105) [3] : 0x00 (0) [4] : 0x6e (110) [5] : 0x00 (0) [6] : 0x70 (112) [7] : 0x00 (0) [8] : 0x72 (114) [9] : 0x00 (0) [10] : 0x69 (105) [11] : 0x00 (0) [12] : 0x6e (110) [13] : 0x00 (0) [14] : 0x74 (116) [15] : 0x00 (0) [16] : 0x00 (0) [17] : 0x00 (0) size : * size : 0x00000012 (18) length : * length : 0x00000012 (18) result : WERR_OK [2013/11/07 14:24:59.904508, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001bd-0000-0000-7b52-ab947f2c0000 enum_index : 0x00000007 (7) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:59.905401, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 BD 01 00 00 00 00 00 00 7B 52 AB 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:59.905550, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:59.905639, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Priority' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:59.906542, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001bd-0000-0000-7b52-ab947f2c0000 enum_index : 0x00000008 (8) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:59.907447, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 BD 01 00 00 00 00 00 00 7B 52 AB 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:59.907597, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:59.907687, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Security' type : * type : REG_BINARY (3) value : * value: ARRAY(248) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0xc4 (196) [55] : 0x00 (0) [56] : 0x07 (7) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x24 (36) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x05 (5) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x15 (21) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0xcd (205) [101] : 0x0e (14) [102] : 0x37 (55) [103] : 0x41 (65) [104] : 0xea (234) [105] : 0x03 (3) [106] : 0x00 (0) [107] : 0x1d (29) [108] : 0x0e (14) [109] : 0x89 (137) [110] : 0x3c (60) [111] : 0xd2 (210) [112] : 0x00 (0) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x02 (2) [118] : 0x24 (36) [119] : 0x00 (0) [120] : 0x0c (12) [121] : 0x00 (0) [122] : 0x0f (15) [123] : 0x10 (16) [124] : 0x01 (1) [125] : 0x05 (5) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x05 (5) [132] : 0x15 (21) [133] : 0x00 (0) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0xcd (205) [137] : 0x0e (14) [138] : 0x37 (55) [139] : 0x41 (65) [140] : 0xea (234) [141] : 0x03 (3) [142] : 0x00 (0) [143] : 0x1d (29) [144] : 0x0e (14) [145] : 0x89 (137) [146] : 0x3c (60) [147] : 0xd2 (210) [148] : 0x00 (0) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x09 (9) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x20 (32) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x02 (2) [178] : 0x18 (24) [179] : 0x00 (0) [180] : 0x0c (12) [181] : 0x00 (0) [182] : 0x0f (15) [183] : 0x10 (16) [184] : 0x01 (1) [185] : 0x02 (2) [186] : 0x00 (0) [187] : 0x00 (0) [188] : 0x00 (0) [189] : 0x00 (0) [190] : 0x00 (0) [191] : 0x05 (5) [192] : 0x20 (32) [193] : 0x00 (0) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x20 (32) [197] : 0x02 (2) [198] : 0x00 (0) [199] : 0x00 (0) [200] : 0x00 (0) [201] : 0x09 (9) [202] : 0x18 (24) [203] : 0x00 (0) [204] : 0x0c (12) [205] : 0x00 (0) [206] : 0x0f (15) [207] : 0x10 (16) [208] : 0x01 (1) [209] : 0x02 (2) [210] : 0x00 (0) [211] : 0x00 (0) [212] : 0x00 (0) [213] : 0x00 (0) [214] : 0x00 (0) [215] : 0x05 (5) [216] : 0x20 (32) [217] : 0x00 (0) [218] : 0x00 (0) [219] : 0x00 (0) [220] : 0x26 (38) [221] : 0x02 (2) [222] : 0x00 (0) [223] : 0x00 (0) [224] : 0x00 (0) [225] : 0x02 (2) [226] : 0x18 (24) [227] : 0x00 (0) [228] : 0x0c (12) [229] : 0x00 (0) [230] : 0x0f (15) [231] : 0x10 (16) [232] : 0x01 (1) [233] : 0x02 (2) [234] : 0x00 (0) [235] : 0x00 (0) [236] : 0x00 (0) [237] : 0x00 (0) [238] : 0x00 (0) [239] : 0x05 (5) [240] : 0x20 (32) [241] : 0x00 (0) [242] : 0x00 (0) [243] : 0x00 (0) [244] : 0x26 (38) [245] : 0x02 (2) [246] : 0x00 (0) [247] : 0x00 (0) size : * size : 0x000000f8 (248) length : * length : 0x000000f8 (248) result : WERR_OK [2013/11/07 14:24:59.918530, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001bd-0000-0000-7b52-ab947f2c0000 enum_index : 0x00000009 (9) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:59.919477, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 BD 01 00 00 00 00 00 00 7B 52 AB 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:59.919628, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:59.919743, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0016 (22) size : 0x0024 (36) name : * name : 'Share Name' type : * type : REG_SZ (1) value : * value: ARRAY(20) [0] : 0x73 (115) [1] : 0x00 (0) [2] : 0x70 (112) [3] : 0x00 (0) [4] : 0x72 (114) [5] : 0x00 (0) [6] : 0x69 (105) [7] : 0x00 (0) [8] : 0x6e (110) [9] : 0x00 (0) [10] : 0x74 (116) [11] : 0x00 (0) [12] : 0x65 (101) [13] : 0x00 (0) [14] : 0x72 (114) [15] : 0x00 (0) [16] : 0x31 (49) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) size : * size : 0x00000014 (20) length : * length : 0x00000014 (20) result : WERR_OK [2013/11/07 14:24:59.921355, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001bd-0000-0000-7b52-ab947f2c0000 enum_index : 0x0000000a (10) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:59.922245, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 BD 01 00 00 00 00 00 00 7B 52 AB 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:59.922395, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:59.922484, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0014 (20) size : 0x0024 (36) name : * name : 'StartTime' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:59.923358, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001bd-0000-0000-7b52-ab947f2c0000 enum_index : 0x0000000b (11) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:59.924222, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 BD 01 00 00 00 00 00 00 7B 52 AB 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:59.924370, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:59.924486, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0014 (20) size : 0x0024 (36) name : * name : 'UntilTime' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:59.925412, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001bd-0000-0000-7b52-ab947f2c0000 enum_index : 0x0000000c (12) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:24:59.926319, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 BD 01 00 00 00 00 00 00 7B 52 AB 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:59.926468, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:59.926594, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'ChangeID' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x33 (51) [1] : 0xac (172) [2] : 0x0e (14) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:24:59.927544, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001bd-0000-0000-7b52-ab947f2c0000 value_name : * value_name: struct winreg_String name_len : 0x0020 (32) name_size : 0x0020 (32) name : * name : 'Default DevMode' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2013/11/07 14:24:59.928315, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 BD 01 00 00 00 00 00 00 7B 52 AB 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:59.928518, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:59.928600, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2013/11/07 14:24:59.928689, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:316(_winreg_QueryValue) _winreg_QueryValue: reg_queryvalue failed with: WERR_BADFILE [2013/11/07 14:24:59.928770, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) result : WERR_BADFILE [2013/11/07 14:24:59.929284, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:24:59.929887, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2013/11/07 14:24:59.929973, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (2->3) [2013/11/07 14:24:59.930059, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2013/11/07 14:24:59.930139, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2013/11/07 14:24:59.930222, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:59.930301, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM] [2013/11/07 14:24:59.930428, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2013/11/07 14:24:59.930533, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:24:59.930622, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[3] [0000] 00 00 00 00 BE 01 00 00 00 00 00 00 7B 52 AB 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:59.930803, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001be-0000-0000-7b52-ab947f2c0000 result : WERR_OK [2013/11/07 14:24:59.931158, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001be-0000-0000-7b52-ab947f2c0000 keyname: struct winreg_String name_len : 0x008c (140) name_size : 0x008c (140) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:24:59.932210, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 BE 01 00 00 00 00 00 00 7B 52 AB 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:59.932370, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2013/11/07 14:24:59.932483, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (3->4) [2013/11/07 14:24:59.932595, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2013/11/07 14:24:59.932674, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2013/11/07 14:24:59.932759, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:59.932838, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE] [2013/11/07 14:24:59.932952, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2013/11/07 14:24:59.933053, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2013/11/07 14:24:59.933135, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (4->5) [2013/11/07 14:24:59.933219, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:59.933334, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:59.933421, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:59.933500, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:59.933609, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2013/11/07 14:24:59.933708, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2013/11/07 14:24:59.933789, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (5->6) [2013/11/07 14:24:59.933890, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:59.933969, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:59.934053, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:59.934131, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:59.934232, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:24:59.934333, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2013/11/07 14:24:59.934414, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (6->7) [2013/11/07 14:24:59.934499, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:59.934601, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:59.934688, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:59.934767, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:24:59.934893, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2013/11/07 14:24:59.934976, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (7->8) [2013/11/07 14:24:59.935061, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:59.935141, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:59.935229, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:59.935307, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:24:59.935415, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2013/11/07 14:24:59.935497, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (8->9) [2013/11/07 14:24:59.935581, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:59.935702, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:59.935790, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:59.935868, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:59.935975, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:24:59.936078, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [sprinter1] [2013/11/07 14:24:59.936160, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (9->10) [2013/11/07 14:24:59.936247, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:59.936328, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:59.936470, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:24:59.936551, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:59.936668, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:59.936770, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:24:59.936855, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (10->9) [2013/11/07 14:24:59.936938, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (9->8) [2013/11/07 14:24:59.937022, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (8->7) [2013/11/07 14:24:59.937105, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (7->6) [2013/11/07 14:24:59.937187, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (6->5) [2013/11/07 14:24:59.937299, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (5->4) [2013/11/07 14:24:59.937399, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[4] [0000] 00 00 00 00 BF 01 00 00 00 00 00 00 7B 52 AB 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:59.937548, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001bf-0000-0000-7b52-ab947f2c0000 result : WERR_OK [2013/11/07 14:24:59.937907, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001bf-0000-0000-7b52-ab947f2c0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2013/11/07 14:24:59.938860, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 BF 01 00 00 00 00 00 00 7B 52 AB 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:59.939016, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:59.939098, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2013/11/07 14:24:59.939182, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' (ops 0xb6d86bc0) [2013/11/07 14:24:59.939266, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:59.939380, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[0]: name[Attributes] len[4] [2013/11/07 14:24:59.939465, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[1]: name[Description] len[2] [2013/11/07 14:24:59.939550, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[2]: name[Datatype] len[8] [2013/11/07 14:24:59.939676, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[3]: name[Default Priority] len[4] [2013/11/07 14:24:59.939763, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[4]: name[Port] len[38] [2013/11/07 14:24:59.939848, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[5]: name[Name] len[20] [2013/11/07 14:24:59.939932, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[6]: name[Print Processor] len[18] [2013/11/07 14:24:59.940018, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[7]: name[Priority] len[4] [2013/11/07 14:24:59.940103, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[8]: name[Security] len[248] [2013/11/07 14:24:59.940189, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[9]: name[Share Name] len[20] [2013/11/07 14:24:59.940274, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[10]: name[StartTime] len[4] [2013/11/07 14:24:59.940360, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[11]: name[UntilTime] len[4] [2013/11/07 14:24:59.940480, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[12]: name[ChangeID] len[4] [2013/11/07 14:24:59.940568, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : NULL data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x00000000 (0) result : WERR_OK [2013/11/07 14:24:59.941061, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001bf-0000-0000-7b52-ab947f2c0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_BINARY (3) data : * data: ARRAY(0) data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x00000000 (0) [2013/11/07 14:24:59.941903, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 BF 01 00 00 00 00 00 00 7B 52 AB 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:59.942071, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:24:59.942153, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2013/11/07 14:24:59.942241, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : * data: ARRAY(248) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0xc4 (196) [55] : 0x00 (0) [56] : 0x07 (7) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x24 (36) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x05 (5) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x15 (21) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0xcd (205) [101] : 0x0e (14) [102] : 0x37 (55) [103] : 0x41 (65) [104] : 0xea (234) [105] : 0x03 (3) [106] : 0x00 (0) [107] : 0x1d (29) [108] : 0x0e (14) [109] : 0x89 (137) [110] : 0x3c (60) [111] : 0xd2 (210) [112] : 0x00 (0) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x02 (2) [118] : 0x24 (36) [119] : 0x00 (0) [120] : 0x0c (12) [121] : 0x00 (0) [122] : 0x0f (15) [123] : 0x10 (16) [124] : 0x01 (1) [125] : 0x05 (5) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x05 (5) [132] : 0x15 (21) [133] : 0x00 (0) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0xcd (205) [137] : 0x0e (14) [138] : 0x37 (55) [139] : 0x41 (65) [140] : 0xea (234) [141] : 0x03 (3) [142] : 0x00 (0) [143] : 0x1d (29) [144] : 0x0e (14) [145] : 0x89 (137) [146] : 0x3c (60) [147] : 0xd2 (210) [148] : 0x00 (0) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x09 (9) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x20 (32) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x02 (2) [178] : 0x18 (24) [179] : 0x00 (0) [180] : 0x0c (12) [181] : 0x00 (0) [182] : 0x0f (15) [183] : 0x10 (16) [184] : 0x01 (1) [185] : 0x02 (2) [186] : 0x00 (0) [187] : 0x00 (0) [188] : 0x00 (0) [189] : 0x00 (0) [190] : 0x00 (0) [191] : 0x05 (5) [192] : 0x20 (32) [193] : 0x00 (0) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x20 (32) [197] : 0x02 (2) [198] : 0x00 (0) [199] : 0x00 (0) [200] : 0x00 (0) [201] : 0x09 (9) [202] : 0x18 (24) [203] : 0x00 (0) [204] : 0x0c (12) [205] : 0x00 (0) [206] : 0x0f (15) [207] : 0x10 (16) [208] : 0x01 (1) [209] : 0x02 (2) [210] : 0x00 (0) [211] : 0x00 (0) [212] : 0x00 (0) [213] : 0x00 (0) [214] : 0x00 (0) [215] : 0x05 (5) [216] : 0x20 (32) [217] : 0x00 (0) [218] : 0x00 (0) [219] : 0x00 (0) [220] : 0x26 (38) [221] : 0x02 (2) [222] : 0x00 (0) [223] : 0x00 (0) [224] : 0x00 (0) [225] : 0x02 (2) [226] : 0x18 (24) [227] : 0x00 (0) [228] : 0x0c (12) [229] : 0x00 (0) [230] : 0x0f (15) [231] : 0x10 (16) [232] : 0x01 (1) [233] : 0x02 (2) [234] : 0x00 (0) [235] : 0x00 (0) [236] : 0x00 (0) [237] : 0x00 (0) [238] : 0x00 (0) [239] : 0x05 (5) [240] : 0x20 (32) [241] : 0x00 (0) [242] : 0x00 (0) [243] : 0x00 (0) [244] : 0x26 (38) [245] : 0x02 (2) [246] : 0x00 (0) [247] : 0x00 (0) data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x000000f8 (248) result : WERR_OK [2013/11/07 14:24:59.952762, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001bf-0000-0000-7b52-ab947f2c0000 [2013/11/07 14:24:59.953051, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 BF 01 00 00 00 00 00 00 7B 52 AB 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:59.953218, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 BF 01 00 00 00 00 00 00 7B 52 AB 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:59.953407, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:24:59.953495, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (4->3) [2013/11/07 14:24:59.953578, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:24:59.953918, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001be-0000-0000-7b52-ab947f2c0000 [2013/11/07 14:24:59.954198, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 BE 01 00 00 00 00 00 00 7B 52 AB 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:59.954351, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 BE 01 00 00 00 00 00 00 7B 52 AB 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:59.954503, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:24:59.954586, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (3->2) [2013/11/07 14:24:59.954668, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:24:59.955009, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001bd-0000-0000-7b52-ab947f2c0000 [2013/11/07 14:24:59.955291, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 BD 01 00 00 00 00 00 00 7B 52 AB 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:59.955455, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 BD 01 00 00 00 00 00 00 7B 52 AB 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:59.955605, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:24:59.955694, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (2->1) [2013/11/07 14:24:59.955778, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:24:59.956117, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001bc-0000-0000-7b52-ab947f2c0000 [2013/11/07 14:24:59.956424, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 BC 01 00 00 00 00 00 00 7B 52 AB 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:59.956581, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 BC 01 00 00 00 00 00 00 7B 52 AB 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:24:59.956731, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:24:59.956814, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (1->0) [2013/11/07 14:24:59.956920, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:24:59.957260, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:416(close_policy_by_pipe) Deleted handle list for RPC connection \winreg [2013/11/07 14:24:59.957497, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) spoolss_GetPrinter: struct spoolss_GetPrinter out: struct spoolss_GetPrinter info : * info : union spoolss_PrinterInfo(case 2) info2: struct spoolss_PrinterInfo2 servername : * servername : '\\SLAVER' printername : * printername : '\\SLAVER\sprinter1' sharename : * sharename : 'sprinter1' portname : * portname : 'Samba Printer Port' drivername : * drivername : '' comment : * comment : '' location : * location : '' devmode : * devmode: struct spoolss_DeviceMode devicename : '\\SLAVER\sprinter1' specversion : DMSPEC_NT4_AND_ABOVE (1025) driverversion : 0x0400 (1024) size : 0x00dc (220) __driverextra_length : 0x0000 (0) fields : 0x00014713 (83731) 1: DEVMODE_ORIENTATION 1: DEVMODE_PAPERSIZE 0: DEVMODE_PAPERLENGTH 0: DEVMODE_PAPERWIDTH 1: DEVMODE_SCALE 0: DEVMODE_POSITION 0: DEVMODE_NUP 1: DEVMODE_COPIES 1: DEVMODE_DEFAULTSOURCE 1: DEVMODE_PRINTQUALITY 0: DEVMODE_COLOR 0: DEVMODE_DUPLEX 0: DEVMODE_YRESOLUTION 1: DEVMODE_TTOPTION 0: DEVMODE_COLLATE 1: DEVMODE_FORMNAME 0: DEVMODE_LOGPIXELS 0: DEVMODE_BITSPERPEL 0: DEVMODE_PELSWIDTH 0: DEVMODE_PELSHEIGHT 0: DEVMODE_DISPLAYFLAGS 0: DEVMODE_DISPLAYFREQUENCY 0: DEVMODE_ICMMETHOD 0: DEVMODE_ICMINTENT 0: DEVMODE_MEDIATYPE 0: DEVMODE_DITHERTYPE 0: DEVMODE_PANNINGWIDTH 0: DEVMODE_PANNINGHEIGHT orientation : DMORIENT_PORTRAIT (1) papersize : DMPAPER_LETTER (1) paperlength : 0x0000 (0) paperwidth : 0x0000 (0) scale : 0x0064 (100) copies : 0x0001 (1) defaultsource : DMBIN_FORMSOURCE (15) printquality : DMRES_HIGH (65532) color : DMRES_MONOCHROME (1) duplex : DMDUP_SIMPLEX (1) yresolution : 0x0000 (0) ttoption : DMTT_SUBDEV (3) collate : DMCOLLATE_FALSE (0) formname : 'Letter' logpixels : 0x0000 (0) bitsperpel : 0x00000000 (0) pelswidth : 0x00000000 (0) pelsheight : 0x00000000 (0) displayflags : UNKNOWN_ENUM_VALUE (0) displayfrequency : 0x00000000 (0) icmmethod : UNKNOWN_ENUM_VALUE (0) icmintent : UNKNOWN_ENUM_VALUE (0) mediatype : UNKNOWN_ENUM_VALUE (0) dithertype : UNKNOWN_ENUM_VALUE (0) reserved1 : 0x00000000 (0) reserved2 : 0x00000000 (0) panningwidth : 0x00000000 (0) panningheight : 0x00000000 (0) driverextra_data : DATA_BLOB length=0 sepfile : * sepfile : '' printprocessor : * printprocessor : 'winprint' datatype : * datatype : 'RAW' parameters : * parameters : '' secdesc : * secdesc: struct security_descriptor revision : SECURITY_DESCRIPTOR_REVISION_1 (1) type : 0x8004 (32772) 0: SEC_DESC_OWNER_DEFAULTED 0: SEC_DESC_GROUP_DEFAULTED 1: SEC_DESC_DACL_PRESENT 0: SEC_DESC_DACL_DEFAULTED 0: SEC_DESC_SACL_PRESENT 0: SEC_DESC_SACL_DEFAULTED 0: SEC_DESC_DACL_TRUSTED 0: SEC_DESC_SERVER_SECURITY 0: SEC_DESC_DACL_AUTO_INHERIT_REQ 0: SEC_DESC_SACL_AUTO_INHERIT_REQ 0: SEC_DESC_DACL_AUTO_INHERITED 0: SEC_DESC_SACL_AUTO_INHERITED 0: SEC_DESC_DACL_PROTECTED 0: SEC_DESC_SACL_PROTECTED 0: SEC_DESC_RM_CONTROL_VALID 1: SEC_DESC_SELF_RELATIVE owner_sid : * owner_sid : S-1-5-32-544 group_sid : * group_sid : S-1-5-32-544 sacl : NULL dacl : * dacl: struct security_acl revision : SECURITY_ACL_REVISION_NT4 (2) size : 0x00c4 (196) num_aces : 0x00000007 (7) aces: ARRAY(7) aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0014 (20) access_mask : 0x20020008 (537001992) object : union security_ace_object_ctr(case 0) trustee : S-1-1-0 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x09 (9) 1: SEC_ACE_FLAG_OBJECT_INHERIT 0: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 1: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0024 (36) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-21-1094127309-486540266-3527182606-512 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0024 (36) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-21-1094127309-486540266-3527182606-512 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x09 (9) 1: SEC_ACE_FLAG_OBJECT_INHERIT 0: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 1: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-544 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-544 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x09 (9) 1: SEC_ACE_FLAG_OBJECT_INHERIT 0: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 1: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-550 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-550 attributes : 0x00001048 (4168) 0: PRINTER_ATTRIBUTE_QUEUED 0: PRINTER_ATTRIBUTE_DIRECT 0: PRINTER_ATTRIBUTE_DEFAULT 1: PRINTER_ATTRIBUTE_SHARED 0: PRINTER_ATTRIBUTE_NETWORK 0: PRINTER_ATTRIBUTE_HIDDEN 1: PRINTER_ATTRIBUTE_LOCAL 0: PRINTER_ATTRIBUTE_ENABLE_DEVQ 0: PRINTER_ATTRIBUTE_KEEPPRINTEDJOBS 0: PRINTER_ATTRIBUTE_DO_COMPLETE_FIRST 0: PRINTER_ATTRIBUTE_WORK_OFFLINE 0: PRINTER_ATTRIBUTE_ENABLE_BIDI 1: PRINTER_ATTRIBUTE_RAW_ONLY 0: PRINTER_ATTRIBUTE_PUBLISHED 0: PRINTER_ATTRIBUTE_FAX 0: PRINTER_ATTRIBUTE_TS priority : 0x00000001 (1) defaultpriority : 0x00000001 (1) starttime : 0x00000000 (0) untiltime : 0x00000000 (0) status : 0x00000000 (0) 0: PRINTER_STATUS_PAUSED 0: PRINTER_STATUS_ERROR 0: PRINTER_STATUS_PENDING_DELETION 0: PRINTER_STATUS_PAPER_JAM 0: PRINTER_STATUS_PAPER_OUT 0: PRINTER_STATUS_MANUAL_FEED 0: PRINTER_STATUS_PAPER_PROBLEM 0: PRINTER_STATUS_OFFLINE 0: PRINTER_STATUS_IO_ACTIVE 0: PRINTER_STATUS_BUSY 0: PRINTER_STATUS_PRINTING 0: PRINTER_STATUS_OUTPUT_BIN_FULL 0: PRINTER_STATUS_NOT_AVAILABLE 0: PRINTER_STATUS_WAITING 0: PRINTER_STATUS_PROCESSING 0: PRINTER_STATUS_INITIALIZING 0: PRINTER_STATUS_WARMING_UP 0: PRINTER_STATUS_TONER_LOW 0: PRINTER_STATUS_NO_TONER 0: PRINTER_STATUS_PAGE_PUNT 0: PRINTER_STATUS_USER_INTERVENTION 0: PRINTER_STATUS_OUT_OF_MEMORY 0: PRINTER_STATUS_DOOR_OPEN 0: PRINTER_STATUS_SERVER_UNKNOWN 0: PRINTER_STATUS_POWER_SAVE cjobs : 0x00000000 (0) averageppm : 0x00000000 (0) needed : * needed : 0x000002f0 (752) result : WERR_OK [2013/11/07 14:24:59.969075, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1417(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2013/11/07 14:24:59.969200, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (2016, 5001) - sec_ctx_stack_ndx = 0 [2013/11/07 14:24:59.969319, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 4140 smbd_smb2_request_pending_queue: req->current_idx = 1 req->in.vector[0].iov_len = 0 req->in.vector[1].iov_len = 0 req->in.vector[2].iov_len = 64 req->in.vector[3].iov_len = 56 req->in.vector[4].iov_len = 4156 req->out.vector[0].iov_len = 4 req->out.vector[1].iov_len = 0 req->out.vector[2].iov_len = 64 req->out.vector[3].iov_len = 8 req->out.vector[4].iov_len = 0 [2013/11/07 14:24:59.969825, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:128(smbd_smb2_ioctl_pipe_write_done) smbd_smb2_ioctl_pipe_write_done: received 4156 [2013/11/07 14:24:59.969910, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:149(smbd_smb2_ioctl_pipe_write_done) smbd_smb2_ioctl_pipe_write_done: issuing np_read_send of size 4136 [2013/11/07 14:24:59.969995, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) name: \spoolss len: 4136 [2013/11/07 14:24:59.970079, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:347(read_from_internal_pipe) read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 4112. [2013/11/07 14:24:59.970177, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x1028 (4136) auth_length : 0x0000 (0) call_id : 0x0000000b (11) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00001010 (4112) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=4112 [0000] 04 00 02 00 00 10 00 00 EE 0F 00 00 C8 0F 00 00 ........ ........ [0010] B4 0F 00 00 8E 0F 00 00 8C 0F 00 00 8A 0F 00 00 ........ ........ [0020] 88 0F 00 00 8C 0E 00 00 86 0F 00 00 74 0F 00 00 ........ ....t... [0030] 6C 0F 00 00 6A 0F 00 00 94 0D 00 00 48 10 00 00 l...j... ....H... [0040] 01 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 01 00 04 80 ........ ........ [0DA0] D8 00 00 00 E8 00 00 00 00 00 00 00 14 00 00 00 ........ ........ [0DB0] 02 00 C4 00 07 00 00 00 00 02 14 00 08 00 02 20 ........ ....... [0DC0] 01 01 00 00 00 00 00 01 00 00 00 00 00 09 24 00 ........ ......$. [0DD0] 0C 00 0F 10 01 05 00 00 00 00 00 05 15 00 00 00 ........ ........ [0DE0] CD 0E 37 41 EA 03 00 1D 0E 89 3C D2 00 02 00 00 ..7A.... ..<..... [0DF0] 00 02 24 00 0C 00 0F 10 01 05 00 00 00 00 00 05 ..$..... ........ [0E00] 15 00 00 00 CD 0E 37 41 EA 03 00 1D 0E 89 3C D2 ......7A ......<. [0E10] 00 02 00 00 00 09 18 00 0C 00 0F 10 01 02 00 00 ........ ........ [0E20] 00 00 00 05 20 00 00 00 20 02 00 00 00 02 18 00 .... ... ....... [0E30] 0C 00 0F 10 01 02 00 00 00 00 00 05 20 00 00 00 ........ .... ... [0E40] 20 02 00 00 00 09 18 00 0C 00 0F 10 01 02 00 00 ....... ........ [0E50] 00 00 00 05 20 00 00 00 26 02 00 00 00 02 18 00 .... ... &....... [0E60] 0C 00 0F 10 01 02 00 00 00 00 00 05 20 00 00 00 ........ .... ... [0E70] 26 02 00 00 01 02 00 00 00 00 00 05 20 00 00 00 &....... .... ... [0E80] 20 02 00 00 01 02 00 00 00 00 00 05 20 00 00 00 ....... .... ... [0E90] 20 02 00 00 5C 00 5C 00 53 00 4C 00 41 00 56 00 ...\.\. S.L.A.V. [0EA0] 45 00 52 00 5C 00 73 00 70 00 72 00 69 00 6E 00 E.R.\.s. p.r.i.n. [0EB0] 74 00 65 00 72 00 31 00 00 00 00 00 00 00 00 00 t.e.r.1. ........ [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0ED0] 00 00 00 00 01 04 00 04 DC 00 00 00 13 47 01 00 ........ .....G.. [0EE0] 01 00 01 00 00 00 00 00 64 00 01 00 0F 00 FC FF ........ d....... [0EF0] 01 00 01 00 00 00 03 00 00 00 4C 00 65 00 74 00 ........ ..L.e.t. [0F00] 74 00 65 00 72 00 00 00 00 00 00 00 00 00 00 00 t.e.r... ........ [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F70] 00 00 00 00 52 00 41 00 57 00 00 00 77 00 69 00 ....R.A. W...w.i. [0F80] 6E 00 70 00 72 00 69 00 6E 00 74 00 00 00 00 00 n.p.r.i. n.t..... [0F90] 00 00 00 00 00 00 53 00 61 00 6D 00 62 00 61 00 ......S. a.m.b.a. [0FA0] 20 00 50 00 72 00 69 00 6E 00 74 00 65 00 72 00 .P.r.i. n.t.e.r. [0FB0] 20 00 50 00 6F 00 72 00 74 00 00 00 73 00 70 00 .P.o.r. t...s.p. [0FC0] 72 00 69 00 6E 00 74 00 65 00 72 00 31 00 00 00 r.i.n.t. e.r.1... [0FD0] 5C 00 5C 00 53 00 4C 00 41 00 56 00 45 00 52 00 \.\.S.L. A.V.E.R. [0FE0] 5C 00 73 00 70 00 72 00 69 00 6E 00 74 00 65 00 \.s.p.r. i.n.t.e. [0FF0] 72 00 31 00 00 00 5C 00 5C 00 53 00 4C 00 41 00 r.1...\. \.S.L.A. [1000] 56 00 45 00 52 00 00 00 F0 02 00 00 00 00 00 00 V.E.R... ........ [2013/11/07 14:24:59.987746, 3, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) free_pipe_context: destroying talloc pool of size 1258 [2013/11/07 14:24:59.987868, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 4136 bytes. There is no more data outstanding [2013/11/07 14:24:59.987950, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:178(smbd_smb2_ioctl_pipe_read_done) smbd_smb2_ioctl_pipe_read_done: np_read_recv nread = 4136 is_data_outstanding = 0, status = NT_STATUS_OK [2013/11/07 14:24:59.988042, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl.c:291(smbd_smb2_request_ioctl_done) smbd_smb2_request_ioctl_done: smbd_smb2_ioctl_recv returned 4136 status NT_STATUS_OK [2013/11/07 14:24:59.988127, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[48] dyn[yes:4136] at ../source3/smbd/smb2_ioctl.c:358 [2013/11/07 14:24:59.988215, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/250/127 [2013/11/07 14:24:59.988530, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) smbd_smb2_request_incoming: idx[1] of 5 vectors [2013/11/07 14:24:59.988643, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) smb2_validate_sequence_number: clearing id 250 (position 250) from bitmap [2013/11/07 14:24:59.988730, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) smbd_smb2_request_dispatch: opcode[SMB2_OP_READ] mid = 250 [2013/11/07 14:24:59.988832, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2013/11/07 14:24:59.988926, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) mid 250, CreditCharge: 1, NeededCharge: 1 [2013/11/07 14:24:59.989009, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_read.c:400(smbd_smb2_read_send) smbd_smb2_read: spoolss - fnum 3864993587 [2013/11/07 14:24:59.989140, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) name: \spoolss len: 1024 [2013/11/07 14:24:59.989229, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:326(read_from_internal_pipe) read_from_pipe: \spoolss: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. [2013/11/07 14:24:59.989330, 3, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) free_pipe_context: destroying talloc pool of size 25 smbd_smb2_request_pending_queue: req->current_idx = 1 req->in.vector[0].iov_len = 0 req->in.vector[1].iov_len = 0 req->in.vector[2].iov_len = 64 req->in.vector[3].iov_len = 48 req->in.vector[4].iov_len = 1 req->out.vector[0].iov_len = 4 req->out.vector[1].iov_len = 0 req->out.vector[2].iov_len = 64 req->out.vector[3].iov_len = 8 req->out.vector[4].iov_len = 0 [2013/11/07 14:24:59.989817, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 68 bytes. There is no more data outstanding [2013/11/07 14:24:59.989902, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[16] dyn[yes:68] at ../source3/smbd/smb2_read.c:154 [2013/11/07 14:24:59.989988, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/251/127 [2013/11/07 14:24:59.994194, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) smbd_smb2_request_incoming: idx[1] of 5 vectors [2013/11/07 14:24:59.994532, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) smb2_validate_sequence_number: clearing id 251 (position 251) from bitmap [2013/11/07 14:24:59.994766, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) smbd_smb2_request_dispatch: opcode[SMB2_OP_IOCTL] mid = 251 [2013/11/07 14:24:59.995011, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2013/11/07 14:24:59.995232, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) mid 251, CreditCharge: 1, NeededCharge: 1 [2013/11/07 14:24:59.995438, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl.c:394(smbd_smb2_ioctl_send) smbd_smb2_ioctl: ctl_code[0x0011c017] spoolss, fnum 3864993587 [2013/11/07 14:24:59.995656, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:59(smb2_ioctl_named_pipe) smbd_smb2_ioctl_send: np_write_send of size 192 [2013/11/07 14:24:59.995905, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 192 [2013/11/07 14:24:59.996112, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 192 [2013/11/07 14:24:59.996384, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 192 [2013/11/07 14:24:59.996805, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) fill_rpc_header: data_to_copy = 192, len_needed_to_complete_hdr = 16, receive_len = 0 [2013/11/07 14:24:59.997015, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 16 [2013/11/07 14:24:59.997213, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 176 [2013/11/07 14:24:59.997506, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 176 [2013/11/07 14:24:59.997715, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 0 [2013/11/07 14:24:59.997913, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 176 [2013/11/07 14:24:59.998110, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 176, incoming data = 176 [2013/11/07 14:24:59.998317, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) PDU is in Little Endian format! [2013/11/07 14:24:59.998540, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x00c0 (192) auth_length : 0x0000 (0) call_id : 0x00000002 (2) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x000000a8 (168) context_id : 0x0000 (0) opnum : 0x0045 (69) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=168 [0000] 00 00 02 00 13 00 00 00 00 00 00 00 13 00 00 00 ........ ........ [0010] 5C 00 5C 00 53 00 4C 00 41 00 56 00 45 00 52 00 \.\.S.L. A.V.E.R. [0020] 5C 00 73 00 70 00 72 00 69 00 6E 00 74 00 65 00 \.s.p.r. i.n.t.e. [0030] 72 00 31 00 00 00 00 00 00 00 00 00 00 00 00 00 r.1..... ........ [0040] 00 00 00 00 00 00 00 00 01 00 00 00 01 00 00 00 ........ ........ [0050] 04 00 02 00 28 00 00 00 08 00 02 00 0C 00 02 00 ....(... ........ [0060] 80 25 00 00 03 00 00 00 00 00 00 00 09 00 00 00 .%...... ........ [0070] 05 00 00 00 00 00 00 00 05 00 00 00 57 00 49 00 ........ ....W.I. [0080] 4E 00 38 00 00 00 00 00 0A 00 00 00 00 00 00 00 N.8..... ........ [0090] 0A 00 00 00 46 00 46 00 46 00 5C 00 74 00 65 00 ....F.F. F.\.t.e. [00A0] 73 00 74 00 38 00 00 00 s.t.8... [2013/11/07 14:25:00.002777, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) Processing packet type 0 [2013/11/07 14:25:00.002982, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1472(dcesrv_auth_request) Checking request auth. [2013/11/07 14:25:00.003192, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(2016, 5001) : sec_ctx_stack_ndx = 1 [2013/11/07 14:25:00.003415, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (2016, 5001) - sec_ctx_stack_ndx = 1 [2013/11/07 14:25:00.003624, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (7): SID[ 0]: S-1-5-21-1094127309-486540266-3527182606-1118 SID[ 1]: S-1-5-21-1094127309-486540266-3527182606-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-32-545 SID[ 6]: S-1-5-32-554 Privileges (0x 800000): Privilege[ 0]: SeChangeNotifyPrivilege Rights (0x 400): Right[ 0]: SeRemoteInteractiveLogonRight [2013/11/07 14:25:00.004888, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 2016 Primary group is 5001 and contains 6 supplementary groups Group[ 0]: 5001 Group[ 1]: 5012 Group[ 2]: 5032 Group[ 3]: 5010 Group[ 4]: 5067 Group[ 5]: 5052 [2013/11/07 14:25:00.005756, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1324(api_pipe_request) Requested \spoolss rpc service [2013/11/07 14:25:00.005967, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1356(api_rpcTNP) api_rpcTNP: \spoolss op 0x45 - api_rpcTNP: rpc command: SPOOLSS_OPENPRINTEREX [2013/11/07 14:25:00.006181, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1390(api_rpcTNP) api_rpc_cmds[69].fn == 0xb7662e70 [2013/11/07 14:25:00.006412, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) spoolss_OpenPrinterEx: struct spoolss_OpenPrinterEx in: struct spoolss_OpenPrinterEx printername : * printername : '\\SLAVER\sprinter1' datatype : NULL devmode_ctr: struct spoolss_DevmodeContainer _ndr_size : 0x00000000 (0) devmode : NULL access_mask : 0x00000000 (0) 0: SERVER_ACCESS_ADMINISTER 0: SERVER_ACCESS_ENUMERATE 0: PRINTER_ACCESS_ADMINISTER 0: PRINTER_ACCESS_USE 0: JOB_ACCESS_ADMINISTER 0: JOB_ACCESS_READ userlevel_ctr: struct spoolss_UserLevelCtr level : 0x00000001 (1) user_info : union spoolss_UserLevel(case 1) level1 : * level1: struct spoolss_UserLevel1 size : 0x00000028 (40) client : * client : 'WIN8' user : * user : 'FFF\test8' build : 0x00002580 (9600) major : UNKNOWN_ENUM_VALUE (3) minor : SPOOLSS_MINOR_VERSION_0 (0) processor : PROCESSOR_ARCHITECTURE_AMD64 (9) checking name: \\SLAVER\sprinter1 [2013/11/07 14:25:00.009468, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:737(open_printer_hnd) open_printer_hnd: name [\\SLAVER\sprinter1] [2013/11/07 14:25:00.009560, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[6] [0000] 00 00 00 00 C0 01 00 00 00 00 00 00 7B 52 AC 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:00.009713, 3, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:506(set_printer_hnd_printertype) Setting printer type=\\SLAVER\sprinter1 Printer is a printer [2013/11/07 14:25:00.009830, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:566(set_printer_hnd_name) Setting printer name=\\SLAVER\sprinter1 (len=18) searching for [sprinter1] [2013/11/07 14:25:00.009988, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=tdb] ../source3/lib/gencache.c:275(gencache_set_data_blob) Did not store value for PRINTERNAME/sprinter1, we already got it set_printer_hnd_name: Printer found: sprinter1 -> sprinter1 [2013/11/07 14:25:00.010106, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:773(open_printer_hnd) 6 printer handles active [2013/11/07 14:25:00.010188, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 C0 01 00 00 00 00 00 00 7B 52 AC 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:00.010342, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 C0 01 00 00 00 00 00 00 7B 52 AC 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:00.010492, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:489(get_printer_snum) short name:sprinter1 [2013/11/07 14:25:00.010595, 3, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/access.c:338(allow_access) Allowed connection from 10.200.7.61 (10.200.7.61) [2013/11/07 14:25:00.010809, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/share_access.c:237(user_ok_token) user_ok_token: share sprinter1 is ok for unix user test8 [2013/11/07 14:25:00.010969, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) Create pipe requested \winreg [2013/11/07 14:25:00.011062, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:221(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \winreg [2013/11/07 14:25:00.011145, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg [2013/11/07 14:25:00.011280, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) Created internal pipe \winreg [2013/11/07 14:25:00.011388, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:25:00.011911, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2013/11/07 14:25:00.011997, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(2016, 5001) : sec_ctx_stack_ndx = 2 [2013/11/07 14:25:00.012084, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:485(push_conn_ctx) push_conn_ctx(2620291195) : conn_ctx_stack_ndx = 0 [2013/11/07 14:25:00.012165, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/11/07 14:25:00.012245, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/11/07 14:25:00.012324, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/11/07 14:25:00.012619, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (2016, 5001) - sec_ctx_stack_ndx = 1 [2013/11/07 14:25:00.012705, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:866(regdb_open) regdb_open: registry db opened. refcount reset (1) [2013/11/07 14:25:00.012792, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2013/11/07 14:25:00.012872, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2013/11/07 14:25:00.012956, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:00.013035, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM] [2013/11/07 14:25:00.013163, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2013/11/07 14:25:00.013267, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:25:00.013369, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 C1 01 00 00 00 00 00 00 7B 52 AC 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:00.013522, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001c1-0000-0000-7b52-ac947f2c0000 result : WERR_OK [2013/11/07 14:25:00.013890, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001c1-0000-0000-7b52-ac947f2c0000 keyname: struct winreg_String name_len : 0x008c (140) name_size : 0x008c (140) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:25:00.014918, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 C1 01 00 00 00 00 00 00 7B 52 AC 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:00.015071, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2013/11/07 14:25:00.015154, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (1->2) [2013/11/07 14:25:00.015238, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2013/11/07 14:25:00.015317, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2013/11/07 14:25:00.015401, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:00.015481, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE] [2013/11/07 14:25:00.015593, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2013/11/07 14:25:00.015896, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2013/11/07 14:25:00.015991, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (2->3) [2013/11/07 14:25:00.016077, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:25:00.016157, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:25:00.016243, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:00.016338, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:25:00.016497, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2013/11/07 14:25:00.016599, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2013/11/07 14:25:00.016682, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (3->4) [2013/11/07 14:25:00.016766, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:25:00.016846, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:25:00.016930, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:00.017009, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:25:00.017113, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:25:00.017214, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2013/11/07 14:25:00.017310, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (4->5) [2013/11/07 14:25:00.017395, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:25:00.017475, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:25:00.017560, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:00.017639, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:25:00.017766, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2013/11/07 14:25:00.017956, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (5->6) [2013/11/07 14:25:00.018043, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:25:00.018124, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:25:00.018213, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:00.018307, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:25:00.018423, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2013/11/07 14:25:00.018506, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (6->7) [2013/11/07 14:25:00.018591, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:25:00.018672, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:25:00.018761, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:00.018840, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:25:00.019014, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:25:00.019119, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [sprinter1] [2013/11/07 14:25:00.019202, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (7->8) [2013/11/07 14:25:00.019288, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:00.019369, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:00.019457, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:00.019536, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:00.019664, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:00.019770, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:25:00.019856, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (8->7) [2013/11/07 14:25:00.019940, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (7->6) [2013/11/07 14:25:00.020039, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (6->5) [2013/11/07 14:25:00.020122, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (5->4) [2013/11/07 14:25:00.020205, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (4->3) [2013/11/07 14:25:00.020287, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (3->2) [2013/11/07 14:25:00.020373, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 C2 01 00 00 00 00 00 00 7B 52 AC 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:00.020668, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001c2-0000-0000-7b52-ac947f2c0000 result : WERR_OK [2013/11/07 14:25:00.021050, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001c2-0000-0000-7b52-ac947f2c0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2013/11/07 14:25:00.021862, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 C2 01 00 00 00 00 00 00 7B 52 AC 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:00.022015, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:00.022098, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2013/11/07 14:25:00.022181, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' (ops 0xb6d86bc0) [2013/11/07 14:25:00.022265, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:00.022409, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[0]: name[Attributes] len[4] [2013/11/07 14:25:00.022495, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[1]: name[Description] len[2] [2013/11/07 14:25:00.022645, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[2]: name[Datatype] len[8] [2013/11/07 14:25:00.022761, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[3]: name[Default Priority] len[4] [2013/11/07 14:25:00.022846, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[4]: name[Port] len[38] [2013/11/07 14:25:00.022990, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[5]: name[Name] len[20] [2013/11/07 14:25:00.023075, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[6]: name[Print Processor] len[18] [2013/11/07 14:25:00.023160, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[7]: name[Priority] len[4] [2013/11/07 14:25:00.023245, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[8]: name[Security] len[248] [2013/11/07 14:25:00.023331, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[9]: name[Share Name] len[20] [2013/11/07 14:25:00.023416, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[10]: name[StartTime] len[4] [2013/11/07 14:25:00.023501, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[11]: name[UntilTime] len[4] [2013/11/07 14:25:00.023586, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[12]: name[ChangeID] len[4] [2013/11/07 14:25:00.023674, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : NULL data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x00000000 (0) result : WERR_OK [2013/11/07 14:25:00.024139, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001c2-0000-0000-7b52-ac947f2c0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_BINARY (3) data : * data: ARRAY(0) data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x00000000 (0) [2013/11/07 14:25:00.025014, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 C2 01 00 00 00 00 00 00 7B 52 AC 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:00.025164, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:00.025247, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2013/11/07 14:25:00.025350, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : * data: ARRAY(248) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0xc4 (196) [55] : 0x00 (0) [56] : 0x07 (7) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x24 (36) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x05 (5) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x15 (21) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0xcd (205) [101] : 0x0e (14) [102] : 0x37 (55) [103] : 0x41 (65) [104] : 0xea (234) [105] : 0x03 (3) [106] : 0x00 (0) [107] : 0x1d (29) [108] : 0x0e (14) [109] : 0x89 (137) [110] : 0x3c (60) [111] : 0xd2 (210) [112] : 0x00 (0) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x02 (2) [118] : 0x24 (36) [119] : 0x00 (0) [120] : 0x0c (12) [121] : 0x00 (0) [122] : 0x0f (15) [123] : 0x10 (16) [124] : 0x01 (1) [125] : 0x05 (5) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x05 (5) [132] : 0x15 (21) [133] : 0x00 (0) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0xcd (205) [137] : 0x0e (14) [138] : 0x37 (55) [139] : 0x41 (65) [140] : 0xea (234) [141] : 0x03 (3) [142] : 0x00 (0) [143] : 0x1d (29) [144] : 0x0e (14) [145] : 0x89 (137) [146] : 0x3c (60) [147] : 0xd2 (210) [148] : 0x00 (0) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x09 (9) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x20 (32) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x02 (2) [178] : 0x18 (24) [179] : 0x00 (0) [180] : 0x0c (12) [181] : 0x00 (0) [182] : 0x0f (15) [183] : 0x10 (16) [184] : 0x01 (1) [185] : 0x02 (2) [186] : 0x00 (0) [187] : 0x00 (0) [188] : 0x00 (0) [189] : 0x00 (0) [190] : 0x00 (0) [191] : 0x05 (5) [192] : 0x20 (32) [193] : 0x00 (0) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x20 (32) [197] : 0x02 (2) [198] : 0x00 (0) [199] : 0x00 (0) [200] : 0x00 (0) [201] : 0x09 (9) [202] : 0x18 (24) [203] : 0x00 (0) [204] : 0x0c (12) [205] : 0x00 (0) [206] : 0x0f (15) [207] : 0x10 (16) [208] : 0x01 (1) [209] : 0x02 (2) [210] : 0x00 (0) [211] : 0x00 (0) [212] : 0x00 (0) [213] : 0x00 (0) [214] : 0x00 (0) [215] : 0x05 (5) [216] : 0x20 (32) [217] : 0x00 (0) [218] : 0x00 (0) [219] : 0x00 (0) [220] : 0x26 (38) [221] : 0x02 (2) [222] : 0x00 (0) [223] : 0x00 (0) [224] : 0x00 (0) [225] : 0x02 (2) [226] : 0x18 (24) [227] : 0x00 (0) [228] : 0x0c (12) [229] : 0x00 (0) [230] : 0x0f (15) [231] : 0x10 (16) [232] : 0x01 (1) [233] : 0x02 (2) [234] : 0x00 (0) [235] : 0x00 (0) [236] : 0x00 (0) [237] : 0x00 (0) [238] : 0x00 (0) [239] : 0x05 (5) [240] : 0x20 (32) [241] : 0x00 (0) [242] : 0x00 (0) [243] : 0x00 (0) [244] : 0x26 (38) [245] : 0x02 (2) [246] : 0x00 (0) [247] : 0x00 (0) data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x000000f8 (248) result : WERR_OK [2013/11/07 14:25:00.036082, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001c2-0000-0000-7b52-ac947f2c0000 [2013/11/07 14:25:00.036379, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 C2 01 00 00 00 00 00 00 7B 52 AC 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:00.036562, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 C2 01 00 00 00 00 00 00 7B 52 AC 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:00.036710, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:25:00.036799, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (2->1) [2013/11/07 14:25:00.036884, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:25:00.037223, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001c1-0000-0000-7b52-ac947f2c0000 [2013/11/07 14:25:00.037516, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 C1 01 00 00 00 00 00 00 7B 52 AC 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:00.037665, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 C1 01 00 00 00 00 00 00 7B 52 AC 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:00.037812, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:25:00.037895, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (1->0) [2013/11/07 14:25:00.038001, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:25:00.038351, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:416(close_policy_by_pipe) Deleted handle list for RPC connection \winreg [2013/11/07 14:25:00.038443, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x20020008 to 0x00020008 [2013/11/07 14:25:00.038676, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2013/11/07 14:25:00.038758, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2013/11/07 14:25:00.038838, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2013/11/07 14:25:00.038919, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2013/11/07 14:25:00.038999, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2013/11/07 14:25:00.039080, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2013/11/07 14:25:00.039163, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/printing/nt_printing.c:1844(print_access_check) access check was SUCCESS [2013/11/07 14:25:00.039248, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:1921(_spoolss_OpenPrinterEx) Setting printer access = PRINTER_ACCESS_USE [2013/11/07 14:25:00.039416, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) Create pipe requested \winreg [2013/11/07 14:25:00.039512, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:221(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \winreg [2013/11/07 14:25:00.039595, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg [2013/11/07 14:25:00.039733, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) Created internal pipe \winreg [2013/11/07 14:25:00.039836, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:25:00.040344, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2013/11/07 14:25:00.040493, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(2016, 5001) : sec_ctx_stack_ndx = 2 [2013/11/07 14:25:00.040583, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:485(push_conn_ctx) push_conn_ctx(2620291195) : conn_ctx_stack_ndx = 0 [2013/11/07 14:25:00.040683, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/11/07 14:25:00.040765, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/11/07 14:25:00.040845, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/11/07 14:25:00.041095, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (2016, 5001) - sec_ctx_stack_ndx = 1 [2013/11/07 14:25:00.041179, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:866(regdb_open) regdb_open: registry db opened. refcount reset (1) [2013/11/07 14:25:00.041266, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2013/11/07 14:25:00.041365, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2013/11/07 14:25:00.041449, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:00.041529, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM] [2013/11/07 14:25:00.041657, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2013/11/07 14:25:00.041760, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:25:00.041848, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 C3 01 00 00 00 00 00 00 7B 52 AC 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:00.042001, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001c3-0000-0000-7b52-ac947f2c0000 result : WERR_OK [2013/11/07 14:25:00.042357, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001c3-0000-0000-7b52-ac947f2c0000 keyname: struct winreg_String name_len : 0x008c (140) name_size : 0x008c (140) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:25:00.043544, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 C3 01 00 00 00 00 00 00 7B 52 AC 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:00.043709, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2013/11/07 14:25:00.043794, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (1->2) [2013/11/07 14:25:00.043878, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2013/11/07 14:25:00.043958, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2013/11/07 14:25:00.044043, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:00.044124, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE] [2013/11/07 14:25:00.044240, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2013/11/07 14:25:00.044343, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2013/11/07 14:25:00.044469, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (2->3) [2013/11/07 14:25:00.044554, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:25:00.044634, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:25:00.044718, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:00.044797, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:25:00.044904, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2013/11/07 14:25:00.045004, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2013/11/07 14:25:00.045088, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (3->4) [2013/11/07 14:25:00.045172, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:25:00.045267, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:25:00.045384, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:00.045464, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:25:00.045572, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:25:00.045673, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2013/11/07 14:25:00.045756, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (4->5) [2013/11/07 14:25:00.045841, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:25:00.045921, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:25:00.046006, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:00.046086, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:25:00.046209, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2013/11/07 14:25:00.046292, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (5->6) [2013/11/07 14:25:00.046378, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:25:00.046459, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:25:00.046548, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:00.046627, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:25:00.046736, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2013/11/07 14:25:00.046818, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (6->7) [2013/11/07 14:25:00.046904, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:25:00.046999, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:25:00.047088, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:00.047167, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:25:00.047272, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:25:00.047375, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [sprinter1] [2013/11/07 14:25:00.047458, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (7->8) [2013/11/07 14:25:00.047544, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:00.047625, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:00.047713, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:00.047792, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:00.047919, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:00.048023, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:25:00.048109, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (8->7) [2013/11/07 14:25:00.048193, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (7->6) [2013/11/07 14:25:00.048278, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (6->5) [2013/11/07 14:25:00.048361, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (5->4) [2013/11/07 14:25:00.048481, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (4->3) [2013/11/07 14:25:00.048565, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (3->2) [2013/11/07 14:25:00.048651, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 C4 01 00 00 00 00 00 00 7B 52 AC 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:00.048815, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001c4-0000-0000-7b52-ac947f2c0000 result : WERR_OK [2013/11/07 14:25:00.049160, 2, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/rpc_client/cli_winreg_spoolss.c:626(winreg_create_printer) winreg_create_printer: Skipping, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1 already exists [2013/11/07 14:25:00.049260, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001c4-0000-0000-7b52-ac947f2c0000 [2013/11/07 14:25:00.049566, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 C4 01 00 00 00 00 00 00 7B 52 AC 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:00.049717, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 C4 01 00 00 00 00 00 00 7B 52 AC 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:00.049866, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:25:00.049949, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (2->1) [2013/11/07 14:25:00.050031, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:25:00.050370, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001c3-0000-0000-7b52-ac947f2c0000 [2013/11/07 14:25:00.050652, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 C3 01 00 00 00 00 00 00 7B 52 AC 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:00.050803, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 C3 01 00 00 00 00 00 00 7B 52 AC 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:00.050953, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:25:00.051044, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (1->0) [2013/11/07 14:25:00.051143, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:25:00.051476, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:416(close_policy_by_pipe) Deleted handle list for RPC connection \winreg [2013/11/07 14:25:00.051568, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) spoolss_OpenPrinterEx: struct spoolss_OpenPrinterEx out: struct spoolss_OpenPrinterEx handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001c0-0000-0000-7b52-ac947f2c0000 result : WERR_OK [2013/11/07 14:25:00.051896, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1417(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2013/11/07 14:25:00.051999, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (2016, 5001) - sec_ctx_stack_ndx = 0 [2013/11/07 14:25:00.052085, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 176 smbd_smb2_request_pending_queue: req->current_idx = 1 req->in.vector[0].iov_len = 0 req->in.vector[1].iov_len = 0 req->in.vector[2].iov_len = 64 req->in.vector[3].iov_len = 56 req->in.vector[4].iov_len = 192 req->out.vector[0].iov_len = 4 req->out.vector[1].iov_len = 0 req->out.vector[2].iov_len = 64 req->out.vector[3].iov_len = 8 req->out.vector[4].iov_len = 0 [2013/11/07 14:25:00.052626, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:128(smbd_smb2_ioctl_pipe_write_done) smbd_smb2_ioctl_pipe_write_done: received 192 [2013/11/07 14:25:00.052710, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:149(smbd_smb2_ioctl_pipe_write_done) smbd_smb2_ioctl_pipe_write_done: issuing np_read_send of size 1024 [2013/11/07 14:25:00.052796, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) name: \spoolss len: 1024 [2013/11/07 14:25:00.052880, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:347(read_from_internal_pipe) read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 24. [2013/11/07 14:25:00.052976, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0030 (48) auth_length : 0x0000 (0) call_id : 0x00000002 (2) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00000018 (24) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=24 [0000] 00 00 00 00 C0 01 00 00 00 00 00 00 7B 52 AC 94 ........ ....{R.. [0010] 7F 2C 00 00 00 00 00 00 .,...... [2013/11/07 14:25:00.053940, 3, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) free_pipe_context: destroying talloc pool of size 61 [2013/11/07 14:25:00.054033, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 48 bytes. There is no more data outstanding [2013/11/07 14:25:00.054114, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:178(smbd_smb2_ioctl_pipe_read_done) smbd_smb2_ioctl_pipe_read_done: np_read_recv nread = 48 is_data_outstanding = 0, status = NT_STATUS_OK [2013/11/07 14:25:00.054202, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl.c:291(smbd_smb2_request_ioctl_done) smbd_smb2_request_ioctl_done: smbd_smb2_ioctl_recv returned 48 status NT_STATUS_OK [2013/11/07 14:25:00.054285, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[48] dyn[yes:48] at ../source3/smbd/smb2_ioctl.c:358 [2013/11/07 14:25:00.054373, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/252/127 [2013/11/07 14:25:00.054613, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) smbd_smb2_request_incoming: idx[1] of 5 vectors [2013/11/07 14:25:00.054705, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) smb2_validate_sequence_number: clearing id 252 (position 252) from bitmap [2013/11/07 14:25:00.054790, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) smbd_smb2_request_dispatch: opcode[SMB2_OP_IOCTL] mid = 252 [2013/11/07 14:25:00.054894, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2013/11/07 14:25:00.054988, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) mid 252, CreditCharge: 1, NeededCharge: 1 [2013/11/07 14:25:00.055071, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl.c:394(smbd_smb2_ioctl_send) smbd_smb2_ioctl: ctl_code[0x0011c017] spoolss, fnum 3764318751 [2013/11/07 14:25:00.055161, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:59(smb2_ioctl_named_pipe) smbd_smb2_ioctl_send: np_write_send of size 4156 [2013/11/07 14:25:00.055243, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 4156 [2013/11/07 14:25:00.055325, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 4156 [2013/11/07 14:25:00.055406, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 4156 [2013/11/07 14:25:00.055489, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) fill_rpc_header: data_to_copy = 4156, len_needed_to_complete_hdr = 16, receive_len = 0 [2013/11/07 14:25:00.055587, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 16 [2013/11/07 14:25:00.055667, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 4140 [2013/11/07 14:25:00.055746, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 4140 [2013/11/07 14:25:00.055833, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 0 [2013/11/07 14:25:00.055913, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 4140 [2013/11/07 14:25:00.055993, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 4140, incoming data = 4140 [2013/11/07 14:25:00.056079, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) PDU is in Little Endian format! [2013/11/07 14:25:00.056170, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x103c (4156) auth_length : 0x0000 (0) call_id : 0x0000000c (12) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x00001024 (4132) context_id : 0x0000 (0) opnum : 0x0008 (8) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=4132 [0000] 00 00 00 00 7E 01 00 00 00 00 00 00 7B 52 AA 94 ....~... ....{R.. [0010] 7F 2C 00 00 02 00 00 00 00 00 02 00 00 10 00 00 .,...... ........ [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1020] 00 10 00 00 .... [2013/11/07 14:25:00.074885, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) Processing packet type 0 [2013/11/07 14:25:00.074978, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1472(dcesrv_auth_request) Checking request auth. [2013/11/07 14:25:00.075073, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(2016, 5001) : sec_ctx_stack_ndx = 1 [2013/11/07 14:25:00.075165, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (2016, 5001) - sec_ctx_stack_ndx = 1 [2013/11/07 14:25:00.075251, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (7): SID[ 0]: S-1-5-21-1094127309-486540266-3527182606-1118 SID[ 1]: S-1-5-21-1094127309-486540266-3527182606-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-32-545 SID[ 6]: S-1-5-32-554 Privileges (0x 800000): Privilege[ 0]: SeChangeNotifyPrivilege Rights (0x 400): Right[ 0]: SeRemoteInteractiveLogonRight [2013/11/07 14:25:00.075752, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 2016 Primary group is 5001 and contains 6 supplementary groups Group[ 0]: 5001 Group[ 1]: 5012 Group[ 2]: 5032 Group[ 3]: 5010 Group[ 4]: 5067 Group[ 5]: 5052 [2013/11/07 14:25:00.076099, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1324(api_pipe_request) Requested \spoolss rpc service [2013/11/07 14:25:00.076188, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1356(api_rpcTNP) api_rpcTNP: \spoolss op 0x8 - api_rpcTNP: rpc command: SPOOLSS_GETPRINTER [2013/11/07 14:25:00.076274, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1390(api_rpcTNP) api_rpc_cmds[8].fn == 0xb766e000 [2013/11/07 14:25:00.076365, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) spoolss_GetPrinter: struct spoolss_GetPrinter in: struct spoolss_GetPrinter handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000017e-0000-0000-7b52-aa947f2c0000 level : 0x00000002 (2) buffer : * buffer : DATA_BLOB length=4096 [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ offered : 0x00001000 (4096) [2013/11/07 14:25:00.093642, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[5] [0000] 00 00 00 00 7E 01 00 00 00 00 00 00 7B 52 AA 94 ....~... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:00.093810, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[5] [0000] 00 00 00 00 7E 01 00 00 00 00 00 00 7B 52 AA 94 ....~... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:00.093959, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:489(get_printer_snum) short name:sprinter1 [2013/11/07 14:25:00.094152, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) Create pipe requested \winreg [2013/11/07 14:25:00.094250, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:221(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \winreg [2013/11/07 14:25:00.094336, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg [2013/11/07 14:25:00.094486, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) Created internal pipe \winreg [2013/11/07 14:25:00.094605, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:25:00.095118, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2013/11/07 14:25:00.095205, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(2016, 5001) : sec_ctx_stack_ndx = 2 [2013/11/07 14:25:00.095312, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:485(push_conn_ctx) push_conn_ctx(2620291195) : conn_ctx_stack_ndx = 0 [2013/11/07 14:25:00.095395, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/11/07 14:25:00.095476, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/11/07 14:25:00.095557, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/11/07 14:25:00.095817, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (2016, 5001) - sec_ctx_stack_ndx = 1 [2013/11/07 14:25:00.095903, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:866(regdb_open) regdb_open: registry db opened. refcount reset (1) [2013/11/07 14:25:00.095989, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2013/11/07 14:25:00.096070, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2013/11/07 14:25:00.096154, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:00.096234, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM] [2013/11/07 14:25:00.096362, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2013/11/07 14:25:00.096537, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:25:00.096628, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 C5 01 00 00 00 00 00 00 7B 52 AC 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:00.096783, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001c5-0000-0000-7b52-ac947f2c0000 result : WERR_OK [2013/11/07 14:25:00.097153, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001c5-0000-0000-7b52-ac947f2c0000 keyname: struct winreg_String name_len : 0x008c (140) name_size : 0x008c (140) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:25:00.098191, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 C5 01 00 00 00 00 00 00 7B 52 AC 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:00.098347, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2013/11/07 14:25:00.098430, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (1->2) [2013/11/07 14:25:00.098514, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2013/11/07 14:25:00.098594, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2013/11/07 14:25:00.098680, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:00.098761, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE] [2013/11/07 14:25:00.098875, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2013/11/07 14:25:00.098977, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2013/11/07 14:25:00.099060, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (2->3) [2013/11/07 14:25:00.099144, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:25:00.099224, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:25:00.099308, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:00.099387, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:25:00.099493, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2013/11/07 14:25:00.099593, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2013/11/07 14:25:00.099677, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (3->4) [2013/11/07 14:25:00.099775, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:25:00.099855, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:25:00.099939, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:00.100018, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:25:00.100121, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:25:00.100222, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2013/11/07 14:25:00.100304, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (4->5) [2013/11/07 14:25:00.100423, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:25:00.100507, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:25:00.100593, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:00.100673, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:25:00.100797, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2013/11/07 14:25:00.100880, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (5->6) [2013/11/07 14:25:00.100965, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:25:00.101045, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:25:00.101134, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:00.101213, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:25:00.101333, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2013/11/07 14:25:00.101416, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (6->7) [2013/11/07 14:25:00.101501, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:25:00.101597, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:25:00.101685, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:00.101764, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:25:00.101868, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:25:00.101971, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [sprinter1] [2013/11/07 14:25:00.102054, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (7->8) [2013/11/07 14:25:00.102139, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:00.102220, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:00.102308, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:00.102387, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:00.102514, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:00.102620, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:25:00.102706, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (8->7) [2013/11/07 14:25:00.102794, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (7->6) [2013/11/07 14:25:00.102877, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (6->5) [2013/11/07 14:25:00.102961, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (5->4) [2013/11/07 14:25:00.103044, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (4->3) [2013/11/07 14:25:00.103127, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (3->2) [2013/11/07 14:25:00.103227, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 C6 01 00 00 00 00 00 00 7B 52 AC 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:00.103379, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001c6-0000-0000-7b52-ac947f2c0000 result : WERR_OK [2013/11/07 14:25:00.103732, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey in: struct winreg_QueryInfoKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001c6-0000-0000-7b52-ac947f2c0000 classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL [2013/11/07 14:25:00.104205, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 C6 01 00 00 00 00 00 00 7B 52 AC 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:00.104363, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' (ops 0xb6d86bc0) [2013/11/07 14:25:00.104485, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:00.104606, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[0]: name[Attributes] len[4] [2013/11/07 14:25:00.104692, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[1]: name[Description] len[2] [2013/11/07 14:25:00.104776, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[2]: name[Datatype] len[8] [2013/11/07 14:25:00.104860, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[3]: name[Default Priority] len[4] [2013/11/07 14:25:00.104944, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[4]: name[Port] len[38] [2013/11/07 14:25:00.105029, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[5]: name[Name] len[20] [2013/11/07 14:25:00.105113, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[6]: name[Print Processor] len[18] [2013/11/07 14:25:00.105198, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[7]: name[Priority] len[4] [2013/11/07 14:25:00.105327, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[8]: name[Security] len[248] [2013/11/07 14:25:00.105414, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[9]: name[Share Name] len[20] [2013/11/07 14:25:00.105499, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[10]: name[StartTime] len[4] [2013/11/07 14:25:00.105585, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[11]: name[UntilTime] len[4] [2013/11/07 14:25:00.105670, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[12]: name[ChangeID] len[4] [2013/11/07 14:25:00.105759, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:00.105867, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey out: struct winreg_QueryInfoKey classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL num_subkeys : * num_subkeys : 0x00000003 (3) max_subkeylen : * max_subkeylen : 0x00000022 (34) max_classlen : * max_classlen : 0x00000000 (0) num_values : * num_values : 0x0000000d (13) max_valnamelen : * max_valnamelen : 0x00000022 (34) max_valbufsize : * max_valbufsize : 0x000000f8 (248) secdescsize : * secdescsize : 0x00000078 (120) last_changed_time : * last_changed_time : NTTIME(0) result : WERR_OK [2013/11/07 14:25:00.106855, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001c6-0000-0000-7b52-ac947f2c0000 enum_index : 0x00000000 (0) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:25:00.107714, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 C6 01 00 00 00 00 00 00 7B 52 AC 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:00.107865, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:00.107953, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0016 (22) size : 0x0024 (36) name : * name : 'Attributes' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x48 (72) [1] : 0x10 (16) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:25:00.108879, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001c6-0000-0000-7b52-ac947f2c0000 enum_index : 0x00000001 (1) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:25:00.109744, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 C6 01 00 00 00 00 00 00 7B 52 AC 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:00.109892, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:00.109979, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0018 (24) size : 0x0024 (36) name : * name : 'Description' type : * type : REG_SZ (1) value : * value: ARRAY(2) [0] : 0x00 (0) [1] : 0x00 (0) size : * size : 0x00000002 (2) length : * length : 0x00000002 (2) result : WERR_OK [2013/11/07 14:25:00.110782, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001c6-0000-0000-7b52-ac947f2c0000 enum_index : 0x00000002 (2) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:25:00.111631, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 C6 01 00 00 00 00 00 00 7B 52 AC 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:00.111780, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:00.111866, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Datatype' type : * type : REG_SZ (1) value : * value: ARRAY(8) [0] : 0x52 (82) [1] : 0x00 (0) [2] : 0x41 (65) [3] : 0x00 (0) [4] : 0x57 (87) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) size : * size : 0x00000008 (8) length : * length : 0x00000008 (8) result : WERR_OK [2013/11/07 14:25:00.112933, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001c6-0000-0000-7b52-ac947f2c0000 enum_index : 0x00000003 (3) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:25:00.113870, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 C6 01 00 00 00 00 00 00 7B 52 AC 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:00.114019, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:00.114105, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0022 (34) size : 0x0024 (36) name : * name : 'Default Priority' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:25:00.114975, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001c6-0000-0000-7b52-ac947f2c0000 enum_index : 0x00000004 (4) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:25:00.115834, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 C6 01 00 00 00 00 00 00 7B 52 AC 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:00.115985, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:00.116072, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x000a (10) size : 0x0024 (36) name : * name : 'Port' type : * type : REG_SZ (1) value : * value: ARRAY(38) [0] : 0x53 (83) [1] : 0x00 (0) [2] : 0x61 (97) [3] : 0x00 (0) [4] : 0x6d (109) [5] : 0x00 (0) [6] : 0x62 (98) [7] : 0x00 (0) [8] : 0x61 (97) [9] : 0x00 (0) [10] : 0x20 (32) [11] : 0x00 (0) [12] : 0x50 (80) [13] : 0x00 (0) [14] : 0x72 (114) [15] : 0x00 (0) [16] : 0x69 (105) [17] : 0x00 (0) [18] : 0x6e (110) [19] : 0x00 (0) [20] : 0x74 (116) [21] : 0x00 (0) [22] : 0x65 (101) [23] : 0x00 (0) [24] : 0x72 (114) [25] : 0x00 (0) [26] : 0x20 (32) [27] : 0x00 (0) [28] : 0x50 (80) [29] : 0x00 (0) [30] : 0x6f (111) [31] : 0x00 (0) [32] : 0x72 (114) [33] : 0x00 (0) [34] : 0x74 (116) [35] : 0x00 (0) [36] : 0x00 (0) [37] : 0x00 (0) size : * size : 0x00000026 (38) length : * length : 0x00000026 (38) result : WERR_OK [2013/11/07 14:25:00.118345, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001c6-0000-0000-7b52-ac947f2c0000 enum_index : 0x00000005 (5) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:25:00.119277, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 C6 01 00 00 00 00 00 00 7B 52 AC 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:00.119427, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:00.119515, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x000a (10) size : 0x0024 (36) name : * name : 'Name' type : * type : REG_SZ (1) value : * value: ARRAY(20) [0] : 0x73 (115) [1] : 0x00 (0) [2] : 0x70 (112) [3] : 0x00 (0) [4] : 0x72 (114) [5] : 0x00 (0) [6] : 0x69 (105) [7] : 0x00 (0) [8] : 0x6e (110) [9] : 0x00 (0) [10] : 0x74 (116) [11] : 0x00 (0) [12] : 0x65 (101) [13] : 0x00 (0) [14] : 0x72 (114) [15] : 0x00 (0) [16] : 0x31 (49) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) size : * size : 0x00000014 (20) length : * length : 0x00000014 (20) result : WERR_OK [2013/11/07 14:25:00.121130, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001c6-0000-0000-7b52-ac947f2c0000 enum_index : 0x00000006 (6) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:25:00.122016, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 C6 01 00 00 00 00 00 00 7B 52 AC 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:00.122165, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:00.122252, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0020 (32) size : 0x0024 (36) name : * name : 'Print Processor' type : * type : REG_SZ (1) value : * value: ARRAY(18) [0] : 0x77 (119) [1] : 0x00 (0) [2] : 0x69 (105) [3] : 0x00 (0) [4] : 0x6e (110) [5] : 0x00 (0) [6] : 0x70 (112) [7] : 0x00 (0) [8] : 0x72 (114) [9] : 0x00 (0) [10] : 0x69 (105) [11] : 0x00 (0) [12] : 0x6e (110) [13] : 0x00 (0) [14] : 0x74 (116) [15] : 0x00 (0) [16] : 0x00 (0) [17] : 0x00 (0) size : * size : 0x00000012 (18) length : * length : 0x00000012 (18) result : WERR_OK [2013/11/07 14:25:00.123659, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001c6-0000-0000-7b52-ac947f2c0000 enum_index : 0x00000007 (7) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:25:00.124558, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 C6 01 00 00 00 00 00 00 7B 52 AC 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:00.124707, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:00.124793, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Priority' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:25:00.125681, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001c6-0000-0000-7b52-ac947f2c0000 enum_index : 0x00000008 (8) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:25:00.126530, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 C6 01 00 00 00 00 00 00 7B 52 AC 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:00.126693, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:00.126780, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Security' type : * type : REG_BINARY (3) value : * value: ARRAY(248) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0xc4 (196) [55] : 0x00 (0) [56] : 0x07 (7) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x24 (36) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x05 (5) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x15 (21) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0xcd (205) [101] : 0x0e (14) [102] : 0x37 (55) [103] : 0x41 (65) [104] : 0xea (234) [105] : 0x03 (3) [106] : 0x00 (0) [107] : 0x1d (29) [108] : 0x0e (14) [109] : 0x89 (137) [110] : 0x3c (60) [111] : 0xd2 (210) [112] : 0x00 (0) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x02 (2) [118] : 0x24 (36) [119] : 0x00 (0) [120] : 0x0c (12) [121] : 0x00 (0) [122] : 0x0f (15) [123] : 0x10 (16) [124] : 0x01 (1) [125] : 0x05 (5) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x05 (5) [132] : 0x15 (21) [133] : 0x00 (0) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0xcd (205) [137] : 0x0e (14) [138] : 0x37 (55) [139] : 0x41 (65) [140] : 0xea (234) [141] : 0x03 (3) [142] : 0x00 (0) [143] : 0x1d (29) [144] : 0x0e (14) [145] : 0x89 (137) [146] : 0x3c (60) [147] : 0xd2 (210) [148] : 0x00 (0) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x09 (9) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x20 (32) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x02 (2) [178] : 0x18 (24) [179] : 0x00 (0) [180] : 0x0c (12) [181] : 0x00 (0) [182] : 0x0f (15) [183] : 0x10 (16) [184] : 0x01 (1) [185] : 0x02 (2) [186] : 0x00 (0) [187] : 0x00 (0) [188] : 0x00 (0) [189] : 0x00 (0) [190] : 0x00 (0) [191] : 0x05 (5) [192] : 0x20 (32) [193] : 0x00 (0) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x20 (32) [197] : 0x02 (2) [198] : 0x00 (0) [199] : 0x00 (0) [200] : 0x00 (0) [201] : 0x09 (9) [202] : 0x18 (24) [203] : 0x00 (0) [204] : 0x0c (12) [205] : 0x00 (0) [206] : 0x0f (15) [207] : 0x10 (16) [208] : 0x01 (1) [209] : 0x02 (2) [210] : 0x00 (0) [211] : 0x00 (0) [212] : 0x00 (0) [213] : 0x00 (0) [214] : 0x00 (0) [215] : 0x05 (5) [216] : 0x20 (32) [217] : 0x00 (0) [218] : 0x00 (0) [219] : 0x00 (0) [220] : 0x26 (38) [221] : 0x02 (2) [222] : 0x00 (0) [223] : 0x00 (0) [224] : 0x00 (0) [225] : 0x02 (2) [226] : 0x18 (24) [227] : 0x00 (0) [228] : 0x0c (12) [229] : 0x00 (0) [230] : 0x0f (15) [231] : 0x10 (16) [232] : 0x01 (1) [233] : 0x02 (2) [234] : 0x00 (0) [235] : 0x00 (0) [236] : 0x00 (0) [237] : 0x00 (0) [238] : 0x00 (0) [239] : 0x05 (5) [240] : 0x20 (32) [241] : 0x00 (0) [242] : 0x00 (0) [243] : 0x00 (0) [244] : 0x26 (38) [245] : 0x02 (2) [246] : 0x00 (0) [247] : 0x00 (0) size : * size : 0x000000f8 (248) length : * length : 0x000000f8 (248) result : WERR_OK [2013/11/07 14:25:00.137257, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001c6-0000-0000-7b52-ac947f2c0000 enum_index : 0x00000009 (9) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:25:00.138150, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 C6 01 00 00 00 00 00 00 7B 52 AC 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:00.138299, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:00.138386, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0016 (22) size : 0x0024 (36) name : * name : 'Share Name' type : * type : REG_SZ (1) value : * value: ARRAY(20) [0] : 0x73 (115) [1] : 0x00 (0) [2] : 0x70 (112) [3] : 0x00 (0) [4] : 0x72 (114) [5] : 0x00 (0) [6] : 0x69 (105) [7] : 0x00 (0) [8] : 0x6e (110) [9] : 0x00 (0) [10] : 0x74 (116) [11] : 0x00 (0) [12] : 0x65 (101) [13] : 0x00 (0) [14] : 0x72 (114) [15] : 0x00 (0) [16] : 0x31 (49) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) size : * size : 0x00000014 (20) length : * length : 0x00000014 (20) result : WERR_OK [2013/11/07 14:25:00.140021, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001c6-0000-0000-7b52-ac947f2c0000 enum_index : 0x0000000a (10) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:25:00.140923, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 C6 01 00 00 00 00 00 00 7B 52 AC 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:00.141073, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:00.141160, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0014 (20) size : 0x0024 (36) name : * name : 'StartTime' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:25:00.142069, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001c6-0000-0000-7b52-ac947f2c0000 enum_index : 0x0000000b (11) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:25:00.142917, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 C6 01 00 00 00 00 00 00 7B 52 AC 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:00.143065, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:00.143167, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0014 (20) size : 0x0024 (36) name : * name : 'UntilTime' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:25:00.144040, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001c6-0000-0000-7b52-ac947f2c0000 enum_index : 0x0000000c (12) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:25:00.144920, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 C6 01 00 00 00 00 00 00 7B 52 AC 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:00.145069, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:00.145155, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'ChangeID' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x33 (51) [1] : 0xac (172) [2] : 0x0e (14) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:25:00.146105, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001c6-0000-0000-7b52-ac947f2c0000 value_name : * value_name: struct winreg_String name_len : 0x0020 (32) name_size : 0x0020 (32) name : * name : 'Default DevMode' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2013/11/07 14:25:00.146875, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 C6 01 00 00 00 00 00 00 7B 52 AC 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:00.147027, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:00.147109, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2013/11/07 14:25:00.147198, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:316(_winreg_QueryValue) _winreg_QueryValue: reg_queryvalue failed with: WERR_BADFILE [2013/11/07 14:25:00.147278, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) result : WERR_BADFILE [2013/11/07 14:25:00.147736, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:25:00.148242, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2013/11/07 14:25:00.148325, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (2->3) [2013/11/07 14:25:00.148457, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2013/11/07 14:25:00.148537, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2013/11/07 14:25:00.148621, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:00.148700, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM] [2013/11/07 14:25:00.148824, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2013/11/07 14:25:00.148928, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:25:00.149017, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[3] [0000] 00 00 00 00 C7 01 00 00 00 00 00 00 7B 52 AC 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:00.149168, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001c7-0000-0000-7b52-ac947f2c0000 result : WERR_OK [2013/11/07 14:25:00.149526, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001c7-0000-0000-7b52-ac947f2c0000 keyname: struct winreg_String name_len : 0x008c (140) name_size : 0x008c (140) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:25:00.150522, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 C7 01 00 00 00 00 00 00 7B 52 AC 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:00.150674, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2013/11/07 14:25:00.150770, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (3->4) [2013/11/07 14:25:00.150854, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2013/11/07 14:25:00.150933, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2013/11/07 14:25:00.151017, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:00.151095, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE] [2013/11/07 14:25:00.151205, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2013/11/07 14:25:00.151305, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2013/11/07 14:25:00.151387, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (4->5) [2013/11/07 14:25:00.151470, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:25:00.151550, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:25:00.151633, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:00.151712, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:25:00.151817, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2013/11/07 14:25:00.151916, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2013/11/07 14:25:00.151999, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (5->6) [2013/11/07 14:25:00.152083, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:25:00.152162, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:25:00.152247, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:00.152326, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:25:00.152455, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:25:00.152570, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2013/11/07 14:25:00.152652, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (6->7) [2013/11/07 14:25:00.152737, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:25:00.152817, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:25:00.152902, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:00.152982, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:25:00.153107, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2013/11/07 14:25:00.153190, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (7->8) [2013/11/07 14:25:00.153299, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:25:00.153383, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:25:00.153471, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:00.153549, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:25:00.153661, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2013/11/07 14:25:00.153744, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (8->9) [2013/11/07 14:25:00.153829, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:25:00.153909, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:25:00.153997, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:00.154076, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:25:00.154179, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:25:00.154295, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [sprinter1] [2013/11/07 14:25:00.154378, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (9->10) [2013/11/07 14:25:00.154463, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:00.154544, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:00.154631, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:00.154709, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:00.154822, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:00.154923, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:25:00.155008, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (10->9) [2013/11/07 14:25:00.155091, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (9->8) [2013/11/07 14:25:00.155175, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (8->7) [2013/11/07 14:25:00.155257, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (7->6) [2013/11/07 14:25:00.155340, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (6->5) [2013/11/07 14:25:00.155422, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (5->4) [2013/11/07 14:25:00.155506, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[4] [0000] 00 00 00 00 C8 01 00 00 00 00 00 00 7B 52 AC 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:00.155655, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001c8-0000-0000-7b52-ac947f2c0000 result : WERR_OK [2013/11/07 14:25:00.156005, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001c8-0000-0000-7b52-ac947f2c0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2013/11/07 14:25:00.156823, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 C8 01 00 00 00 00 00 00 7B 52 AC 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:00.156972, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:00.157053, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2013/11/07 14:25:00.157136, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' (ops 0xb6d86bc0) [2013/11/07 14:25:00.157219, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:00.157345, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[0]: name[Attributes] len[4] [2013/11/07 14:25:00.157430, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[1]: name[Description] len[2] [2013/11/07 14:25:00.157514, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[2]: name[Datatype] len[8] [2013/11/07 14:25:00.157598, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[3]: name[Default Priority] len[4] [2013/11/07 14:25:00.157682, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[4]: name[Port] len[38] [2013/11/07 14:25:00.157767, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[5]: name[Name] len[20] [2013/11/07 14:25:00.157850, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[6]: name[Print Processor] len[18] [2013/11/07 14:25:00.157935, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[7]: name[Priority] len[4] [2013/11/07 14:25:00.158032, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[8]: name[Security] len[248] [2013/11/07 14:25:00.158118, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[9]: name[Share Name] len[20] [2013/11/07 14:25:00.158203, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[10]: name[StartTime] len[4] [2013/11/07 14:25:00.158288, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[11]: name[UntilTime] len[4] [2013/11/07 14:25:00.158374, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[12]: name[ChangeID] len[4] [2013/11/07 14:25:00.158461, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : NULL data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x00000000 (0) result : WERR_OK [2013/11/07 14:25:00.158914, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001c8-0000-0000-7b52-ac947f2c0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_BINARY (3) data : * data: ARRAY(0) data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x00000000 (0) [2013/11/07 14:25:00.159726, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 C8 01 00 00 00 00 00 00 7B 52 AC 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:00.159875, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:00.159956, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2013/11/07 14:25:00.160043, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : * data: ARRAY(248) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0xc4 (196) [55] : 0x00 (0) [56] : 0x07 (7) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x24 (36) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x05 (5) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x15 (21) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0xcd (205) [101] : 0x0e (14) [102] : 0x37 (55) [103] : 0x41 (65) [104] : 0xea (234) [105] : 0x03 (3) [106] : 0x00 (0) [107] : 0x1d (29) [108] : 0x0e (14) [109] : 0x89 (137) [110] : 0x3c (60) [111] : 0xd2 (210) [112] : 0x00 (0) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x02 (2) [118] : 0x24 (36) [119] : 0x00 (0) [120] : 0x0c (12) [121] : 0x00 (0) [122] : 0x0f (15) [123] : 0x10 (16) [124] : 0x01 (1) [125] : 0x05 (5) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x05 (5) [132] : 0x15 (21) [133] : 0x00 (0) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0xcd (205) [137] : 0x0e (14) [138] : 0x37 (55) [139] : 0x41 (65) [140] : 0xea (234) [141] : 0x03 (3) [142] : 0x00 (0) [143] : 0x1d (29) [144] : 0x0e (14) [145] : 0x89 (137) [146] : 0x3c (60) [147] : 0xd2 (210) [148] : 0x00 (0) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x09 (9) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x20 (32) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x02 (2) [178] : 0x18 (24) [179] : 0x00 (0) [180] : 0x0c (12) [181] : 0x00 (0) [182] : 0x0f (15) [183] : 0x10 (16) [184] : 0x01 (1) [185] : 0x02 (2) [186] : 0x00 (0) [187] : 0x00 (0) [188] : 0x00 (0) [189] : 0x00 (0) [190] : 0x00 (0) [191] : 0x05 (5) [192] : 0x20 (32) [193] : 0x00 (0) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x20 (32) [197] : 0x02 (2) [198] : 0x00 (0) [199] : 0x00 (0) [200] : 0x00 (0) [201] : 0x09 (9) [202] : 0x18 (24) [203] : 0x00 (0) [204] : 0x0c (12) [205] : 0x00 (0) [206] : 0x0f (15) [207] : 0x10 (16) [208] : 0x01 (1) [209] : 0x02 (2) [210] : 0x00 (0) [211] : 0x00 (0) [212] : 0x00 (0) [213] : 0x00 (0) [214] : 0x00 (0) [215] : 0x05 (5) [216] : 0x20 (32) [217] : 0x00 (0) [218] : 0x00 (0) [219] : 0x00 (0) [220] : 0x26 (38) [221] : 0x02 (2) [222] : 0x00 (0) [223] : 0x00 (0) [224] : 0x00 (0) [225] : 0x02 (2) [226] : 0x18 (24) [227] : 0x00 (0) [228] : 0x0c (12) [229] : 0x00 (0) [230] : 0x0f (15) [231] : 0x10 (16) [232] : 0x01 (1) [233] : 0x02 (2) [234] : 0x00 (0) [235] : 0x00 (0) [236] : 0x00 (0) [237] : 0x00 (0) [238] : 0x00 (0) [239] : 0x05 (5) [240] : 0x20 (32) [241] : 0x00 (0) [242] : 0x00 (0) [243] : 0x00 (0) [244] : 0x26 (38) [245] : 0x02 (2) [246] : 0x00 (0) [247] : 0x00 (0) data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x000000f8 (248) result : WERR_OK [2013/11/07 14:25:00.170375, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001c8-0000-0000-7b52-ac947f2c0000 [2013/11/07 14:25:00.170659, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 C8 01 00 00 00 00 00 00 7B 52 AC 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:00.170811, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 C8 01 00 00 00 00 00 00 7B 52 AC 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:00.170961, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:25:00.171048, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (4->3) [2013/11/07 14:25:00.171131, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:25:00.171482, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001c7-0000-0000-7b52-ac947f2c0000 [2013/11/07 14:25:00.171762, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 C7 01 00 00 00 00 00 00 7B 52 AC 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:00.171911, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 C7 01 00 00 00 00 00 00 7B 52 AC 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:00.172057, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:25:00.172140, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (3->2) [2013/11/07 14:25:00.172221, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:25:00.172588, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001c6-0000-0000-7b52-ac947f2c0000 [2013/11/07 14:25:00.172868, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 C6 01 00 00 00 00 00 00 7B 52 AC 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:00.173019, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 C6 01 00 00 00 00 00 00 7B 52 AC 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:00.173168, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:25:00.173258, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (2->1) [2013/11/07 14:25:00.173370, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:25:00.173719, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001c5-0000-0000-7b52-ac947f2c0000 [2013/11/07 14:25:00.173999, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 C5 01 00 00 00 00 00 00 7B 52 AC 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:00.174149, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 C5 01 00 00 00 00 00 00 7B 52 AC 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:00.174298, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:25:00.174380, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (1->0) [2013/11/07 14:25:00.174485, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:25:00.174824, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:416(close_policy_by_pipe) Deleted handle list for RPC connection \winreg [2013/11/07 14:25:00.175043, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) spoolss_GetPrinter: struct spoolss_GetPrinter out: struct spoolss_GetPrinter info : * info : union spoolss_PrinterInfo(case 2) info2: struct spoolss_PrinterInfo2 servername : * servername : '\\SLAVER' printername : * printername : '\\SLAVER\sprinter1' sharename : * sharename : 'sprinter1' portname : * portname : 'Samba Printer Port' drivername : * drivername : '' comment : * comment : '' location : * location : '' devmode : * devmode: struct spoolss_DeviceMode devicename : '\\SLAVER\sprinter1' specversion : DMSPEC_NT4_AND_ABOVE (1025) driverversion : 0x0400 (1024) size : 0x00dc (220) __driverextra_length : 0x0000 (0) fields : 0x00014713 (83731) 1: DEVMODE_ORIENTATION 1: DEVMODE_PAPERSIZE 0: DEVMODE_PAPERLENGTH 0: DEVMODE_PAPERWIDTH 1: DEVMODE_SCALE 0: DEVMODE_POSITION 0: DEVMODE_NUP 1: DEVMODE_COPIES 1: DEVMODE_DEFAULTSOURCE 1: DEVMODE_PRINTQUALITY 0: DEVMODE_COLOR 0: DEVMODE_DUPLEX 0: DEVMODE_YRESOLUTION 1: DEVMODE_TTOPTION 0: DEVMODE_COLLATE 1: DEVMODE_FORMNAME 0: DEVMODE_LOGPIXELS 0: DEVMODE_BITSPERPEL 0: DEVMODE_PELSWIDTH 0: DEVMODE_PELSHEIGHT 0: DEVMODE_DISPLAYFLAGS 0: DEVMODE_DISPLAYFREQUENCY 0: DEVMODE_ICMMETHOD 0: DEVMODE_ICMINTENT 0: DEVMODE_MEDIATYPE 0: DEVMODE_DITHERTYPE 0: DEVMODE_PANNINGWIDTH 0: DEVMODE_PANNINGHEIGHT orientation : DMORIENT_PORTRAIT (1) papersize : DMPAPER_LETTER (1) paperlength : 0x0000 (0) paperwidth : 0x0000 (0) scale : 0x0064 (100) copies : 0x0001 (1) defaultsource : DMBIN_FORMSOURCE (15) printquality : DMRES_HIGH (65532) color : DMRES_MONOCHROME (1) duplex : DMDUP_SIMPLEX (1) yresolution : 0x0000 (0) ttoption : DMTT_SUBDEV (3) collate : DMCOLLATE_FALSE (0) formname : 'Letter' logpixels : 0x0000 (0) bitsperpel : 0x00000000 (0) pelswidth : 0x00000000 (0) pelsheight : 0x00000000 (0) displayflags : UNKNOWN_ENUM_VALUE (0) displayfrequency : 0x00000000 (0) icmmethod : UNKNOWN_ENUM_VALUE (0) icmintent : UNKNOWN_ENUM_VALUE (0) mediatype : UNKNOWN_ENUM_VALUE (0) dithertype : UNKNOWN_ENUM_VALUE (0) reserved1 : 0x00000000 (0) reserved2 : 0x00000000 (0) panningwidth : 0x00000000 (0) panningheight : 0x00000000 (0) driverextra_data : DATA_BLOB length=0 sepfile : * sepfile : '' printprocessor : * printprocessor : 'winprint' datatype : * datatype : 'RAW' parameters : * parameters : '' secdesc : * secdesc: struct security_descriptor revision : SECURITY_DESCRIPTOR_REVISION_1 (1) type : 0x8004 (32772) 0: SEC_DESC_OWNER_DEFAULTED 0: SEC_DESC_GROUP_DEFAULTED 1: SEC_DESC_DACL_PRESENT 0: SEC_DESC_DACL_DEFAULTED 0: SEC_DESC_SACL_PRESENT 0: SEC_DESC_SACL_DEFAULTED 0: SEC_DESC_DACL_TRUSTED 0: SEC_DESC_SERVER_SECURITY 0: SEC_DESC_DACL_AUTO_INHERIT_REQ 0: SEC_DESC_SACL_AUTO_INHERIT_REQ 0: SEC_DESC_DACL_AUTO_INHERITED 0: SEC_DESC_SACL_AUTO_INHERITED 0: SEC_DESC_DACL_PROTECTED 0: SEC_DESC_SACL_PROTECTED 0: SEC_DESC_RM_CONTROL_VALID 1: SEC_DESC_SELF_RELATIVE owner_sid : * owner_sid : S-1-5-32-544 group_sid : * group_sid : S-1-5-32-544 sacl : NULL dacl : * dacl: struct security_acl revision : SECURITY_ACL_REVISION_NT4 (2) size : 0x00c4 (196) num_aces : 0x00000007 (7) aces: ARRAY(7) aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0014 (20) access_mask : 0x20020008 (537001992) object : union security_ace_object_ctr(case 0) trustee : S-1-1-0 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x09 (9) 1: SEC_ACE_FLAG_OBJECT_INHERIT 0: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 1: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0024 (36) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-21-1094127309-486540266-3527182606-512 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0024 (36) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-21-1094127309-486540266-3527182606-512 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x09 (9) 1: SEC_ACE_FLAG_OBJECT_INHERIT 0: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 1: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-544 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-544 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x09 (9) 1: SEC_ACE_FLAG_OBJECT_INHERIT 0: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 1: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-550 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-550 attributes : 0x00001048 (4168) 0: PRINTER_ATTRIBUTE_QUEUED 0: PRINTER_ATTRIBUTE_DIRECT 0: PRINTER_ATTRIBUTE_DEFAULT 1: PRINTER_ATTRIBUTE_SHARED 0: PRINTER_ATTRIBUTE_NETWORK 0: PRINTER_ATTRIBUTE_HIDDEN 1: PRINTER_ATTRIBUTE_LOCAL 0: PRINTER_ATTRIBUTE_ENABLE_DEVQ 0: PRINTER_ATTRIBUTE_KEEPPRINTEDJOBS 0: PRINTER_ATTRIBUTE_DO_COMPLETE_FIRST 0: PRINTER_ATTRIBUTE_WORK_OFFLINE 0: PRINTER_ATTRIBUTE_ENABLE_BIDI 1: PRINTER_ATTRIBUTE_RAW_ONLY 0: PRINTER_ATTRIBUTE_PUBLISHED 0: PRINTER_ATTRIBUTE_FAX 0: PRINTER_ATTRIBUTE_TS priority : 0x00000001 (1) defaultpriority : 0x00000001 (1) starttime : 0x00000000 (0) untiltime : 0x00000000 (0) status : 0x00000000 (0) 0: PRINTER_STATUS_PAUSED 0: PRINTER_STATUS_ERROR 0: PRINTER_STATUS_PENDING_DELETION 0: PRINTER_STATUS_PAPER_JAM 0: PRINTER_STATUS_PAPER_OUT 0: PRINTER_STATUS_MANUAL_FEED 0: PRINTER_STATUS_PAPER_PROBLEM 0: PRINTER_STATUS_OFFLINE 0: PRINTER_STATUS_IO_ACTIVE 0: PRINTER_STATUS_BUSY 0: PRINTER_STATUS_PRINTING 0: PRINTER_STATUS_OUTPUT_BIN_FULL 0: PRINTER_STATUS_NOT_AVAILABLE 0: PRINTER_STATUS_WAITING 0: PRINTER_STATUS_PROCESSING 0: PRINTER_STATUS_INITIALIZING 0: PRINTER_STATUS_WARMING_UP 0: PRINTER_STATUS_TONER_LOW 0: PRINTER_STATUS_NO_TONER 0: PRINTER_STATUS_PAGE_PUNT 0: PRINTER_STATUS_USER_INTERVENTION 0: PRINTER_STATUS_OUT_OF_MEMORY 0: PRINTER_STATUS_DOOR_OPEN 0: PRINTER_STATUS_SERVER_UNKNOWN 0: PRINTER_STATUS_POWER_SAVE cjobs : 0x00000000 (0) averageppm : 0x00000000 (0) needed : * needed : 0x000002f0 (752) result : WERR_OK [2013/11/07 14:25:00.186583, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1417(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2013/11/07 14:25:00.186715, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (2016, 5001) - sec_ctx_stack_ndx = 0 [2013/11/07 14:25:00.186805, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 4140 smbd_smb2_request_pending_queue: req->current_idx = 1 req->in.vector[0].iov_len = 0 req->in.vector[1].iov_len = 0 req->in.vector[2].iov_len = 64 req->in.vector[3].iov_len = 56 req->in.vector[4].iov_len = 4156 req->out.vector[0].iov_len = 4 req->out.vector[1].iov_len = 0 req->out.vector[2].iov_len = 64 req->out.vector[3].iov_len = 8 req->out.vector[4].iov_len = 0 [2013/11/07 14:25:00.187310, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:128(smbd_smb2_ioctl_pipe_write_done) smbd_smb2_ioctl_pipe_write_done: received 4156 [2013/11/07 14:25:00.187395, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:149(smbd_smb2_ioctl_pipe_write_done) smbd_smb2_ioctl_pipe_write_done: issuing np_read_send of size 4136 [2013/11/07 14:25:00.187480, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) name: \spoolss len: 4136 [2013/11/07 14:25:00.187578, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:347(read_from_internal_pipe) read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 4112. [2013/11/07 14:25:00.187677, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x1028 (4136) auth_length : 0x0000 (0) call_id : 0x0000000c (12) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00001010 (4112) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=4112 [0000] 04 00 02 00 00 10 00 00 EE 0F 00 00 C8 0F 00 00 ........ ........ [0010] B4 0F 00 00 8E 0F 00 00 8C 0F 00 00 8A 0F 00 00 ........ ........ [0020] 88 0F 00 00 8C 0E 00 00 86 0F 00 00 74 0F 00 00 ........ ....t... [0030] 6C 0F 00 00 6A 0F 00 00 94 0D 00 00 48 10 00 00 l...j... ....H... [0040] 01 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 01 00 04 80 ........ ........ [0DA0] D8 00 00 00 E8 00 00 00 00 00 00 00 14 00 00 00 ........ ........ [0DB0] 02 00 C4 00 07 00 00 00 00 02 14 00 08 00 02 20 ........ ....... [0DC0] 01 01 00 00 00 00 00 01 00 00 00 00 00 09 24 00 ........ ......$. [0DD0] 0C 00 0F 10 01 05 00 00 00 00 00 05 15 00 00 00 ........ ........ [0DE0] CD 0E 37 41 EA 03 00 1D 0E 89 3C D2 00 02 00 00 ..7A.... ..<..... [0DF0] 00 02 24 00 0C 00 0F 10 01 05 00 00 00 00 00 05 ..$..... ........ [0E00] 15 00 00 00 CD 0E 37 41 EA 03 00 1D 0E 89 3C D2 ......7A ......<. [0E10] 00 02 00 00 00 09 18 00 0C 00 0F 10 01 02 00 00 ........ ........ [0E20] 00 00 00 05 20 00 00 00 20 02 00 00 00 02 18 00 .... ... ....... [0E30] 0C 00 0F 10 01 02 00 00 00 00 00 05 20 00 00 00 ........ .... ... [0E40] 20 02 00 00 00 09 18 00 0C 00 0F 10 01 02 00 00 ....... ........ [0E50] 00 00 00 05 20 00 00 00 26 02 00 00 00 02 18 00 .... ... &....... [0E60] 0C 00 0F 10 01 02 00 00 00 00 00 05 20 00 00 00 ........ .... ... [0E70] 26 02 00 00 01 02 00 00 00 00 00 05 20 00 00 00 &....... .... ... [0E80] 20 02 00 00 01 02 00 00 00 00 00 05 20 00 00 00 ....... .... ... [0E90] 20 02 00 00 5C 00 5C 00 53 00 4C 00 41 00 56 00 ...\.\. S.L.A.V. [0EA0] 45 00 52 00 5C 00 73 00 70 00 72 00 69 00 6E 00 E.R.\.s. p.r.i.n. [0EB0] 74 00 65 00 72 00 31 00 00 00 00 00 00 00 00 00 t.e.r.1. ........ [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0ED0] 00 00 00 00 01 04 00 04 DC 00 00 00 13 47 01 00 ........ .....G.. [0EE0] 01 00 01 00 00 00 00 00 64 00 01 00 0F 00 FC FF ........ d....... [0EF0] 01 00 01 00 00 00 03 00 00 00 4C 00 65 00 74 00 ........ ..L.e.t. [0F00] 74 00 65 00 72 00 00 00 00 00 00 00 00 00 00 00 t.e.r... ........ [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F70] 00 00 00 00 52 00 41 00 57 00 00 00 77 00 69 00 ....R.A. W...w.i. [0F80] 6E 00 70 00 72 00 69 00 6E 00 74 00 00 00 00 00 n.p.r.i. n.t..... [0F90] 00 00 00 00 00 00 53 00 61 00 6D 00 62 00 61 00 ......S. a.m.b.a. [0FA0] 20 00 50 00 72 00 69 00 6E 00 74 00 65 00 72 00 .P.r.i. n.t.e.r. [0FB0] 20 00 50 00 6F 00 72 00 74 00 00 00 73 00 70 00 .P.o.r. t...s.p. [0FC0] 72 00 69 00 6E 00 74 00 65 00 72 00 31 00 00 00 r.i.n.t. e.r.1... [0FD0] 5C 00 5C 00 53 00 4C 00 41 00 56 00 45 00 52 00 \.\.S.L. A.V.E.R. [0FE0] 5C 00 73 00 70 00 72 00 69 00 6E 00 74 00 65 00 \.s.p.r. i.n.t.e. [0FF0] 72 00 31 00 00 00 5C 00 5C 00 53 00 4C 00 41 00 r.1...\. \.S.L.A. [1000] 56 00 45 00 52 00 00 00 F0 02 00 00 00 00 00 00 V.E.R... ........ [2013/11/07 14:25:00.206570, 3, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) free_pipe_context: destroying talloc pool of size 1258 [2013/11/07 14:25:00.206696, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 4136 bytes. There is no more data outstanding [2013/11/07 14:25:00.206777, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:178(smbd_smb2_ioctl_pipe_read_done) smbd_smb2_ioctl_pipe_read_done: np_read_recv nread = 4136 is_data_outstanding = 0, status = NT_STATUS_OK [2013/11/07 14:25:00.206869, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl.c:291(smbd_smb2_request_ioctl_done) smbd_smb2_request_ioctl_done: smbd_smb2_ioctl_recv returned 4136 status NT_STATUS_OK [2013/11/07 14:25:00.206953, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[48] dyn[yes:4136] at ../source3/smbd/smb2_ioctl.c:358 [2013/11/07 14:25:00.207040, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/253/127 [2013/11/07 14:25:00.207316, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) smbd_smb2_request_incoming: idx[1] of 5 vectors [2013/11/07 14:25:00.207425, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) smb2_validate_sequence_number: clearing id 253 (position 253) from bitmap [2013/11/07 14:25:00.207510, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) smbd_smb2_request_dispatch: opcode[SMB2_OP_IOCTL] mid = 253 [2013/11/07 14:25:00.207619, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2013/11/07 14:25:00.207713, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) mid 253, CreditCharge: 1, NeededCharge: 1 [2013/11/07 14:25:00.207796, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl.c:394(smbd_smb2_ioctl_send) smbd_smb2_ioctl: ctl_code[0x0011c017] spoolss, fnum 736039724 [2013/11/07 14:25:00.207886, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:59(smb2_ioctl_named_pipe) smbd_smb2_ioctl_send: np_write_send of size 4156 [2013/11/07 14:25:00.207986, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 4156 [2013/11/07 14:25:00.208068, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 4156 [2013/11/07 14:25:00.208150, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 4156 [2013/11/07 14:25:00.208232, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) fill_rpc_header: data_to_copy = 4156, len_needed_to_complete_hdr = 16, receive_len = 0 [2013/11/07 14:25:00.208314, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 16 [2013/11/07 14:25:00.208488, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 4140 [2013/11/07 14:25:00.208568, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 4140 [2013/11/07 14:25:00.208654, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 0 [2013/11/07 14:25:00.208734, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 4140 [2013/11/07 14:25:00.208813, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 4140, incoming data = 4140 [2013/11/07 14:25:00.208898, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) PDU is in Little Endian format! [2013/11/07 14:25:00.208994, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x103c (4156) auth_length : 0x0000 (0) call_id : 0x00000003 (3) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x00001024 (4132) context_id : 0x0000 (0) opnum : 0x0008 (8) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=4132 [0000] 00 00 00 00 AF 01 00 00 00 00 00 00 7B 52 AB 94 ........ ....{R.. [0010] 7F 2C 00 00 02 00 00 00 00 00 02 00 00 10 00 00 .,...... ........ [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1020] 00 10 00 00 .... [2013/11/07 14:25:00.227532, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) Processing packet type 0 [2013/11/07 14:25:00.227619, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1472(dcesrv_auth_request) Checking request auth. [2013/11/07 14:25:00.227713, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(2016, 5001) : sec_ctx_stack_ndx = 1 [2013/11/07 14:25:00.227818, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (2016, 5001) - sec_ctx_stack_ndx = 1 [2013/11/07 14:25:00.227903, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (7): SID[ 0]: S-1-5-21-1094127309-486540266-3527182606-1118 SID[ 1]: S-1-5-21-1094127309-486540266-3527182606-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-32-545 SID[ 6]: S-1-5-32-554 Privileges (0x 800000): Privilege[ 0]: SeChangeNotifyPrivilege Rights (0x 400): Right[ 0]: SeRemoteInteractiveLogonRight [2013/11/07 14:25:00.228411, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 2016 Primary group is 5001 and contains 6 supplementary groups Group[ 0]: 5001 Group[ 1]: 5012 Group[ 2]: 5032 Group[ 3]: 5010 Group[ 4]: 5067 Group[ 5]: 5052 [2013/11/07 14:25:00.228764, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1324(api_pipe_request) Requested \spoolss rpc service [2013/11/07 14:25:00.228852, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1356(api_rpcTNP) api_rpcTNP: \spoolss op 0x8 - api_rpcTNP: rpc command: SPOOLSS_GETPRINTER [2013/11/07 14:25:00.228938, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1390(api_rpcTNP) api_rpc_cmds[8].fn == 0xb766e000 [2013/11/07 14:25:00.229028, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) spoolss_GetPrinter: struct spoolss_GetPrinter in: struct spoolss_GetPrinter handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001af-0000-0000-7b52-ab947f2c0000 level : 0x00000002 (2) buffer : * buffer : DATA_BLOB length=4096 [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ offered : 0x00001000 (4096) [2013/11/07 14:25:00.246308, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[1] [0000] 00 00 00 00 AF 01 00 00 00 00 00 00 7B 52 AB 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:00.246473, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[1] [0000] 00 00 00 00 AF 01 00 00 00 00 00 00 7B 52 AB 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:00.246621, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:489(get_printer_snum) short name:sprinter1 [2013/11/07 14:25:00.246809, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) Create pipe requested \winreg [2013/11/07 14:25:00.246907, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:221(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \winreg [2013/11/07 14:25:00.246990, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg [2013/11/07 14:25:00.247137, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) Created internal pipe \winreg [2013/11/07 14:25:00.247256, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:25:00.247780, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2013/11/07 14:25:00.247867, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(2016, 5001) : sec_ctx_stack_ndx = 2 [2013/11/07 14:25:00.247956, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:485(push_conn_ctx) push_conn_ctx(2620291195) : conn_ctx_stack_ndx = 0 [2013/11/07 14:25:00.248038, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/11/07 14:25:00.248118, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/11/07 14:25:00.248199, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/11/07 14:25:00.248515, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (2016, 5001) - sec_ctx_stack_ndx = 1 [2013/11/07 14:25:00.248605, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:866(regdb_open) regdb_open: registry db opened. refcount reset (1) [2013/11/07 14:25:00.248692, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2013/11/07 14:25:00.248772, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2013/11/07 14:25:00.248856, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:00.248936, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM] [2013/11/07 14:25:00.249065, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2013/11/07 14:25:00.249169, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:25:00.249258, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 C9 01 00 00 00 00 00 00 7B 52 AC 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:00.249448, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001c9-0000-0000-7b52-ac947f2c0000 result : WERR_OK [2013/11/07 14:25:00.249821, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001c9-0000-0000-7b52-ac947f2c0000 keyname: struct winreg_String name_len : 0x008c (140) name_size : 0x008c (140) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:25:00.250837, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 C9 01 00 00 00 00 00 00 7B 52 AC 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:00.250993, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2013/11/07 14:25:00.251075, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (1->2) [2013/11/07 14:25:00.251159, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2013/11/07 14:25:00.251238, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2013/11/07 14:25:00.251324, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:00.251404, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE] [2013/11/07 14:25:00.251517, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2013/11/07 14:25:00.251619, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2013/11/07 14:25:00.251701, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (2->3) [2013/11/07 14:25:00.251786, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:25:00.251865, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:25:00.251949, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:00.252028, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:25:00.252148, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2013/11/07 14:25:00.252247, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2013/11/07 14:25:00.252331, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (3->4) [2013/11/07 14:25:00.252458, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:25:00.252539, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:25:00.252623, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:00.252702, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:25:00.252805, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:25:00.252907, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2013/11/07 14:25:00.252989, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (4->5) [2013/11/07 14:25:00.253074, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:25:00.253153, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:25:00.253239, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:00.253329, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:25:00.253453, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2013/11/07 14:25:00.253536, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (5->6) [2013/11/07 14:25:00.253621, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:25:00.253701, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:25:00.253789, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:00.253882, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:25:00.253990, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2013/11/07 14:25:00.254072, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (6->7) [2013/11/07 14:25:00.254157, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:25:00.254238, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:25:00.254326, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:00.254404, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:25:00.254509, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:25:00.254611, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [sprinter1] [2013/11/07 14:25:00.254694, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (7->8) [2013/11/07 14:25:00.254780, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:00.254860, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:00.254947, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:00.255026, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:00.255153, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:00.255258, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:25:00.255344, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (8->7) [2013/11/07 14:25:00.255427, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (7->6) [2013/11/07 14:25:00.255524, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (6->5) [2013/11/07 14:25:00.255608, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (5->4) [2013/11/07 14:25:00.255690, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (4->3) [2013/11/07 14:25:00.255773, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (3->2) [2013/11/07 14:25:00.255857, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 CA 01 00 00 00 00 00 00 7B 52 AC 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:00.256007, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001ca-0000-0000-7b52-ac947f2c0000 result : WERR_OK [2013/11/07 14:25:00.256357, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey in: struct winreg_QueryInfoKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001ca-0000-0000-7b52-ac947f2c0000 classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL [2013/11/07 14:25:00.256869, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 CA 01 00 00 00 00 00 00 7B 52 AC 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:00.257026, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' (ops 0xb6d86bc0) [2013/11/07 14:25:00.257109, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:00.257229, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[0]: name[Attributes] len[4] [2013/11/07 14:25:00.257325, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[1]: name[Description] len[2] [2013/11/07 14:25:00.257409, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[2]: name[Datatype] len[8] [2013/11/07 14:25:00.257493, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[3]: name[Default Priority] len[4] [2013/11/07 14:25:00.257592, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[4]: name[Port] len[38] [2013/11/07 14:25:00.257676, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[5]: name[Name] len[20] [2013/11/07 14:25:00.257761, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[6]: name[Print Processor] len[18] [2013/11/07 14:25:00.257845, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[7]: name[Priority] len[4] [2013/11/07 14:25:00.257930, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[8]: name[Security] len[248] [2013/11/07 14:25:00.258016, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[9]: name[Share Name] len[20] [2013/11/07 14:25:00.258101, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[10]: name[StartTime] len[4] [2013/11/07 14:25:00.258187, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[11]: name[UntilTime] len[4] [2013/11/07 14:25:00.258272, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[12]: name[ChangeID] len[4] [2013/11/07 14:25:00.258357, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:00.258463, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey out: struct winreg_QueryInfoKey classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL num_subkeys : * num_subkeys : 0x00000003 (3) max_subkeylen : * max_subkeylen : 0x00000022 (34) max_classlen : * max_classlen : 0x00000000 (0) num_values : * num_values : 0x0000000d (13) max_valnamelen : * max_valnamelen : 0x00000022 (34) max_valbufsize : * max_valbufsize : 0x000000f8 (248) secdescsize : * secdescsize : 0x00000078 (120) last_changed_time : * last_changed_time : NTTIME(0) result : WERR_OK [2013/11/07 14:25:00.259450, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001ca-0000-0000-7b52-ac947f2c0000 enum_index : 0x00000000 (0) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:25:00.260311, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 CA 01 00 00 00 00 00 00 7B 52 AC 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:00.260497, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:00.260586, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0016 (22) size : 0x0024 (36) name : * name : 'Attributes' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x48 (72) [1] : 0x10 (16) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:25:00.261489, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001ca-0000-0000-7b52-ac947f2c0000 enum_index : 0x00000001 (1) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:25:00.262339, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 CA 01 00 00 00 00 00 00 7B 52 AC 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:00.262503, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:00.262590, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0018 (24) size : 0x0024 (36) name : * name : 'Description' type : * type : REG_SZ (1) value : * value: ARRAY(2) [0] : 0x00 (0) [1] : 0x00 (0) size : * size : 0x00000002 (2) length : * length : 0x00000002 (2) result : WERR_OK [2013/11/07 14:25:00.263378, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001ca-0000-0000-7b52-ac947f2c0000 enum_index : 0x00000002 (2) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:25:00.264224, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 CA 01 00 00 00 00 00 00 7B 52 AC 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:00.264372, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:00.264487, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Datatype' type : * type : REG_SZ (1) value : * value: ARRAY(8) [0] : 0x52 (82) [1] : 0x00 (0) [2] : 0x41 (65) [3] : 0x00 (0) [4] : 0x57 (87) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) size : * size : 0x00000008 (8) length : * length : 0x00000008 (8) result : WERR_OK [2013/11/07 14:25:00.265549, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001ca-0000-0000-7b52-ac947f2c0000 enum_index : 0x00000003 (3) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:25:00.266396, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 CA 01 00 00 00 00 00 00 7B 52 AC 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:00.266544, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:00.266630, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0022 (34) size : 0x0024 (36) name : * name : 'Default Priority' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:25:00.267501, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001ca-0000-0000-7b52-ac947f2c0000 enum_index : 0x00000004 (4) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:25:00.268359, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 CA 01 00 00 00 00 00 00 7B 52 AC 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:00.268619, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:00.268712, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x000a (10) size : 0x0024 (36) name : * name : 'Port' type : * type : REG_SZ (1) value : * value: ARRAY(38) [0] : 0x53 (83) [1] : 0x00 (0) [2] : 0x61 (97) [3] : 0x00 (0) [4] : 0x6d (109) [5] : 0x00 (0) [6] : 0x62 (98) [7] : 0x00 (0) [8] : 0x61 (97) [9] : 0x00 (0) [10] : 0x20 (32) [11] : 0x00 (0) [12] : 0x50 (80) [13] : 0x00 (0) [14] : 0x72 (114) [15] : 0x00 (0) [16] : 0x69 (105) [17] : 0x00 (0) [18] : 0x6e (110) [19] : 0x00 (0) [20] : 0x74 (116) [21] : 0x00 (0) [22] : 0x65 (101) [23] : 0x00 (0) [24] : 0x72 (114) [25] : 0x00 (0) [26] : 0x20 (32) [27] : 0x00 (0) [28] : 0x50 (80) [29] : 0x00 (0) [30] : 0x6f (111) [31] : 0x00 (0) [32] : 0x72 (114) [33] : 0x00 (0) [34] : 0x74 (116) [35] : 0x00 (0) [36] : 0x00 (0) [37] : 0x00 (0) size : * size : 0x00000026 (38) length : * length : 0x00000026 (38) result : WERR_OK [2013/11/07 14:25:00.270944, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001ca-0000-0000-7b52-ac947f2c0000 enum_index : 0x00000005 (5) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:25:00.271787, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 CA 01 00 00 00 00 00 00 7B 52 AC 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:00.271936, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:00.272023, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x000a (10) size : 0x0024 (36) name : * name : 'Name' type : * type : REG_SZ (1) value : * value: ARRAY(20) [0] : 0x73 (115) [1] : 0x00 (0) [2] : 0x70 (112) [3] : 0x00 (0) [4] : 0x72 (114) [5] : 0x00 (0) [6] : 0x69 (105) [7] : 0x00 (0) [8] : 0x6e (110) [9] : 0x00 (0) [10] : 0x74 (116) [11] : 0x00 (0) [12] : 0x65 (101) [13] : 0x00 (0) [14] : 0x72 (114) [15] : 0x00 (0) [16] : 0x31 (49) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) size : * size : 0x00000014 (20) length : * length : 0x00000014 (20) result : WERR_OK [2013/11/07 14:25:00.273589, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001ca-0000-0000-7b52-ac947f2c0000 enum_index : 0x00000006 (6) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:25:00.274439, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 CA 01 00 00 00 00 00 00 7B 52 AC 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:00.274588, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:00.274674, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0020 (32) size : 0x0024 (36) name : * name : 'Print Processor' type : * type : REG_SZ (1) value : * value: ARRAY(18) [0] : 0x77 (119) [1] : 0x00 (0) [2] : 0x69 (105) [3] : 0x00 (0) [4] : 0x6e (110) [5] : 0x00 (0) [6] : 0x70 (112) [7] : 0x00 (0) [8] : 0x72 (114) [9] : 0x00 (0) [10] : 0x69 (105) [11] : 0x00 (0) [12] : 0x6e (110) [13] : 0x00 (0) [14] : 0x74 (116) [15] : 0x00 (0) [16] : 0x00 (0) [17] : 0x00 (0) size : * size : 0x00000012 (18) length : * length : 0x00000012 (18) result : WERR_OK [2013/11/07 14:25:00.276095, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001ca-0000-0000-7b52-ac947f2c0000 enum_index : 0x00000007 (7) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:25:00.276979, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 CA 01 00 00 00 00 00 00 7B 52 AC 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:00.277129, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:00.277215, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Priority' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:25:00.278105, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001ca-0000-0000-7b52-ac947f2c0000 enum_index : 0x00000008 (8) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:25:00.278971, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 CA 01 00 00 00 00 00 00 7B 52 AC 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:00.279122, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:00.279209, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Security' type : * type : REG_BINARY (3) value : * value: ARRAY(248) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0xc4 (196) [55] : 0x00 (0) [56] : 0x07 (7) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x24 (36) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x05 (5) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x15 (21) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0xcd (205) [101] : 0x0e (14) [102] : 0x37 (55) [103] : 0x41 (65) [104] : 0xea (234) [105] : 0x03 (3) [106] : 0x00 (0) [107] : 0x1d (29) [108] : 0x0e (14) [109] : 0x89 (137) [110] : 0x3c (60) [111] : 0xd2 (210) [112] : 0x00 (0) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x02 (2) [118] : 0x24 (36) [119] : 0x00 (0) [120] : 0x0c (12) [121] : 0x00 (0) [122] : 0x0f (15) [123] : 0x10 (16) [124] : 0x01 (1) [125] : 0x05 (5) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x05 (5) [132] : 0x15 (21) [133] : 0x00 (0) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0xcd (205) [137] : 0x0e (14) [138] : 0x37 (55) [139] : 0x41 (65) [140] : 0xea (234) [141] : 0x03 (3) [142] : 0x00 (0) [143] : 0x1d (29) [144] : 0x0e (14) [145] : 0x89 (137) [146] : 0x3c (60) [147] : 0xd2 (210) [148] : 0x00 (0) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x09 (9) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x20 (32) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x02 (2) [178] : 0x18 (24) [179] : 0x00 (0) [180] : 0x0c (12) [181] : 0x00 (0) [182] : 0x0f (15) [183] : 0x10 (16) [184] : 0x01 (1) [185] : 0x02 (2) [186] : 0x00 (0) [187] : 0x00 (0) [188] : 0x00 (0) [189] : 0x00 (0) [190] : 0x00 (0) [191] : 0x05 (5) [192] : 0x20 (32) [193] : 0x00 (0) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x20 (32) [197] : 0x02 (2) [198] : 0x00 (0) [199] : 0x00 (0) [200] : 0x00 (0) [201] : 0x09 (9) [202] : 0x18 (24) [203] : 0x00 (0) [204] : 0x0c (12) [205] : 0x00 (0) [206] : 0x0f (15) [207] : 0x10 (16) [208] : 0x01 (1) [209] : 0x02 (2) [210] : 0x00 (0) [211] : 0x00 (0) [212] : 0x00 (0) [213] : 0x00 (0) [214] : 0x00 (0) [215] : 0x05 (5) [216] : 0x20 (32) [217] : 0x00 (0) [218] : 0x00 (0) [219] : 0x00 (0) [220] : 0x26 (38) [221] : 0x02 (2) [222] : 0x00 (0) [223] : 0x00 (0) [224] : 0x00 (0) [225] : 0x02 (2) [226] : 0x18 (24) [227] : 0x00 (0) [228] : 0x0c (12) [229] : 0x00 (0) [230] : 0x0f (15) [231] : 0x10 (16) [232] : 0x01 (1) [233] : 0x02 (2) [234] : 0x00 (0) [235] : 0x00 (0) [236] : 0x00 (0) [237] : 0x00 (0) [238] : 0x00 (0) [239] : 0x05 (5) [240] : 0x20 (32) [241] : 0x00 (0) [242] : 0x00 (0) [243] : 0x00 (0) [244] : 0x26 (38) [245] : 0x02 (2) [246] : 0x00 (0) [247] : 0x00 (0) size : * size : 0x000000f8 (248) length : * length : 0x000000f8 (248) result : WERR_OK [2013/11/07 14:25:00.289780, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001ca-0000-0000-7b52-ac947f2c0000 enum_index : 0x00000009 (9) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:25:00.290649, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 CA 01 00 00 00 00 00 00 7B 52 AC 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:00.290799, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:00.290889, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0016 (22) size : 0x0024 (36) name : * name : 'Share Name' type : * type : REG_SZ (1) value : * value: ARRAY(20) [0] : 0x73 (115) [1] : 0x00 (0) [2] : 0x70 (112) [3] : 0x00 (0) [4] : 0x72 (114) [5] : 0x00 (0) [6] : 0x69 (105) [7] : 0x00 (0) [8] : 0x6e (110) [9] : 0x00 (0) [10] : 0x74 (116) [11] : 0x00 (0) [12] : 0x65 (101) [13] : 0x00 (0) [14] : 0x72 (114) [15] : 0x00 (0) [16] : 0x31 (49) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) size : * size : 0x00000014 (20) length : * length : 0x00000014 (20) result : WERR_OK [2013/11/07 14:25:00.292418, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001ca-0000-0000-7b52-ac947f2c0000 enum_index : 0x0000000a (10) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:25:00.293311, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 CA 01 00 00 00 00 00 00 7B 52 AC 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:00.293461, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:00.293547, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0014 (20) size : 0x0024 (36) name : * name : 'StartTime' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:25:00.294426, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001ca-0000-0000-7b52-ac947f2c0000 enum_index : 0x0000000b (11) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:25:00.295288, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 CA 01 00 00 00 00 00 00 7B 52 AC 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:00.295437, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:00.295524, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0014 (20) size : 0x0024 (36) name : * name : 'UntilTime' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:25:00.296422, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001ca-0000-0000-7b52-ac947f2c0000 enum_index : 0x0000000c (12) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:25:00.297320, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 CA 01 00 00 00 00 00 00 7B 52 AC 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:00.297471, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:00.297561, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'ChangeID' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x33 (51) [1] : 0xac (172) [2] : 0x0e (14) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:25:00.298500, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001ca-0000-0000-7b52-ac947f2c0000 value_name : * value_name: struct winreg_String name_len : 0x0020 (32) name_size : 0x0020 (32) name : * name : 'Default DevMode' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2013/11/07 14:25:00.299276, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 CA 01 00 00 00 00 00 00 7B 52 AC 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:00.299429, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:00.299512, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2013/11/07 14:25:00.299601, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:316(_winreg_QueryValue) _winreg_QueryValue: reg_queryvalue failed with: WERR_BADFILE [2013/11/07 14:25:00.299683, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) result : WERR_BADFILE [2013/11/07 14:25:00.300145, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:25:00.300700, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2013/11/07 14:25:00.300783, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (2->3) [2013/11/07 14:25:00.300869, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2013/11/07 14:25:00.300949, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2013/11/07 14:25:00.301034, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:00.301113, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM] [2013/11/07 14:25:00.301237, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2013/11/07 14:25:00.301369, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:25:00.301459, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[3] [0000] 00 00 00 00 CB 01 00 00 00 00 00 00 7B 52 AC 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:00.301610, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001cb-0000-0000-7b52-ac947f2c0000 result : WERR_OK [2013/11/07 14:25:00.301958, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001cb-0000-0000-7b52-ac947f2c0000 keyname: struct winreg_String name_len : 0x008c (140) name_size : 0x008c (140) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:25:00.302973, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 CB 01 00 00 00 00 00 00 7B 52 AC 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:00.303125, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2013/11/07 14:25:00.303207, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (3->4) [2013/11/07 14:25:00.303291, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2013/11/07 14:25:00.303371, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2013/11/07 14:25:00.303455, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:00.303534, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE] [2013/11/07 14:25:00.303644, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2013/11/07 14:25:00.303744, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2013/11/07 14:25:00.303826, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (4->5) [2013/11/07 14:25:00.303910, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:25:00.303990, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:25:00.304074, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:00.304152, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:25:00.304258, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2013/11/07 14:25:00.304358, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2013/11/07 14:25:00.304470, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (5->6) [2013/11/07 14:25:00.304554, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:25:00.304635, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:25:00.304734, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:00.304813, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:25:00.304916, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:25:00.305017, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2013/11/07 14:25:00.305099, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (6->7) [2013/11/07 14:25:00.305184, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:25:00.305264, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:25:00.305378, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:00.305458, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:25:00.305583, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2013/11/07 14:25:00.305666, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (7->8) [2013/11/07 14:25:00.305752, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:25:00.305832, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:25:00.305920, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:00.305999, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:25:00.306107, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2013/11/07 14:25:00.306190, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (8->9) [2013/11/07 14:25:00.306275, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:25:00.306357, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:25:00.306459, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:00.306538, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:25:00.306642, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:25:00.306745, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [sprinter1] [2013/11/07 14:25:00.306828, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (9->10) [2013/11/07 14:25:00.306913, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:00.306994, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:00.307082, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:00.307161, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:00.307274, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:00.307375, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:25:00.307460, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (10->9) [2013/11/07 14:25:00.307543, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (9->8) [2013/11/07 14:25:00.307628, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (8->7) [2013/11/07 14:25:00.307711, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (7->6) [2013/11/07 14:25:00.307794, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (6->5) [2013/11/07 14:25:00.307877, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (5->4) [2013/11/07 14:25:00.307962, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[4] [0000] 00 00 00 00 CC 01 00 00 00 00 00 00 7B 52 AC 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:00.308124, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001cc-0000-0000-7b52-ac947f2c0000 result : WERR_OK [2013/11/07 14:25:00.308506, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001cc-0000-0000-7b52-ac947f2c0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2013/11/07 14:25:00.309324, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 CC 01 00 00 00 00 00 00 7B 52 AC 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:00.309476, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:00.309558, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2013/11/07 14:25:00.309640, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' (ops 0xb6d86bc0) [2013/11/07 14:25:00.309724, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:00.309837, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[0]: name[Attributes] len[4] [2013/11/07 14:25:00.309922, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[1]: name[Description] len[2] [2013/11/07 14:25:00.310006, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[2]: name[Datatype] len[8] [2013/11/07 14:25:00.310090, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[3]: name[Default Priority] len[4] [2013/11/07 14:25:00.310174, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[4]: name[Port] len[38] [2013/11/07 14:25:00.310275, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[5]: name[Name] len[20] [2013/11/07 14:25:00.310358, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[6]: name[Print Processor] len[18] [2013/11/07 14:25:00.310443, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[7]: name[Priority] len[4] [2013/11/07 14:25:00.310528, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[8]: name[Security] len[248] [2013/11/07 14:25:00.310613, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[9]: name[Share Name] len[20] [2013/11/07 14:25:00.310698, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[10]: name[StartTime] len[4] [2013/11/07 14:25:00.310784, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[11]: name[UntilTime] len[4] [2013/11/07 14:25:00.310869, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[12]: name[ChangeID] len[4] [2013/11/07 14:25:00.310956, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : NULL data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x00000000 (0) result : WERR_OK [2013/11/07 14:25:00.311409, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001cc-0000-0000-7b52-ac947f2c0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_BINARY (3) data : * data: ARRAY(0) data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x00000000 (0) [2013/11/07 14:25:00.312221, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 CC 01 00 00 00 00 00 00 7B 52 AC 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:00.312370, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:00.312502, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2013/11/07 14:25:00.312591, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : * data: ARRAY(248) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0xc4 (196) [55] : 0x00 (0) [56] : 0x07 (7) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x24 (36) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x05 (5) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x15 (21) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0xcd (205) [101] : 0x0e (14) [102] : 0x37 (55) [103] : 0x41 (65) [104] : 0xea (234) [105] : 0x03 (3) [106] : 0x00 (0) [107] : 0x1d (29) [108] : 0x0e (14) [109] : 0x89 (137) [110] : 0x3c (60) [111] : 0xd2 (210) [112] : 0x00 (0) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x02 (2) [118] : 0x24 (36) [119] : 0x00 (0) [120] : 0x0c (12) [121] : 0x00 (0) [122] : 0x0f (15) [123] : 0x10 (16) [124] : 0x01 (1) [125] : 0x05 (5) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x05 (5) [132] : 0x15 (21) [133] : 0x00 (0) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0xcd (205) [137] : 0x0e (14) [138] : 0x37 (55) [139] : 0x41 (65) [140] : 0xea (234) [141] : 0x03 (3) [142] : 0x00 (0) [143] : 0x1d (29) [144] : 0x0e (14) [145] : 0x89 (137) [146] : 0x3c (60) [147] : 0xd2 (210) [148] : 0x00 (0) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x09 (9) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x20 (32) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x02 (2) [178] : 0x18 (24) [179] : 0x00 (0) [180] : 0x0c (12) [181] : 0x00 (0) [182] : 0x0f (15) [183] : 0x10 (16) [184] : 0x01 (1) [185] : 0x02 (2) [186] : 0x00 (0) [187] : 0x00 (0) [188] : 0x00 (0) [189] : 0x00 (0) [190] : 0x00 (0) [191] : 0x05 (5) [192] : 0x20 (32) [193] : 0x00 (0) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x20 (32) [197] : 0x02 (2) [198] : 0x00 (0) [199] : 0x00 (0) [200] : 0x00 (0) [201] : 0x09 (9) [202] : 0x18 (24) [203] : 0x00 (0) [204] : 0x0c (12) [205] : 0x00 (0) [206] : 0x0f (15) [207] : 0x10 (16) [208] : 0x01 (1) [209] : 0x02 (2) [210] : 0x00 (0) [211] : 0x00 (0) [212] : 0x00 (0) [213] : 0x00 (0) [214] : 0x00 (0) [215] : 0x05 (5) [216] : 0x20 (32) [217] : 0x00 (0) [218] : 0x00 (0) [219] : 0x00 (0) [220] : 0x26 (38) [221] : 0x02 (2) [222] : 0x00 (0) [223] : 0x00 (0) [224] : 0x00 (0) [225] : 0x02 (2) [226] : 0x18 (24) [227] : 0x00 (0) [228] : 0x0c (12) [229] : 0x00 (0) [230] : 0x0f (15) [231] : 0x10 (16) [232] : 0x01 (1) [233] : 0x02 (2) [234] : 0x00 (0) [235] : 0x00 (0) [236] : 0x00 (0) [237] : 0x00 (0) [238] : 0x00 (0) [239] : 0x05 (5) [240] : 0x20 (32) [241] : 0x00 (0) [242] : 0x00 (0) [243] : 0x00 (0) [244] : 0x26 (38) [245] : 0x02 (2) [246] : 0x00 (0) [247] : 0x00 (0) data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x000000f8 (248) result : WERR_OK [2013/11/07 14:25:00.323002, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001cc-0000-0000-7b52-ac947f2c0000 [2013/11/07 14:25:00.323289, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 CC 01 00 00 00 00 00 00 7B 52 AC 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:00.323441, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 CC 01 00 00 00 00 00 00 7B 52 AC 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:00.323604, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:25:00.323692, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (4->3) [2013/11/07 14:25:00.323776, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:25:00.324114, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001cb-0000-0000-7b52-ac947f2c0000 [2013/11/07 14:25:00.324420, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 CB 01 00 00 00 00 00 00 7B 52 AC 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:00.324572, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 CB 01 00 00 00 00 00 00 7B 52 AC 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:00.324719, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:25:00.324801, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (3->2) [2013/11/07 14:25:00.324883, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:25:00.325222, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001ca-0000-0000-7b52-ac947f2c0000 [2013/11/07 14:25:00.325533, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 CA 01 00 00 00 00 00 00 7B 52 AC 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:00.325685, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 CA 01 00 00 00 00 00 00 7B 52 AC 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:00.325849, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:25:00.325939, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (2->1) [2013/11/07 14:25:00.326023, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:25:00.326359, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001c9-0000-0000-7b52-ac947f2c0000 [2013/11/07 14:25:00.326639, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 C9 01 00 00 00 00 00 00 7B 52 AC 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:00.326789, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 C9 01 00 00 00 00 00 00 7B 52 AC 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:00.326938, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:25:00.327020, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (1->0) [2013/11/07 14:25:00.327126, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:25:00.327464, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:416(close_policy_by_pipe) Deleted handle list for RPC connection \winreg [2013/11/07 14:25:00.327682, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) spoolss_GetPrinter: struct spoolss_GetPrinter out: struct spoolss_GetPrinter info : * info : union spoolss_PrinterInfo(case 2) info2: struct spoolss_PrinterInfo2 servername : * servername : '\\SLAVER' printername : * printername : '\\SLAVER\sprinter1' sharename : * sharename : 'sprinter1' portname : * portname : 'Samba Printer Port' drivername : * drivername : '' comment : * comment : '' location : * location : '' devmode : * devmode: struct spoolss_DeviceMode devicename : '\\SLAVER\sprinter1' specversion : DMSPEC_NT4_AND_ABOVE (1025) driverversion : 0x0400 (1024) size : 0x00dc (220) __driverextra_length : 0x0000 (0) fields : 0x00014713 (83731) 1: DEVMODE_ORIENTATION 1: DEVMODE_PAPERSIZE 0: DEVMODE_PAPERLENGTH 0: DEVMODE_PAPERWIDTH 1: DEVMODE_SCALE 0: DEVMODE_POSITION 0: DEVMODE_NUP 1: DEVMODE_COPIES 1: DEVMODE_DEFAULTSOURCE 1: DEVMODE_PRINTQUALITY 0: DEVMODE_COLOR 0: DEVMODE_DUPLEX 0: DEVMODE_YRESOLUTION 1: DEVMODE_TTOPTION 0: DEVMODE_COLLATE 1: DEVMODE_FORMNAME 0: DEVMODE_LOGPIXELS 0: DEVMODE_BITSPERPEL 0: DEVMODE_PELSWIDTH 0: DEVMODE_PELSHEIGHT 0: DEVMODE_DISPLAYFLAGS 0: DEVMODE_DISPLAYFREQUENCY 0: DEVMODE_ICMMETHOD 0: DEVMODE_ICMINTENT 0: DEVMODE_MEDIATYPE 0: DEVMODE_DITHERTYPE 0: DEVMODE_PANNINGWIDTH 0: DEVMODE_PANNINGHEIGHT orientation : DMORIENT_PORTRAIT (1) papersize : DMPAPER_LETTER (1) paperlength : 0x0000 (0) paperwidth : 0x0000 (0) scale : 0x0064 (100) copies : 0x0001 (1) defaultsource : DMBIN_FORMSOURCE (15) printquality : DMRES_HIGH (65532) color : DMRES_MONOCHROME (1) duplex : DMDUP_SIMPLEX (1) yresolution : 0x0000 (0) ttoption : DMTT_SUBDEV (3) collate : DMCOLLATE_FALSE (0) formname : 'Letter' logpixels : 0x0000 (0) bitsperpel : 0x00000000 (0) pelswidth : 0x00000000 (0) pelsheight : 0x00000000 (0) displayflags : UNKNOWN_ENUM_VALUE (0) displayfrequency : 0x00000000 (0) icmmethod : UNKNOWN_ENUM_VALUE (0) icmintent : UNKNOWN_ENUM_VALUE (0) mediatype : UNKNOWN_ENUM_VALUE (0) dithertype : UNKNOWN_ENUM_VALUE (0) reserved1 : 0x00000000 (0) reserved2 : 0x00000000 (0) panningwidth : 0x00000000 (0) panningheight : 0x00000000 (0) driverextra_data : DATA_BLOB length=0 sepfile : * sepfile : '' printprocessor : * printprocessor : 'winprint' datatype : * datatype : 'RAW' parameters : * parameters : '' secdesc : * secdesc: struct security_descriptor revision : SECURITY_DESCRIPTOR_REVISION_1 (1) type : 0x8004 (32772) 0: SEC_DESC_OWNER_DEFAULTED 0: SEC_DESC_GROUP_DEFAULTED 1: SEC_DESC_DACL_PRESENT 0: SEC_DESC_DACL_DEFAULTED 0: SEC_DESC_SACL_PRESENT 0: SEC_DESC_SACL_DEFAULTED 0: SEC_DESC_DACL_TRUSTED 0: SEC_DESC_SERVER_SECURITY 0: SEC_DESC_DACL_AUTO_INHERIT_REQ 0: SEC_DESC_SACL_AUTO_INHERIT_REQ 0: SEC_DESC_DACL_AUTO_INHERITED 0: SEC_DESC_SACL_AUTO_INHERITED 0: SEC_DESC_DACL_PROTECTED 0: SEC_DESC_SACL_PROTECTED 0: SEC_DESC_RM_CONTROL_VALID 1: SEC_DESC_SELF_RELATIVE owner_sid : * owner_sid : S-1-5-32-544 group_sid : * group_sid : S-1-5-32-544 sacl : NULL dacl : * dacl: struct security_acl revision : SECURITY_ACL_REVISION_NT4 (2) size : 0x00c4 (196) num_aces : 0x00000007 (7) aces: ARRAY(7) aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0014 (20) access_mask : 0x20020008 (537001992) object : union security_ace_object_ctr(case 0) trustee : S-1-1-0 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x09 (9) 1: SEC_ACE_FLAG_OBJECT_INHERIT 0: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 1: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0024 (36) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-21-1094127309-486540266-3527182606-512 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0024 (36) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-21-1094127309-486540266-3527182606-512 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x09 (9) 1: SEC_ACE_FLAG_OBJECT_INHERIT 0: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 1: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-544 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-544 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x09 (9) 1: SEC_ACE_FLAG_OBJECT_INHERIT 0: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 1: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-550 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-550 attributes : 0x00001048 (4168) 0: PRINTER_ATTRIBUTE_QUEUED 0: PRINTER_ATTRIBUTE_DIRECT 0: PRINTER_ATTRIBUTE_DEFAULT 1: PRINTER_ATTRIBUTE_SHARED 0: PRINTER_ATTRIBUTE_NETWORK 0: PRINTER_ATTRIBUTE_HIDDEN 1: PRINTER_ATTRIBUTE_LOCAL 0: PRINTER_ATTRIBUTE_ENABLE_DEVQ 0: PRINTER_ATTRIBUTE_KEEPPRINTEDJOBS 0: PRINTER_ATTRIBUTE_DO_COMPLETE_FIRST 0: PRINTER_ATTRIBUTE_WORK_OFFLINE 0: PRINTER_ATTRIBUTE_ENABLE_BIDI 1: PRINTER_ATTRIBUTE_RAW_ONLY 0: PRINTER_ATTRIBUTE_PUBLISHED 0: PRINTER_ATTRIBUTE_FAX 0: PRINTER_ATTRIBUTE_TS priority : 0x00000001 (1) defaultpriority : 0x00000001 (1) starttime : 0x00000000 (0) untiltime : 0x00000000 (0) status : 0x00000000 (0) 0: PRINTER_STATUS_PAUSED 0: PRINTER_STATUS_ERROR 0: PRINTER_STATUS_PENDING_DELETION 0: PRINTER_STATUS_PAPER_JAM 0: PRINTER_STATUS_PAPER_OUT 0: PRINTER_STATUS_MANUAL_FEED 0: PRINTER_STATUS_PAPER_PROBLEM 0: PRINTER_STATUS_OFFLINE 0: PRINTER_STATUS_IO_ACTIVE 0: PRINTER_STATUS_BUSY 0: PRINTER_STATUS_PRINTING 0: PRINTER_STATUS_OUTPUT_BIN_FULL 0: PRINTER_STATUS_NOT_AVAILABLE 0: PRINTER_STATUS_WAITING 0: PRINTER_STATUS_PROCESSING 0: PRINTER_STATUS_INITIALIZING 0: PRINTER_STATUS_WARMING_UP 0: PRINTER_STATUS_TONER_LOW 0: PRINTER_STATUS_NO_TONER 0: PRINTER_STATUS_PAGE_PUNT 0: PRINTER_STATUS_USER_INTERVENTION 0: PRINTER_STATUS_OUT_OF_MEMORY 0: PRINTER_STATUS_DOOR_OPEN 0: PRINTER_STATUS_SERVER_UNKNOWN 0: PRINTER_STATUS_POWER_SAVE cjobs : 0x00000000 (0) averageppm : 0x00000000 (0) needed : * needed : 0x000002f0 (752) result : WERR_OK [2013/11/07 14:25:00.339367, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1417(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2013/11/07 14:25:00.339503, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (2016, 5001) - sec_ctx_stack_ndx = 0 [2013/11/07 14:25:00.339592, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 4140 smbd_smb2_request_pending_queue: req->current_idx = 1 req->in.vector[0].iov_len = 0 req->in.vector[1].iov_len = 0 req->in.vector[2].iov_len = 64 req->in.vector[3].iov_len = 56 req->in.vector[4].iov_len = 4156 req->out.vector[0].iov_len = 4 req->out.vector[1].iov_len = 0 req->out.vector[2].iov_len = 64 req->out.vector[3].iov_len = 8 req->out.vector[4].iov_len = 0 [2013/11/07 14:25:00.340113, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:128(smbd_smb2_ioctl_pipe_write_done) smbd_smb2_ioctl_pipe_write_done: received 4156 [2013/11/07 14:25:00.340196, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:149(smbd_smb2_ioctl_pipe_write_done) smbd_smb2_ioctl_pipe_write_done: issuing np_read_send of size 1024 [2013/11/07 14:25:00.340281, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) name: \spoolss len: 1024 [2013/11/07 14:25:00.340365, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:347(read_from_internal_pipe) read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 4112. [2013/11/07 14:25:00.340522, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x1028 (4136) auth_length : 0x0000 (0) call_id : 0x00000003 (3) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00001010 (4112) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=4112 [0000] 04 00 02 00 00 10 00 00 EE 0F 00 00 C8 0F 00 00 ........ ........ [0010] B4 0F 00 00 8E 0F 00 00 8C 0F 00 00 8A 0F 00 00 ........ ........ [0020] 88 0F 00 00 8C 0E 00 00 86 0F 00 00 74 0F 00 00 ........ ....t... [0030] 6C 0F 00 00 6A 0F 00 00 94 0D 00 00 48 10 00 00 l...j... ....H... [0040] 01 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 01 00 04 80 ........ ........ [0DA0] D8 00 00 00 E8 00 00 00 00 00 00 00 14 00 00 00 ........ ........ [0DB0] 02 00 C4 00 07 00 00 00 00 02 14 00 08 00 02 20 ........ ....... [0DC0] 01 01 00 00 00 00 00 01 00 00 00 00 00 09 24 00 ........ ......$. [0DD0] 0C 00 0F 10 01 05 00 00 00 00 00 05 15 00 00 00 ........ ........ [0DE0] CD 0E 37 41 EA 03 00 1D 0E 89 3C D2 00 02 00 00 ..7A.... ..<..... [0DF0] 00 02 24 00 0C 00 0F 10 01 05 00 00 00 00 00 05 ..$..... ........ [0E00] 15 00 00 00 CD 0E 37 41 EA 03 00 1D 0E 89 3C D2 ......7A ......<. [0E10] 00 02 00 00 00 09 18 00 0C 00 0F 10 01 02 00 00 ........ ........ [0E20] 00 00 00 05 20 00 00 00 20 02 00 00 00 02 18 00 .... ... ....... [0E30] 0C 00 0F 10 01 02 00 00 00 00 00 05 20 00 00 00 ........ .... ... [0E40] 20 02 00 00 00 09 18 00 0C 00 0F 10 01 02 00 00 ....... ........ [0E50] 00 00 00 05 20 00 00 00 26 02 00 00 00 02 18 00 .... ... &....... [0E60] 0C 00 0F 10 01 02 00 00 00 00 00 05 20 00 00 00 ........ .... ... [0E70] 26 02 00 00 01 02 00 00 00 00 00 05 20 00 00 00 &....... .... ... [0E80] 20 02 00 00 01 02 00 00 00 00 00 05 20 00 00 00 ....... .... ... [0E90] 20 02 00 00 5C 00 5C 00 53 00 4C 00 41 00 56 00 ...\.\. S.L.A.V. [0EA0] 45 00 52 00 5C 00 73 00 70 00 72 00 69 00 6E 00 E.R.\.s. p.r.i.n. [0EB0] 74 00 65 00 72 00 31 00 00 00 00 00 00 00 00 00 t.e.r.1. ........ [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0ED0] 00 00 00 00 01 04 00 04 DC 00 00 00 13 47 01 00 ........ .....G.. [0EE0] 01 00 01 00 00 00 00 00 64 00 01 00 0F 00 FC FF ........ d....... [0EF0] 01 00 01 00 00 00 03 00 00 00 4C 00 65 00 74 00 ........ ..L.e.t. [0F00] 74 00 65 00 72 00 00 00 00 00 00 00 00 00 00 00 t.e.r... ........ [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F70] 00 00 00 00 52 00 41 00 57 00 00 00 77 00 69 00 ....R.A. W...w.i. [0F80] 6E 00 70 00 72 00 69 00 6E 00 74 00 00 00 00 00 n.p.r.i. n.t..... [0F90] 00 00 00 00 00 00 53 00 61 00 6D 00 62 00 61 00 ......S. a.m.b.a. [0FA0] 20 00 50 00 72 00 69 00 6E 00 74 00 65 00 72 00 .P.r.i. n.t.e.r. [0FB0] 20 00 50 00 6F 00 72 00 74 00 00 00 73 00 70 00 .P.o.r. t...s.p. [0FC0] 72 00 69 00 6E 00 74 00 65 00 72 00 31 00 00 00 r.i.n.t. e.r.1... [0FD0] 5C 00 5C 00 53 00 4C 00 41 00 56 00 45 00 52 00 \.\.S.L. A.V.E.R. [0FE0] 5C 00 73 00 70 00 72 00 69 00 6E 00 74 00 65 00 \.s.p.r. i.n.t.e. [0FF0] 72 00 31 00 00 00 5C 00 5C 00 53 00 4C 00 41 00 r.1...\. \.S.L.A. [1000] 56 00 45 00 52 00 00 00 F0 02 00 00 00 00 00 00 V.E.R... ........ [2013/11/07 14:25:00.359328, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 1024 bytes. There is more data outstanding [2013/11/07 14:25:00.359415, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:178(smbd_smb2_ioctl_pipe_read_done) smbd_smb2_ioctl_pipe_read_done: np_read_recv nread = 1024 is_data_outstanding = 1, status = NT_STATUS_OK [2013/11/07 14:25:00.359505, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl.c:291(smbd_smb2_request_ioctl_done) smbd_smb2_request_ioctl_done: smbd_smb2_ioctl_recv returned 1024 status STATUS_BUFFER_OVERFLOW [2013/11/07 14:25:00.359590, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) smbd_smb2_request_done_ex: idx[1] status[STATUS_BUFFER_OVERFLOW] body[48] dyn[yes:1024] at ../source3/smbd/smb2_ioctl.c:358 [2013/11/07 14:25:00.359677, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/254/127 [2013/11/07 14:25:00.359949, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) smbd_smb2_request_incoming: idx[1] of 5 vectors [2013/11/07 14:25:00.360040, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) smb2_validate_sequence_number: clearing id 254 (position 254) from bitmap [2013/11/07 14:25:00.360126, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) smbd_smb2_request_dispatch: opcode[SMB2_OP_IOCTL] mid = 254 [2013/11/07 14:25:00.360234, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2013/11/07 14:25:00.360343, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) mid 254, CreditCharge: 1, NeededCharge: 1 [2013/11/07 14:25:00.360457, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl.c:394(smbd_smb2_ioctl_send) smbd_smb2_ioctl: ctl_code[0x0011c017] spoolss, fnum 3764318751 [2013/11/07 14:25:00.360548, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:59(smb2_ioctl_named_pipe) smbd_smb2_ioctl_send: np_write_send of size 4156 [2013/11/07 14:25:00.360629, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 4156 [2013/11/07 14:25:00.360712, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 4156 [2013/11/07 14:25:00.360794, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 4156 [2013/11/07 14:25:00.360875, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) fill_rpc_header: data_to_copy = 4156, len_needed_to_complete_hdr = 16, receive_len = 0 [2013/11/07 14:25:00.360959, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 16 [2013/11/07 14:25:00.361038, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 4140 [2013/11/07 14:25:00.361118, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 4140 [2013/11/07 14:25:00.361204, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 0 [2013/11/07 14:25:00.361308, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 4140 [2013/11/07 14:25:00.361389, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 4140, incoming data = 4140 [2013/11/07 14:25:00.361474, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) PDU is in Little Endian format! [2013/11/07 14:25:00.361630, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x103c (4156) auth_length : 0x0000 (0) call_id : 0x0000000d (13) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x00001024 (4132) context_id : 0x0000 (0) opnum : 0x0008 (8) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=4132 [0000] 00 00 00 00 7E 01 00 00 00 00 00 00 7B 52 AA 94 ....~... ....{R.. [0010] 7F 2C 00 00 02 00 00 00 00 00 02 00 00 10 00 00 .,...... ........ [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1020] 00 10 00 00 .... [2013/11/07 14:25:00.380749, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) Processing packet type 0 [2013/11/07 14:25:00.380838, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1472(dcesrv_auth_request) Checking request auth. [2013/11/07 14:25:00.380932, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(2016, 5001) : sec_ctx_stack_ndx = 1 [2013/11/07 14:25:00.381024, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (2016, 5001) - sec_ctx_stack_ndx = 1 [2013/11/07 14:25:00.381109, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (7): SID[ 0]: S-1-5-21-1094127309-486540266-3527182606-1118 SID[ 1]: S-1-5-21-1094127309-486540266-3527182606-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-32-545 SID[ 6]: S-1-5-32-554 Privileges (0x 800000): Privilege[ 0]: SeChangeNotifyPrivilege Rights (0x 400): Right[ 0]: SeRemoteInteractiveLogonRight [2013/11/07 14:25:00.381646, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 2016 Primary group is 5001 and contains 6 supplementary groups Group[ 0]: 5001 Group[ 1]: 5012 Group[ 2]: 5032 Group[ 3]: 5010 Group[ 4]: 5067 Group[ 5]: 5052 [2013/11/07 14:25:00.381997, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1324(api_pipe_request) Requested \spoolss rpc service [2013/11/07 14:25:00.382086, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1356(api_rpcTNP) api_rpcTNP: \spoolss op 0x8 - api_rpcTNP: rpc command: SPOOLSS_GETPRINTER [2013/11/07 14:25:00.382173, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1390(api_rpcTNP) api_rpc_cmds[8].fn == 0xb766e000 [2013/11/07 14:25:00.382264, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) spoolss_GetPrinter: struct spoolss_GetPrinter in: struct spoolss_GetPrinter handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000017e-0000-0000-7b52-aa947f2c0000 level : 0x00000002 (2) buffer : * buffer : DATA_BLOB length=4096 [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ offered : 0x00001000 (4096) [2013/11/07 14:25:00.399170, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[5] [0000] 00 00 00 00 7E 01 00 00 00 00 00 00 7B 52 AA 94 ....~... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:00.399329, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[5] [0000] 00 00 00 00 7E 01 00 00 00 00 00 00 7B 52 AA 94 ....~... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:00.399477, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:489(get_printer_snum) short name:sprinter1 [2013/11/07 14:25:00.399671, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) Create pipe requested \winreg [2013/11/07 14:25:00.399768, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:221(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \winreg [2013/11/07 14:25:00.399852, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg [2013/11/07 14:25:00.400014, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) Created internal pipe \winreg [2013/11/07 14:25:00.400134, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:25:00.400792, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2013/11/07 14:25:00.400880, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(2016, 5001) : sec_ctx_stack_ndx = 2 [2013/11/07 14:25:00.400969, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:485(push_conn_ctx) push_conn_ctx(2620291195) : conn_ctx_stack_ndx = 0 [2013/11/07 14:25:00.401051, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/11/07 14:25:00.401132, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/11/07 14:25:00.401212, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/11/07 14:25:00.401506, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (2016, 5001) - sec_ctx_stack_ndx = 1 [2013/11/07 14:25:00.401591, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:866(regdb_open) regdb_open: registry db opened. refcount reset (1) [2013/11/07 14:25:00.401677, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2013/11/07 14:25:00.401758, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2013/11/07 14:25:00.401842, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:00.401922, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM] [2013/11/07 14:25:00.402050, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2013/11/07 14:25:00.402154, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:25:00.402243, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 CD 01 00 00 00 00 00 00 7B 52 AC 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:00.402396, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001cd-0000-0000-7b52-ac947f2c0000 result : WERR_OK [2013/11/07 14:25:00.402783, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001cd-0000-0000-7b52-ac947f2c0000 keyname: struct winreg_String name_len : 0x008c (140) name_size : 0x008c (140) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:25:00.403789, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 CD 01 00 00 00 00 00 00 7B 52 AC 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:00.403945, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2013/11/07 14:25:00.404028, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (1->2) [2013/11/07 14:25:00.404112, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2013/11/07 14:25:00.404191, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2013/11/07 14:25:00.404274, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:00.404354, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE] [2013/11/07 14:25:00.404513, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2013/11/07 14:25:00.404617, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2013/11/07 14:25:00.404701, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (2->3) [2013/11/07 14:25:00.404785, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:25:00.404884, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:25:00.404968, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:00.405046, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:25:00.405154, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2013/11/07 14:25:00.405255, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2013/11/07 14:25:00.405387, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (3->4) [2013/11/07 14:25:00.405472, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:25:00.405551, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:25:00.405636, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:00.405714, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:25:00.405822, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:25:00.405923, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2013/11/07 14:25:00.406005, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (4->5) [2013/11/07 14:25:00.406092, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:25:00.406171, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:25:00.406256, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:00.406335, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:25:00.406459, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2013/11/07 14:25:00.406542, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (5->6) [2013/11/07 14:25:00.406640, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:25:00.406721, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:25:00.406809, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:00.406888, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:25:00.406995, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2013/11/07 14:25:00.407078, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (6->7) [2013/11/07 14:25:00.407163, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:25:00.407244, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:25:00.407332, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:00.407411, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:25:00.407516, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:25:00.407619, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [sprinter1] [2013/11/07 14:25:00.407702, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (7->8) [2013/11/07 14:25:00.407787, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:00.407868, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:00.407955, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:00.408034, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:00.408162, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:00.408266, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:25:00.408365, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (8->7) [2013/11/07 14:25:00.408492, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (7->6) [2013/11/07 14:25:00.408576, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (6->5) [2013/11/07 14:25:00.408659, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (5->4) [2013/11/07 14:25:00.408741, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (4->3) [2013/11/07 14:25:00.408824, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (3->2) [2013/11/07 14:25:00.408910, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 CE 01 00 00 00 00 00 00 7B 52 AC 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:00.409061, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001ce-0000-0000-7b52-ac947f2c0000 result : WERR_OK [2013/11/07 14:25:00.409454, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey in: struct winreg_QueryInfoKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001ce-0000-0000-7b52-ac947f2c0000 classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL [2013/11/07 14:25:00.409927, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 CE 01 00 00 00 00 00 00 7B 52 AC 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:00.410086, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' (ops 0xb6d86bc0) [2013/11/07 14:25:00.410170, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:00.410291, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[0]: name[Attributes] len[4] [2013/11/07 14:25:00.410376, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[1]: name[Description] len[2] [2013/11/07 14:25:00.410475, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[2]: name[Datatype] len[8] [2013/11/07 14:25:00.410559, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[3]: name[Default Priority] len[4] [2013/11/07 14:25:00.410643, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[4]: name[Port] len[38] [2013/11/07 14:25:00.410727, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[5]: name[Name] len[20] [2013/11/07 14:25:00.410811, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[6]: name[Print Processor] len[18] [2013/11/07 14:25:00.410896, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[7]: name[Priority] len[4] [2013/11/07 14:25:00.410980, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[8]: name[Security] len[248] [2013/11/07 14:25:00.411065, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[9]: name[Share Name] len[20] [2013/11/07 14:25:00.411150, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[10]: name[StartTime] len[4] [2013/11/07 14:25:00.411236, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[11]: name[UntilTime] len[4] [2013/11/07 14:25:00.411321, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[12]: name[ChangeID] len[4] [2013/11/07 14:25:00.411406, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:00.411513, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey out: struct winreg_QueryInfoKey classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL num_subkeys : * num_subkeys : 0x00000003 (3) max_subkeylen : * max_subkeylen : 0x00000022 (34) max_classlen : * max_classlen : 0x00000000 (0) num_values : * num_values : 0x0000000d (13) max_valnamelen : * max_valnamelen : 0x00000022 (34) max_valbufsize : * max_valbufsize : 0x000000f8 (248) secdescsize : * secdescsize : 0x00000078 (120) last_changed_time : * last_changed_time : NTTIME(0) result : WERR_OK [2013/11/07 14:25:00.412558, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001ce-0000-0000-7b52-ac947f2c0000 enum_index : 0x00000000 (0) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:25:00.413437, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 CE 01 00 00 00 00 00 00 7B 52 AC 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:00.413589, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:00.413679, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0016 (22) size : 0x0024 (36) name : * name : 'Attributes' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x48 (72) [1] : 0x10 (16) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:25:00.414557, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001ce-0000-0000-7b52-ac947f2c0000 enum_index : 0x00000001 (1) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:25:00.415417, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 CE 01 00 00 00 00 00 00 7B 52 AC 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:00.415566, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:00.415652, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0018 (24) size : 0x0024 (36) name : * name : 'Description' type : * type : REG_SZ (1) value : * value: ARRAY(2) [0] : 0x00 (0) [1] : 0x00 (0) size : * size : 0x00000002 (2) length : * length : 0x00000002 (2) result : WERR_OK [2013/11/07 14:25:00.416471, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001ce-0000-0000-7b52-ac947f2c0000 enum_index : 0x00000002 (2) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:25:00.417378, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 CE 01 00 00 00 00 00 00 7B 52 AC 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:00.417531, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:00.417621, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Datatype' type : * type : REG_SZ (1) value : * value: ARRAY(8) [0] : 0x52 (82) [1] : 0x00 (0) [2] : 0x41 (65) [3] : 0x00 (0) [4] : 0x57 (87) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) size : * size : 0x00000008 (8) length : * length : 0x00000008 (8) result : WERR_OK [2013/11/07 14:25:00.418671, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001ce-0000-0000-7b52-ac947f2c0000 enum_index : 0x00000003 (3) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:25:00.419518, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 CE 01 00 00 00 00 00 00 7B 52 AC 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:00.419743, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:00.419831, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0022 (34) size : 0x0024 (36) name : * name : 'Default Priority' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:25:00.420748, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001ce-0000-0000-7b52-ac947f2c0000 enum_index : 0x00000004 (4) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:25:00.421622, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 CE 01 00 00 00 00 00 00 7B 52 AC 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:00.421770, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:00.421859, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x000a (10) size : 0x0024 (36) name : * name : 'Port' type : * type : REG_SZ (1) value : * value: ARRAY(38) [0] : 0x53 (83) [1] : 0x00 (0) [2] : 0x61 (97) [3] : 0x00 (0) [4] : 0x6d (109) [5] : 0x00 (0) [6] : 0x62 (98) [7] : 0x00 (0) [8] : 0x61 (97) [9] : 0x00 (0) [10] : 0x20 (32) [11] : 0x00 (0) [12] : 0x50 (80) [13] : 0x00 (0) [14] : 0x72 (114) [15] : 0x00 (0) [16] : 0x69 (105) [17] : 0x00 (0) [18] : 0x6e (110) [19] : 0x00 (0) [20] : 0x74 (116) [21] : 0x00 (0) [22] : 0x65 (101) [23] : 0x00 (0) [24] : 0x72 (114) [25] : 0x00 (0) [26] : 0x20 (32) [27] : 0x00 (0) [28] : 0x50 (80) [29] : 0x00 (0) [30] : 0x6f (111) [31] : 0x00 (0) [32] : 0x72 (114) [33] : 0x00 (0) [34] : 0x74 (116) [35] : 0x00 (0) [36] : 0x00 (0) [37] : 0x00 (0) size : * size : 0x00000026 (38) length : * length : 0x00000026 (38) result : WERR_OK [2013/11/07 14:25:00.424046, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001ce-0000-0000-7b52-ac947f2c0000 enum_index : 0x00000005 (5) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:25:00.424921, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 CE 01 00 00 00 00 00 00 7B 52 AC 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:00.425070, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:00.425158, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x000a (10) size : 0x0024 (36) name : * name : 'Name' type : * type : REG_SZ (1) value : * value: ARRAY(20) [0] : 0x73 (115) [1] : 0x00 (0) [2] : 0x70 (112) [3] : 0x00 (0) [4] : 0x72 (114) [5] : 0x00 (0) [6] : 0x69 (105) [7] : 0x00 (0) [8] : 0x6e (110) [9] : 0x00 (0) [10] : 0x74 (116) [11] : 0x00 (0) [12] : 0x65 (101) [13] : 0x00 (0) [14] : 0x72 (114) [15] : 0x00 (0) [16] : 0x31 (49) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) size : * size : 0x00000014 (20) length : * length : 0x00000014 (20) result : WERR_OK [2013/11/07 14:25:00.426694, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001ce-0000-0000-7b52-ac947f2c0000 enum_index : 0x00000006 (6) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:25:00.427549, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 CE 01 00 00 00 00 00 00 7B 52 AC 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:00.427697, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:00.427784, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0020 (32) size : 0x0024 (36) name : * name : 'Print Processor' type : * type : REG_SZ (1) value : * value: ARRAY(18) [0] : 0x77 (119) [1] : 0x00 (0) [2] : 0x69 (105) [3] : 0x00 (0) [4] : 0x6e (110) [5] : 0x00 (0) [6] : 0x70 (112) [7] : 0x00 (0) [8] : 0x72 (114) [9] : 0x00 (0) [10] : 0x69 (105) [11] : 0x00 (0) [12] : 0x6e (110) [13] : 0x00 (0) [14] : 0x74 (116) [15] : 0x00 (0) [16] : 0x00 (0) [17] : 0x00 (0) size : * size : 0x00000012 (18) length : * length : 0x00000012 (18) result : WERR_OK [2013/11/07 14:25:00.429236, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001ce-0000-0000-7b52-ac947f2c0000 enum_index : 0x00000007 (7) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:25:00.430129, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 CE 01 00 00 00 00 00 00 7B 52 AC 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:00.430282, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:00.430374, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Priority' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:25:00.431321, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001ce-0000-0000-7b52-ac947f2c0000 enum_index : 0x00000008 (8) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:25:00.432187, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 CE 01 00 00 00 00 00 00 7B 52 AC 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:00.432335, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:00.432453, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Security' type : * type : REG_BINARY (3) value : * value: ARRAY(248) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0xc4 (196) [55] : 0x00 (0) [56] : 0x07 (7) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x24 (36) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x05 (5) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x15 (21) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0xcd (205) [101] : 0x0e (14) [102] : 0x37 (55) [103] : 0x41 (65) [104] : 0xea (234) [105] : 0x03 (3) [106] : 0x00 (0) [107] : 0x1d (29) [108] : 0x0e (14) [109] : 0x89 (137) [110] : 0x3c (60) [111] : 0xd2 (210) [112] : 0x00 (0) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x02 (2) [118] : 0x24 (36) [119] : 0x00 (0) [120] : 0x0c (12) [121] : 0x00 (0) [122] : 0x0f (15) [123] : 0x10 (16) [124] : 0x01 (1) [125] : 0x05 (5) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x05 (5) [132] : 0x15 (21) [133] : 0x00 (0) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0xcd (205) [137] : 0x0e (14) [138] : 0x37 (55) [139] : 0x41 (65) [140] : 0xea (234) [141] : 0x03 (3) [142] : 0x00 (0) [143] : 0x1d (29) [144] : 0x0e (14) [145] : 0x89 (137) [146] : 0x3c (60) [147] : 0xd2 (210) [148] : 0x00 (0) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x09 (9) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x20 (32) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x02 (2) [178] : 0x18 (24) [179] : 0x00 (0) [180] : 0x0c (12) [181] : 0x00 (0) [182] : 0x0f (15) [183] : 0x10 (16) [184] : 0x01 (1) [185] : 0x02 (2) [186] : 0x00 (0) [187] : 0x00 (0) [188] : 0x00 (0) [189] : 0x00 (0) [190] : 0x00 (0) [191] : 0x05 (5) [192] : 0x20 (32) [193] : 0x00 (0) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x20 (32) [197] : 0x02 (2) [198] : 0x00 (0) [199] : 0x00 (0) [200] : 0x00 (0) [201] : 0x09 (9) [202] : 0x18 (24) [203] : 0x00 (0) [204] : 0x0c (12) [205] : 0x00 (0) [206] : 0x0f (15) [207] : 0x10 (16) [208] : 0x01 (1) [209] : 0x02 (2) [210] : 0x00 (0) [211] : 0x00 (0) [212] : 0x00 (0) [213] : 0x00 (0) [214] : 0x00 (0) [215] : 0x05 (5) [216] : 0x20 (32) [217] : 0x00 (0) [218] : 0x00 (0) [219] : 0x00 (0) [220] : 0x26 (38) [221] : 0x02 (2) [222] : 0x00 (0) [223] : 0x00 (0) [224] : 0x00 (0) [225] : 0x02 (2) [226] : 0x18 (24) [227] : 0x00 (0) [228] : 0x0c (12) [229] : 0x00 (0) [230] : 0x0f (15) [231] : 0x10 (16) [232] : 0x01 (1) [233] : 0x02 (2) [234] : 0x00 (0) [235] : 0x00 (0) [236] : 0x00 (0) [237] : 0x00 (0) [238] : 0x00 (0) [239] : 0x05 (5) [240] : 0x20 (32) [241] : 0x00 (0) [242] : 0x00 (0) [243] : 0x00 (0) [244] : 0x26 (38) [245] : 0x02 (2) [246] : 0x00 (0) [247] : 0x00 (0) size : * size : 0x000000f8 (248) length : * length : 0x000000f8 (248) result : WERR_OK [2013/11/07 14:25:00.443189, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001ce-0000-0000-7b52-ac947f2c0000 enum_index : 0x00000009 (9) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:25:00.444057, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 CE 01 00 00 00 00 00 00 7B 52 AC 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:00.444207, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:00.444297, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0016 (22) size : 0x0024 (36) name : * name : 'Share Name' type : * type : REG_SZ (1) value : * value: ARRAY(20) [0] : 0x73 (115) [1] : 0x00 (0) [2] : 0x70 (112) [3] : 0x00 (0) [4] : 0x72 (114) [5] : 0x00 (0) [6] : 0x69 (105) [7] : 0x00 (0) [8] : 0x6e (110) [9] : 0x00 (0) [10] : 0x74 (116) [11] : 0x00 (0) [12] : 0x65 (101) [13] : 0x00 (0) [14] : 0x72 (114) [15] : 0x00 (0) [16] : 0x31 (49) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) size : * size : 0x00000014 (20) length : * length : 0x00000014 (20) result : WERR_OK [2013/11/07 14:25:00.445876, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001ce-0000-0000-7b52-ac947f2c0000 enum_index : 0x0000000a (10) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:25:00.446723, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 CE 01 00 00 00 00 00 00 7B 52 AC 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:00.446875, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:00.446963, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0014 (20) size : 0x0024 (36) name : * name : 'StartTime' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:25:00.447839, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001ce-0000-0000-7b52-ac947f2c0000 enum_index : 0x0000000b (11) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:25:00.448733, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 CE 01 00 00 00 00 00 00 7B 52 AC 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:00.448882, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:00.448970, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0014 (20) size : 0x0024 (36) name : * name : 'UntilTime' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:25:00.449868, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001ce-0000-0000-7b52-ac947f2c0000 enum_index : 0x0000000c (12) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:25:00.450716, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 CE 01 00 00 00 00 00 00 7B 52 AC 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:00.450879, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:00.450967, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'ChangeID' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x33 (51) [1] : 0xac (172) [2] : 0x0e (14) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:25:00.451937, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001ce-0000-0000-7b52-ac947f2c0000 value_name : * value_name: struct winreg_String name_len : 0x0020 (32) name_size : 0x0020 (32) name : * name : 'Default DevMode' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2013/11/07 14:25:00.452747, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 CE 01 00 00 00 00 00 00 7B 52 AC 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:00.452900, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:00.452983, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2013/11/07 14:25:00.453073, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:316(_winreg_QueryValue) _winreg_QueryValue: reg_queryvalue failed with: WERR_BADFILE [2013/11/07 14:25:00.453155, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) result : WERR_BADFILE [2013/11/07 14:25:00.453678, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:25:00.454190, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2013/11/07 14:25:00.454274, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (2->3) [2013/11/07 14:25:00.454360, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2013/11/07 14:25:00.454441, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2013/11/07 14:25:00.454526, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:00.454605, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM] [2013/11/07 14:25:00.454734, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2013/11/07 14:25:00.454840, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:25:00.454929, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[3] [0000] 00 00 00 00 CF 01 00 00 00 00 00 00 7B 52 AC 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:00.455082, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001cf-0000-0000-7b52-ac947f2c0000 result : WERR_OK [2013/11/07 14:25:00.455432, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001cf-0000-0000-7b52-ac947f2c0000 keyname: struct winreg_String name_len : 0x008c (140) name_size : 0x008c (140) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:25:00.456479, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 CF 01 00 00 00 00 00 00 7B 52 AC 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:00.456632, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2013/11/07 14:25:00.456715, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (3->4) [2013/11/07 14:25:00.456799, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2013/11/07 14:25:00.456879, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2013/11/07 14:25:00.456964, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:00.457044, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE] [2013/11/07 14:25:00.457157, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2013/11/07 14:25:00.457259, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2013/11/07 14:25:00.457373, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (4->5) [2013/11/07 14:25:00.457458, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:25:00.457538, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:25:00.457622, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:00.457701, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:25:00.457806, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2013/11/07 14:25:00.457906, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2013/11/07 14:25:00.458002, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (5->6) [2013/11/07 14:25:00.458087, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:25:00.458166, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:25:00.458250, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:00.458329, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:25:00.458431, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:25:00.458532, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2013/11/07 14:25:00.458615, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (6->7) [2013/11/07 14:25:00.458699, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:25:00.458779, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:25:00.458864, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:00.458943, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:25:00.459068, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2013/11/07 14:25:00.459151, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (7->8) [2013/11/07 14:25:00.459236, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:25:00.459317, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:25:00.459404, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:00.459483, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:25:00.459593, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2013/11/07 14:25:00.459689, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (8->9) [2013/11/07 14:25:00.459776, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:25:00.459857, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:25:00.459945, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:00.460024, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:25:00.460128, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:25:00.460231, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [sprinter1] [2013/11/07 14:25:00.460313, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (9->10) [2013/11/07 14:25:00.460424, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:00.460509, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:00.460596, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:00.460675, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:00.460789, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:00.460892, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:25:00.460978, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (10->9) [2013/11/07 14:25:00.461062, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (9->8) [2013/11/07 14:25:00.461145, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (8->7) [2013/11/07 14:25:00.461228, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (7->6) [2013/11/07 14:25:00.461345, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (6->5) [2013/11/07 14:25:00.461444, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (5->4) [2013/11/07 14:25:00.461528, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[4] [0000] 00 00 00 00 D0 01 00 00 00 00 00 00 7B 52 AC 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:00.461678, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001d0-0000-0000-7b52-ac947f2c0000 result : WERR_OK [2013/11/07 14:25:00.462036, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001d0-0000-0000-7b52-ac947f2c0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2013/11/07 14:25:00.462812, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 D0 01 00 00 00 00 00 00 7B 52 AC 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:00.462961, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:00.463043, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2013/11/07 14:25:00.463126, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' (ops 0xb6d86bc0) [2013/11/07 14:25:00.463210, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:00.463319, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[0]: name[Attributes] len[4] [2013/11/07 14:25:00.463404, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[1]: name[Description] len[2] [2013/11/07 14:25:00.463502, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[2]: name[Datatype] len[8] [2013/11/07 14:25:00.463587, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[3]: name[Default Priority] len[4] [2013/11/07 14:25:00.463671, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[4]: name[Port] len[38] [2013/11/07 14:25:00.463755, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[5]: name[Name] len[20] [2013/11/07 14:25:00.463840, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[6]: name[Print Processor] len[18] [2013/11/07 14:25:00.463924, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[7]: name[Priority] len[4] [2013/11/07 14:25:00.464009, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[8]: name[Security] len[248] [2013/11/07 14:25:00.464094, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[9]: name[Share Name] len[20] [2013/11/07 14:25:00.464179, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[10]: name[StartTime] len[4] [2013/11/07 14:25:00.464266, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[11]: name[UntilTime] len[4] [2013/11/07 14:25:00.464351, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[12]: name[ChangeID] len[4] [2013/11/07 14:25:00.464530, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : NULL data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x00000000 (0) result : WERR_OK [2013/11/07 14:25:00.464994, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001d0-0000-0000-7b52-ac947f2c0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_BINARY (3) data : * data: ARRAY(0) data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x00000000 (0) [2013/11/07 14:25:00.465868, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 D0 01 00 00 00 00 00 00 7B 52 AC 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:00.466021, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:00.466103, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2013/11/07 14:25:00.466192, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : * data: ARRAY(248) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0xc4 (196) [55] : 0x00 (0) [56] : 0x07 (7) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x24 (36) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x05 (5) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x15 (21) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0xcd (205) [101] : 0x0e (14) [102] : 0x37 (55) [103] : 0x41 (65) [104] : 0xea (234) [105] : 0x03 (3) [106] : 0x00 (0) [107] : 0x1d (29) [108] : 0x0e (14) [109] : 0x89 (137) [110] : 0x3c (60) [111] : 0xd2 (210) [112] : 0x00 (0) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x02 (2) [118] : 0x24 (36) [119] : 0x00 (0) [120] : 0x0c (12) [121] : 0x00 (0) [122] : 0x0f (15) [123] : 0x10 (16) [124] : 0x01 (1) [125] : 0x05 (5) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x05 (5) [132] : 0x15 (21) [133] : 0x00 (0) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0xcd (205) [137] : 0x0e (14) [138] : 0x37 (55) [139] : 0x41 (65) [140] : 0xea (234) [141] : 0x03 (3) [142] : 0x00 (0) [143] : 0x1d (29) [144] : 0x0e (14) [145] : 0x89 (137) [146] : 0x3c (60) [147] : 0xd2 (210) [148] : 0x00 (0) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x09 (9) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x20 (32) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x02 (2) [178] : 0x18 (24) [179] : 0x00 (0) [180] : 0x0c (12) [181] : 0x00 (0) [182] : 0x0f (15) [183] : 0x10 (16) [184] : 0x01 (1) [185] : 0x02 (2) [186] : 0x00 (0) [187] : 0x00 (0) [188] : 0x00 (0) [189] : 0x00 (0) [190] : 0x00 (0) [191] : 0x05 (5) [192] : 0x20 (32) [193] : 0x00 (0) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x20 (32) [197] : 0x02 (2) [198] : 0x00 (0) [199] : 0x00 (0) [200] : 0x00 (0) [201] : 0x09 (9) [202] : 0x18 (24) [203] : 0x00 (0) [204] : 0x0c (12) [205] : 0x00 (0) [206] : 0x0f (15) [207] : 0x10 (16) [208] : 0x01 (1) [209] : 0x02 (2) [210] : 0x00 (0) [211] : 0x00 (0) [212] : 0x00 (0) [213] : 0x00 (0) [214] : 0x00 (0) [215] : 0x05 (5) [216] : 0x20 (32) [217] : 0x00 (0) [218] : 0x00 (0) [219] : 0x00 (0) [220] : 0x26 (38) [221] : 0x02 (2) [222] : 0x00 (0) [223] : 0x00 (0) [224] : 0x00 (0) [225] : 0x02 (2) [226] : 0x18 (24) [227] : 0x00 (0) [228] : 0x0c (12) [229] : 0x00 (0) [230] : 0x0f (15) [231] : 0x10 (16) [232] : 0x01 (1) [233] : 0x02 (2) [234] : 0x00 (0) [235] : 0x00 (0) [236] : 0x00 (0) [237] : 0x00 (0) [238] : 0x00 (0) [239] : 0x05 (5) [240] : 0x20 (32) [241] : 0x00 (0) [242] : 0x00 (0) [243] : 0x00 (0) [244] : 0x26 (38) [245] : 0x02 (2) [246] : 0x00 (0) [247] : 0x00 (0) data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x000000f8 (248) result : WERR_OK [2013/11/07 14:25:00.476583, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001d0-0000-0000-7b52-ac947f2c0000 [2013/11/07 14:25:00.476884, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 D0 01 00 00 00 00 00 00 7B 52 AC 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:00.477037, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 D0 01 00 00 00 00 00 00 7B 52 AC 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:00.477187, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:25:00.477318, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (4->3) [2013/11/07 14:25:00.477403, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:25:00.477743, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001cf-0000-0000-7b52-ac947f2c0000 [2013/11/07 14:25:00.478021, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 CF 01 00 00 00 00 00 00 7B 52 AC 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:00.478173, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 CF 01 00 00 00 00 00 00 7B 52 AC 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:00.478323, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:25:00.478406, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (3->2) [2013/11/07 14:25:00.478488, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:25:00.478830, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001ce-0000-0000-7b52-ac947f2c0000 [2013/11/07 14:25:00.479124, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 CE 01 00 00 00 00 00 00 7B 52 AC 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:00.479275, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 CE 01 00 00 00 00 00 00 7B 52 AC 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:00.479425, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:25:00.479515, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (2->1) [2013/11/07 14:25:00.479598, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:25:00.479933, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001cd-0000-0000-7b52-ac947f2c0000 [2013/11/07 14:25:00.480211, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 CD 01 00 00 00 00 00 00 7B 52 AC 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:00.480361, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 CD 01 00 00 00 00 00 00 7B 52 AC 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:00.480537, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:25:00.480621, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (1->0) [2013/11/07 14:25:00.480727, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:25:00.481163, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:416(close_policy_by_pipe) Deleted handle list for RPC connection \winreg [2013/11/07 14:25:00.481437, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) spoolss_GetPrinter: struct spoolss_GetPrinter out: struct spoolss_GetPrinter info : * info : union spoolss_PrinterInfo(case 2) info2: struct spoolss_PrinterInfo2 servername : * servername : '\\SLAVER' printername : * printername : '\\SLAVER\sprinter1' sharename : * sharename : 'sprinter1' portname : * portname : 'Samba Printer Port' drivername : * drivername : '' comment : * comment : '' location : * location : '' devmode : * devmode: struct spoolss_DeviceMode devicename : '\\SLAVER\sprinter1' specversion : DMSPEC_NT4_AND_ABOVE (1025) driverversion : 0x0400 (1024) size : 0x00dc (220) __driverextra_length : 0x0000 (0) fields : 0x00014713 (83731) 1: DEVMODE_ORIENTATION 1: DEVMODE_PAPERSIZE 0: DEVMODE_PAPERLENGTH 0: DEVMODE_PAPERWIDTH 1: DEVMODE_SCALE 0: DEVMODE_POSITION 0: DEVMODE_NUP 1: DEVMODE_COPIES 1: DEVMODE_DEFAULTSOURCE 1: DEVMODE_PRINTQUALITY 0: DEVMODE_COLOR 0: DEVMODE_DUPLEX 0: DEVMODE_YRESOLUTION 1: DEVMODE_TTOPTION 0: DEVMODE_COLLATE 1: DEVMODE_FORMNAME 0: DEVMODE_LOGPIXELS 0: DEVMODE_BITSPERPEL 0: DEVMODE_PELSWIDTH 0: DEVMODE_PELSHEIGHT 0: DEVMODE_DISPLAYFLAGS 0: DEVMODE_DISPLAYFREQUENCY 0: DEVMODE_ICMMETHOD 0: DEVMODE_ICMINTENT 0: DEVMODE_MEDIATYPE 0: DEVMODE_DITHERTYPE 0: DEVMODE_PANNINGWIDTH 0: DEVMODE_PANNINGHEIGHT orientation : DMORIENT_PORTRAIT (1) papersize : DMPAPER_LETTER (1) paperlength : 0x0000 (0) paperwidth : 0x0000 (0) scale : 0x0064 (100) copies : 0x0001 (1) defaultsource : DMBIN_FORMSOURCE (15) printquality : DMRES_HIGH (65532) color : DMRES_MONOCHROME (1) duplex : DMDUP_SIMPLEX (1) yresolution : 0x0000 (0) ttoption : DMTT_SUBDEV (3) collate : DMCOLLATE_FALSE (0) formname : 'Letter' logpixels : 0x0000 (0) bitsperpel : 0x00000000 (0) pelswidth : 0x00000000 (0) pelsheight : 0x00000000 (0) displayflags : UNKNOWN_ENUM_VALUE (0) displayfrequency : 0x00000000 (0) icmmethod : UNKNOWN_ENUM_VALUE (0) icmintent : UNKNOWN_ENUM_VALUE (0) mediatype : UNKNOWN_ENUM_VALUE (0) dithertype : UNKNOWN_ENUM_VALUE (0) reserved1 : 0x00000000 (0) reserved2 : 0x00000000 (0) panningwidth : 0x00000000 (0) panningheight : 0x00000000 (0) driverextra_data : DATA_BLOB length=0 sepfile : * sepfile : '' printprocessor : * printprocessor : 'winprint' datatype : * datatype : 'RAW' parameters : * parameters : '' secdesc : * secdesc: struct security_descriptor revision : SECURITY_DESCRIPTOR_REVISION_1 (1) type : 0x8004 (32772) 0: SEC_DESC_OWNER_DEFAULTED 0: SEC_DESC_GROUP_DEFAULTED 1: SEC_DESC_DACL_PRESENT 0: SEC_DESC_DACL_DEFAULTED 0: SEC_DESC_SACL_PRESENT 0: SEC_DESC_SACL_DEFAULTED 0: SEC_DESC_DACL_TRUSTED 0: SEC_DESC_SERVER_SECURITY 0: SEC_DESC_DACL_AUTO_INHERIT_REQ 0: SEC_DESC_SACL_AUTO_INHERIT_REQ 0: SEC_DESC_DACL_AUTO_INHERITED 0: SEC_DESC_SACL_AUTO_INHERITED 0: SEC_DESC_DACL_PROTECTED 0: SEC_DESC_SACL_PROTECTED 0: SEC_DESC_RM_CONTROL_VALID 1: SEC_DESC_SELF_RELATIVE owner_sid : * owner_sid : S-1-5-32-544 group_sid : * group_sid : S-1-5-32-544 sacl : NULL dacl : * dacl: struct security_acl revision : SECURITY_ACL_REVISION_NT4 (2) size : 0x00c4 (196) num_aces : 0x00000007 (7) aces: ARRAY(7) aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0014 (20) access_mask : 0x20020008 (537001992) object : union security_ace_object_ctr(case 0) trustee : S-1-1-0 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x09 (9) 1: SEC_ACE_FLAG_OBJECT_INHERIT 0: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 1: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0024 (36) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-21-1094127309-486540266-3527182606-512 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0024 (36) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-21-1094127309-486540266-3527182606-512 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x09 (9) 1: SEC_ACE_FLAG_OBJECT_INHERIT 0: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 1: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-544 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-544 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x09 (9) 1: SEC_ACE_FLAG_OBJECT_INHERIT 0: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 1: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-550 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-550 attributes : 0x00001048 (4168) 0: PRINTER_ATTRIBUTE_QUEUED 0: PRINTER_ATTRIBUTE_DIRECT 0: PRINTER_ATTRIBUTE_DEFAULT 1: PRINTER_ATTRIBUTE_SHARED 0: PRINTER_ATTRIBUTE_NETWORK 0: PRINTER_ATTRIBUTE_HIDDEN 1: PRINTER_ATTRIBUTE_LOCAL 0: PRINTER_ATTRIBUTE_ENABLE_DEVQ 0: PRINTER_ATTRIBUTE_KEEPPRINTEDJOBS 0: PRINTER_ATTRIBUTE_DO_COMPLETE_FIRST 0: PRINTER_ATTRIBUTE_WORK_OFFLINE 0: PRINTER_ATTRIBUTE_ENABLE_BIDI 1: PRINTER_ATTRIBUTE_RAW_ONLY 0: PRINTER_ATTRIBUTE_PUBLISHED 0: PRINTER_ATTRIBUTE_FAX 0: PRINTER_ATTRIBUTE_TS priority : 0x00000001 (1) defaultpriority : 0x00000001 (1) starttime : 0x00000000 (0) untiltime : 0x00000000 (0) status : 0x00000000 (0) 0: PRINTER_STATUS_PAUSED 0: PRINTER_STATUS_ERROR 0: PRINTER_STATUS_PENDING_DELETION 0: PRINTER_STATUS_PAPER_JAM 0: PRINTER_STATUS_PAPER_OUT 0: PRINTER_STATUS_MANUAL_FEED 0: PRINTER_STATUS_PAPER_PROBLEM 0: PRINTER_STATUS_OFFLINE 0: PRINTER_STATUS_IO_ACTIVE 0: PRINTER_STATUS_BUSY 0: PRINTER_STATUS_PRINTING 0: PRINTER_STATUS_OUTPUT_BIN_FULL 0: PRINTER_STATUS_NOT_AVAILABLE 0: PRINTER_STATUS_WAITING 0: PRINTER_STATUS_PROCESSING 0: PRINTER_STATUS_INITIALIZING 0: PRINTER_STATUS_WARMING_UP 0: PRINTER_STATUS_TONER_LOW 0: PRINTER_STATUS_NO_TONER 0: PRINTER_STATUS_PAGE_PUNT 0: PRINTER_STATUS_USER_INTERVENTION 0: PRINTER_STATUS_OUT_OF_MEMORY 0: PRINTER_STATUS_DOOR_OPEN 0: PRINTER_STATUS_SERVER_UNKNOWN 0: PRINTER_STATUS_POWER_SAVE cjobs : 0x00000000 (0) averageppm : 0x00000000 (0) needed : * needed : 0x000002f0 (752) result : WERR_OK [2013/11/07 14:25:00.493125, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1417(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2013/11/07 14:25:00.493307, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (2016, 5001) - sec_ctx_stack_ndx = 0 [2013/11/07 14:25:00.493398, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 4140 smbd_smb2_request_pending_queue: req->current_idx = 1 req->in.vector[0].iov_len = 0 req->in.vector[1].iov_len = 0 req->in.vector[2].iov_len = 64 req->in.vector[3].iov_len = 56 req->in.vector[4].iov_len = 4156 req->out.vector[0].iov_len = 4 req->out.vector[1].iov_len = 0 req->out.vector[2].iov_len = 64 req->out.vector[3].iov_len = 8 req->out.vector[4].iov_len = 0 [2013/11/07 14:25:00.493907, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:128(smbd_smb2_ioctl_pipe_write_done) smbd_smb2_ioctl_pipe_write_done: received 4156 [2013/11/07 14:25:00.493993, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:149(smbd_smb2_ioctl_pipe_write_done) smbd_smb2_ioctl_pipe_write_done: issuing np_read_send of size 4136 [2013/11/07 14:25:00.494078, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) name: \spoolss len: 4136 [2013/11/07 14:25:00.494164, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:347(read_from_internal_pipe) read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 4112. [2013/11/07 14:25:00.494263, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x1028 (4136) auth_length : 0x0000 (0) call_id : 0x0000000d (13) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00001010 (4112) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=4112 [0000] 04 00 02 00 00 10 00 00 EE 0F 00 00 C8 0F 00 00 ........ ........ [0010] B4 0F 00 00 8E 0F 00 00 8C 0F 00 00 8A 0F 00 00 ........ ........ [0020] 88 0F 00 00 8C 0E 00 00 86 0F 00 00 74 0F 00 00 ........ ....t... [0030] 6C 0F 00 00 6A 0F 00 00 94 0D 00 00 48 10 00 00 l...j... ....H... [0040] 01 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 01 00 04 80 ........ ........ [0DA0] D8 00 00 00 E8 00 00 00 00 00 00 00 14 00 00 00 ........ ........ [0DB0] 02 00 C4 00 07 00 00 00 00 02 14 00 08 00 02 20 ........ ....... [0DC0] 01 01 00 00 00 00 00 01 00 00 00 00 00 09 24 00 ........ ......$. [0DD0] 0C 00 0F 10 01 05 00 00 00 00 00 05 15 00 00 00 ........ ........ [0DE0] CD 0E 37 41 EA 03 00 1D 0E 89 3C D2 00 02 00 00 ..7A.... ..<..... [0DF0] 00 02 24 00 0C 00 0F 10 01 05 00 00 00 00 00 05 ..$..... ........ [0E00] 15 00 00 00 CD 0E 37 41 EA 03 00 1D 0E 89 3C D2 ......7A ......<. [0E10] 00 02 00 00 00 09 18 00 0C 00 0F 10 01 02 00 00 ........ ........ [0E20] 00 00 00 05 20 00 00 00 20 02 00 00 00 02 18 00 .... ... ....... [0E30] 0C 00 0F 10 01 02 00 00 00 00 00 05 20 00 00 00 ........ .... ... [0E40] 20 02 00 00 00 09 18 00 0C 00 0F 10 01 02 00 00 ....... ........ [0E50] 00 00 00 05 20 00 00 00 26 02 00 00 00 02 18 00 .... ... &....... [0E60] 0C 00 0F 10 01 02 00 00 00 00 00 05 20 00 00 00 ........ .... ... [0E70] 26 02 00 00 01 02 00 00 00 00 00 05 20 00 00 00 &....... .... ... [0E80] 20 02 00 00 01 02 00 00 00 00 00 05 20 00 00 00 ....... .... ... [0E90] 20 02 00 00 5C 00 5C 00 53 00 4C 00 41 00 56 00 ...\.\. S.L.A.V. [0EA0] 45 00 52 00 5C 00 73 00 70 00 72 00 69 00 6E 00 E.R.\.s. p.r.i.n. [0EB0] 74 00 65 00 72 00 31 00 00 00 00 00 00 00 00 00 t.e.r.1. ........ [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0ED0] 00 00 00 00 01 04 00 04 DC 00 00 00 13 47 01 00 ........ .....G.. [0EE0] 01 00 01 00 00 00 00 00 64 00 01 00 0F 00 FC FF ........ d....... [0EF0] 01 00 01 00 00 00 03 00 00 00 4C 00 65 00 74 00 ........ ..L.e.t. [0F00] 74 00 65 00 72 00 00 00 00 00 00 00 00 00 00 00 t.e.r... ........ [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F70] 00 00 00 00 52 00 41 00 57 00 00 00 77 00 69 00 ....R.A. W...w.i. [0F80] 6E 00 70 00 72 00 69 00 6E 00 74 00 00 00 00 00 n.p.r.i. n.t..... [0F90] 00 00 00 00 00 00 53 00 61 00 6D 00 62 00 61 00 ......S. a.m.b.a. [0FA0] 20 00 50 00 72 00 69 00 6E 00 74 00 65 00 72 00 .P.r.i. n.t.e.r. [0FB0] 20 00 50 00 6F 00 72 00 74 00 00 00 73 00 70 00 .P.o.r. t...s.p. [0FC0] 72 00 69 00 6E 00 74 00 65 00 72 00 31 00 00 00 r.i.n.t. e.r.1... [0FD0] 5C 00 5C 00 53 00 4C 00 41 00 56 00 45 00 52 00 \.\.S.L. A.V.E.R. [0FE0] 5C 00 73 00 70 00 72 00 69 00 6E 00 74 00 65 00 \.s.p.r. i.n.t.e. [0FF0] 72 00 31 00 00 00 5C 00 5C 00 53 00 4C 00 41 00 r.1...\. \.S.L.A. [1000] 56 00 45 00 52 00 00 00 F0 02 00 00 00 00 00 00 V.E.R... ........ [2013/11/07 14:25:00.511721, 3, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) free_pipe_context: destroying talloc pool of size 1258 [2013/11/07 14:25:00.511850, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 4136 bytes. There is no more data outstanding [2013/11/07 14:25:00.511933, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:178(smbd_smb2_ioctl_pipe_read_done) smbd_smb2_ioctl_pipe_read_done: np_read_recv nread = 4136 is_data_outstanding = 0, status = NT_STATUS_OK [2013/11/07 14:25:00.512023, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl.c:291(smbd_smb2_request_ioctl_done) smbd_smb2_request_ioctl_done: smbd_smb2_ioctl_recv returned 4136 status NT_STATUS_OK [2013/11/07 14:25:00.512108, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[48] dyn[yes:4136] at ../source3/smbd/smb2_ioctl.c:358 [2013/11/07 14:25:00.512195, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/255/127 [2013/11/07 14:25:00.512829, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) smbd_smb2_request_incoming: idx[1] of 5 vectors [2013/11/07 14:25:00.512975, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) smb2_validate_sequence_number: clearing id 255 (position 255) from bitmap [2013/11/07 14:25:00.513061, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) smbd_smb2_request_dispatch: opcode[SMB2_OP_READ] mid = 255 [2013/11/07 14:25:00.513171, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2013/11/07 14:25:00.513354, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) mid 255, CreditCharge: 1, NeededCharge: 1 [2013/11/07 14:25:00.513439, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_read.c:400(smbd_smb2_read_send) smbd_smb2_read: spoolss - fnum 736039724 [2013/11/07 14:25:00.513534, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) name: \spoolss len: 3112 [2013/11/07 14:25:00.515515, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:326(read_from_internal_pipe) read_from_pipe: \spoolss: current_pdu_len = 4136, current_pdu_sent = 1024 returning 3112 bytes. [2013/11/07 14:25:00.515659, 3, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) free_pipe_context: destroying talloc pool of size 1258 smbd_smb2_request_pending_queue: req->current_idx = 1 req->in.vector[0].iov_len = 0 req->in.vector[1].iov_len = 0 req->in.vector[2].iov_len = 64 req->in.vector[3].iov_len = 48 req->in.vector[4].iov_len = 1 req->out.vector[0].iov_len = 4 req->out.vector[1].iov_len = 0 req->out.vector[2].iov_len = 64 req->out.vector[3].iov_len = 8 req->out.vector[4].iov_len = 0 [2013/11/07 14:25:00.516205, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 3112 bytes. There is more data outstanding [2013/11/07 14:25:00.516324, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[16] dyn[yes:3112] at ../source3/smbd/smb2_read.c:154 [2013/11/07 14:25:00.516461, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/256/127 [2013/11/07 14:25:00.519020, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) smbd_smb2_request_incoming: idx[1] of 5 vectors [2013/11/07 14:25:00.519174, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) smb2_validate_sequence_number: clearing id 256 (position 256) from bitmap [2013/11/07 14:25:00.519302, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) smbd_smb2_request_dispatch: opcode[SMB2_OP_IOCTL] mid = 256 [2013/11/07 14:25:00.519413, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2013/11/07 14:25:00.519508, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) mid 256, CreditCharge: 1, NeededCharge: 1 [2013/11/07 14:25:00.519629, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl.c:394(smbd_smb2_ioctl_send) smbd_smb2_ioctl: ctl_code[0x0011c017] spoolss, fnum 3764318751 [2013/11/07 14:25:00.519843, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:59(smb2_ioctl_named_pipe) smbd_smb2_ioctl_send: np_write_send of size 4156 [2013/11/07 14:25:00.519927, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 4156 [2013/11/07 14:25:00.520011, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 4156 [2013/11/07 14:25:00.520093, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 4156 [2013/11/07 14:25:00.520174, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) fill_rpc_header: data_to_copy = 4156, len_needed_to_complete_hdr = 16, receive_len = 0 [2013/11/07 14:25:00.520289, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 16 [2013/11/07 14:25:00.520369, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 4140 [2013/11/07 14:25:00.520483, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 4140 [2013/11/07 14:25:00.520602, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 0 [2013/11/07 14:25:00.520683, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 4140 [2013/11/07 14:25:00.520763, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 4140, incoming data = 4140 [2013/11/07 14:25:00.520848, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) PDU is in Little Endian format! [2013/11/07 14:25:00.520947, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x103c (4156) auth_length : 0x0000 (0) call_id : 0x0000000e (14) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x00001024 (4132) context_id : 0x0000 (0) opnum : 0x0008 (8) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=4132 [0000] 00 00 00 00 7E 01 00 00 00 00 00 00 7B 52 AA 94 ....~... ....{R.. [0010] 7F 2C 00 00 02 00 00 00 00 00 02 00 00 10 00 00 .,...... ........ [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1020] 00 10 00 00 .... [2013/11/07 14:25:00.571610, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) Processing packet type 0 [2013/11/07 14:25:00.571720, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1472(dcesrv_auth_request) Checking request auth. [2013/11/07 14:25:00.571852, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(2016, 5001) : sec_ctx_stack_ndx = 1 [2013/11/07 14:25:00.571947, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (2016, 5001) - sec_ctx_stack_ndx = 1 [2013/11/07 14:25:00.572031, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (7): SID[ 0]: S-1-5-21-1094127309-486540266-3527182606-1118 SID[ 1]: S-1-5-21-1094127309-486540266-3527182606-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-32-545 SID[ 6]: S-1-5-32-554 Privileges (0x 800000): Privilege[ 0]: SeChangeNotifyPrivilege Rights (0x 400): Right[ 0]: SeRemoteInteractiveLogonRight [2013/11/07 14:25:00.572942, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 2016 Primary group is 5001 and contains 6 supplementary groups Group[ 0]: 5001 Group[ 1]: 5012 Group[ 2]: 5032 Group[ 3]: 5010 Group[ 4]: 5067 Group[ 5]: 5052 [2013/11/07 14:25:00.573694, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1324(api_pipe_request) Requested \spoolss rpc service [2013/11/07 14:25:00.573791, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1356(api_rpcTNP) api_rpcTNP: \spoolss op 0x8 - api_rpcTNP: rpc command: SPOOLSS_GETPRINTER [2013/11/07 14:25:00.573878, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1390(api_rpcTNP) api_rpc_cmds[8].fn == 0xb766e000 [2013/11/07 14:25:00.573972, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) spoolss_GetPrinter: struct spoolss_GetPrinter in: struct spoolss_GetPrinter handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000017e-0000-0000-7b52-aa947f2c0000 level : 0x00000002 (2) buffer : * buffer : DATA_BLOB length=4096 [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ offered : 0x00001000 (4096) [2013/11/07 14:25:00.613577, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[5] [0000] 00 00 00 00 7E 01 00 00 00 00 00 00 7B 52 AA 94 ....~... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:00.613758, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[5] [0000] 00 00 00 00 7E 01 00 00 00 00 00 00 7B 52 AA 94 ....~... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:00.613906, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:489(get_printer_snum) short name:sprinter1 [2013/11/07 14:25:00.614107, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) Create pipe requested \winreg [2013/11/07 14:25:00.614205, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:221(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \winreg [2013/11/07 14:25:00.615367, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg [2013/11/07 14:25:00.615534, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) Created internal pipe \winreg [2013/11/07 14:25:00.615660, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:25:00.616201, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2013/11/07 14:25:00.617493, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(2016, 5001) : sec_ctx_stack_ndx = 2 [2013/11/07 14:25:00.617594, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:485(push_conn_ctx) push_conn_ctx(2620291195) : conn_ctx_stack_ndx = 0 [2013/11/07 14:25:00.617678, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/11/07 14:25:00.617758, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/11/07 14:25:00.617839, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/11/07 14:25:00.618109, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (2016, 5001) - sec_ctx_stack_ndx = 1 [2013/11/07 14:25:00.618193, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:866(regdb_open) regdb_open: registry db opened. refcount reset (1) [2013/11/07 14:25:00.619370, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2013/11/07 14:25:00.619460, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2013/11/07 14:25:00.619545, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:00.619624, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM] [2013/11/07 14:25:00.619772, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2013/11/07 14:25:00.619879, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:25:00.620060, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 D1 01 00 00 00 00 00 00 7B 52 AC 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:00.621370, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001d1-0000-0000-7b52-ac947f2c0000 result : WERR_OK [2013/11/07 14:25:00.621854, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001d1-0000-0000-7b52-ac947f2c0000 keyname: struct winreg_String name_len : 0x008c (140) name_size : 0x008c (140) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:25:00.623943, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 D1 01 00 00 00 00 00 00 7B 52 AC 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:00.624118, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2013/11/07 14:25:00.624203, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (1->2) [2013/11/07 14:25:00.625453, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2013/11/07 14:25:00.625541, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2013/11/07 14:25:00.625633, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:00.625714, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE] [2013/11/07 14:25:00.625852, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2013/11/07 14:25:00.625960, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2013/11/07 14:25:00.626043, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (2->3) [2013/11/07 14:25:00.626127, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:25:00.626206, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:25:00.627392, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:00.627481, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:25:00.627605, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2013/11/07 14:25:00.627709, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2013/11/07 14:25:00.627792, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (3->4) [2013/11/07 14:25:00.627876, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:25:00.627955, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:25:00.628039, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:00.628117, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:25:00.629350, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:25:00.629502, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2013/11/07 14:25:00.629585, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (4->5) [2013/11/07 14:25:00.629671, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:25:00.629750, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:25:00.629837, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:00.629915, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:25:00.630045, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2013/11/07 14:25:00.630127, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (5->6) [2013/11/07 14:25:00.630211, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:25:00.631374, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:25:00.631496, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:00.631576, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:25:00.631703, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2013/11/07 14:25:00.631786, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (6->7) [2013/11/07 14:25:00.631872, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:25:00.631952, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:25:00.632040, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:00.632118, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:25:00.633364, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:25:00.633519, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [sprinter1] [2013/11/07 14:25:00.633605, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (7->8) [2013/11/07 14:25:00.633691, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:00.633772, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:00.633863, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:00.633941, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:00.634074, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:00.634181, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:25:00.634663, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (8->7) [2013/11/07 14:25:00.634774, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (7->6) [2013/11/07 14:25:00.634861, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (6->5) [2013/11/07 14:25:00.634946, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (5->4) [2013/11/07 14:25:00.635030, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (4->3) [2013/11/07 14:25:00.635113, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (3->2) [2013/11/07 14:25:00.635202, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 D2 01 00 00 00 00 00 00 7B 52 AC 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:00.635755, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001d2-0000-0000-7b52-ac947f2c0000 result : WERR_OK [2013/11/07 14:25:00.636158, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey in: struct winreg_QueryInfoKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001d2-0000-0000-7b52-ac947f2c0000 classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL [2013/11/07 14:25:00.637885, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 D2 01 00 00 00 00 00 00 7B 52 AC 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:00.638057, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' (ops 0xb6d86bc0) [2013/11/07 14:25:00.638142, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:00.639343, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[0]: name[Attributes] len[4] [2013/11/07 14:25:00.639457, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[1]: name[Description] len[2] [2013/11/07 14:25:00.639542, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[2]: name[Datatype] len[8] [2013/11/07 14:25:00.639650, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[3]: name[Default Priority] len[4] [2013/11/07 14:25:00.639735, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[4]: name[Port] len[38] [2013/11/07 14:25:00.639819, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[5]: name[Name] len[20] [2013/11/07 14:25:00.640066, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[6]: name[Print Processor] len[18] [2013/11/07 14:25:00.640154, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[7]: name[Priority] len[4] [2013/11/07 14:25:00.641366, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[8]: name[Security] len[248] [2013/11/07 14:25:00.641474, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[9]: name[Share Name] len[20] [2013/11/07 14:25:00.641559, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[10]: name[StartTime] len[4] [2013/11/07 14:25:00.641644, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[11]: name[UntilTime] len[4] [2013/11/07 14:25:00.641729, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[12]: name[ChangeID] len[4] [2013/11/07 14:25:00.641821, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:00.641947, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey out: struct winreg_QueryInfoKey classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL num_subkeys : * num_subkeys : 0x00000003 (3) max_subkeylen : * max_subkeylen : 0x00000022 (34) max_classlen : * max_classlen : 0x00000000 (0) num_values : * num_values : 0x0000000d (13) max_valnamelen : * max_valnamelen : 0x00000022 (34) max_valbufsize : * max_valbufsize : 0x000000f8 (248) secdescsize : * secdescsize : 0x00000078 (120) last_changed_time : * last_changed_time : NTTIME(0) result : WERR_OK [2013/11/07 14:25:00.644074, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001d2-0000-0000-7b52-ac947f2c0000 enum_index : 0x00000000 (0) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:25:00.646123, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 D2 01 00 00 00 00 00 00 7B 52 AC 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:00.647363, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:00.647475, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0016 (22) size : 0x0024 (36) name : * name : 'Attributes' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x48 (72) [1] : 0x10 (16) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:25:00.649535, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001d2-0000-0000-7b52-ac947f2c0000 enum_index : 0x00000001 (1) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:25:00.651481, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 D2 01 00 00 00 00 00 00 7B 52 AC 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:00.651667, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:00.651767, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0018 (24) size : 0x0024 (36) name : * name : 'Description' type : * type : REG_SZ (1) value : * value: ARRAY(2) [0] : 0x00 (0) [1] : 0x00 (0) size : * size : 0x00000002 (2) length : * length : 0x00000002 (2) result : WERR_OK [2013/11/07 14:25:00.653754, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001d2-0000-0000-7b52-ac947f2c0000 enum_index : 0x00000002 (2) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:25:00.655694, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 D2 01 00 00 00 00 00 00 7B 52 AC 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:00.655854, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:00.655953, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Datatype' type : * type : REG_SZ (1) value : * value: ARRAY(8) [0] : 0x52 (82) [1] : 0x00 (0) [2] : 0x41 (65) [3] : 0x00 (0) [4] : 0x57 (87) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) size : * size : 0x00000008 (8) length : * length : 0x00000008 (8) result : WERR_OK [2013/11/07 14:25:00.659279, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001d2-0000-0000-7b52-ac947f2c0000 enum_index : 0x00000003 (3) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:25:00.660175, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 D2 01 00 00 00 00 00 00 7B 52 AC 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:00.661481, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:00.661589, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0022 (34) size : 0x0024 (36) name : * name : 'Default Priority' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:25:00.663599, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001d2-0000-0000-7b52-ac947f2c0000 enum_index : 0x00000004 (4) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:25:00.665734, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 D2 01 00 00 00 00 00 00 7B 52 AC 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:00.665895, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:00.665991, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x000a (10) size : 0x0024 (36) name : * name : 'Port' type : * type : REG_SZ (1) value : * value: ARRAY(38) [0] : 0x53 (83) [1] : 0x00 (0) [2] : 0x61 (97) [3] : 0x00 (0) [4] : 0x6d (109) [5] : 0x00 (0) [6] : 0x62 (98) [7] : 0x00 (0) [8] : 0x61 (97) [9] : 0x00 (0) [10] : 0x20 (32) [11] : 0x00 (0) [12] : 0x50 (80) [13] : 0x00 (0) [14] : 0x72 (114) [15] : 0x00 (0) [16] : 0x69 (105) [17] : 0x00 (0) [18] : 0x6e (110) [19] : 0x00 (0) [20] : 0x74 (116) [21] : 0x00 (0) [22] : 0x65 (101) [23] : 0x00 (0) [24] : 0x72 (114) [25] : 0x00 (0) [26] : 0x20 (32) [27] : 0x00 (0) [28] : 0x50 (80) [29] : 0x00 (0) [30] : 0x6f (111) [31] : 0x00 (0) [32] : 0x72 (114) [33] : 0x00 (0) [34] : 0x74 (116) [35] : 0x00 (0) [36] : 0x00 (0) [37] : 0x00 (0) size : * size : 0x00000026 (38) length : * length : 0x00000026 (38) result : WERR_OK [2013/11/07 14:25:00.671606, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001d2-0000-0000-7b52-ac947f2c0000 enum_index : 0x00000005 (5) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:25:00.673847, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 D2 01 00 00 00 00 00 00 7B 52 AC 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:00.674009, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:00.674114, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x000a (10) size : 0x0024 (36) name : * name : 'Name' type : * type : REG_SZ (1) value : * value: ARRAY(20) [0] : 0x73 (115) [1] : 0x00 (0) [2] : 0x70 (112) [3] : 0x00 (0) [4] : 0x72 (114) [5] : 0x00 (0) [6] : 0x69 (105) [7] : 0x00 (0) [8] : 0x6e (110) [9] : 0x00 (0) [10] : 0x74 (116) [11] : 0x00 (0) [12] : 0x65 (101) [13] : 0x00 (0) [14] : 0x72 (114) [15] : 0x00 (0) [16] : 0x31 (49) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) size : * size : 0x00000014 (20) length : * length : 0x00000014 (20) result : WERR_OK [2013/11/07 14:25:00.677913, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001d2-0000-0000-7b52-ac947f2c0000 enum_index : 0x00000006 (6) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:25:00.679864, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 D2 01 00 00 00 00 00 00 7B 52 AC 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:00.680025, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:00.680124, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0020 (32) size : 0x0024 (36) name : * name : 'Print Processor' type : * type : REG_SZ (1) value : * value: ARRAY(18) [0] : 0x77 (119) [1] : 0x00 (0) [2] : 0x69 (105) [3] : 0x00 (0) [4] : 0x6e (110) [5] : 0x00 (0) [6] : 0x70 (112) [7] : 0x00 (0) [8] : 0x72 (114) [9] : 0x00 (0) [10] : 0x69 (105) [11] : 0x00 (0) [12] : 0x6e (110) [13] : 0x00 (0) [14] : 0x74 (116) [15] : 0x00 (0) [16] : 0x00 (0) [17] : 0x00 (0) size : * size : 0x00000012 (18) length : * length : 0x00000012 (18) result : WERR_OK [2013/11/07 14:25:00.683858, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001d2-0000-0000-7b52-ac947f2c0000 enum_index : 0x00000007 (7) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:25:00.685883, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 D2 01 00 00 00 00 00 00 7B 52 AC 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:00.686044, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:00.686144, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Priority' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:25:00.689376, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001d2-0000-0000-7b52-ac947f2c0000 enum_index : 0x00000008 (8) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:25:00.691377, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 D2 01 00 00 00 00 00 00 7B 52 AC 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:00.691538, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:00.691639, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Security' type : * type : REG_BINARY (3) value : * value: ARRAY(248) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0xc4 (196) [55] : 0x00 (0) [56] : 0x07 (7) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x24 (36) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x05 (5) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x15 (21) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0xcd (205) [101] : 0x0e (14) [102] : 0x37 (55) [103] : 0x41 (65) [104] : 0xea (234) [105] : 0x03 (3) [106] : 0x00 (0) [107] : 0x1d (29) [108] : 0x0e (14) [109] : 0x89 (137) [110] : 0x3c (60) [111] : 0xd2 (210) [112] : 0x00 (0) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x02 (2) [118] : 0x24 (36) [119] : 0x00 (0) [120] : 0x0c (12) [121] : 0x00 (0) [122] : 0x0f (15) [123] : 0x10 (16) [124] : 0x01 (1) [125] : 0x05 (5) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x05 (5) [132] : 0x15 (21) [133] : 0x00 (0) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0xcd (205) [137] : 0x0e (14) [138] : 0x37 (55) [139] : 0x41 (65) [140] : 0xea (234) [141] : 0x03 (3) [142] : 0x00 (0) [143] : 0x1d (29) [144] : 0x0e (14) [145] : 0x89 (137) [146] : 0x3c (60) [147] : 0xd2 (210) [148] : 0x00 (0) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x09 (9) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x20 (32) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x02 (2) [178] : 0x18 (24) [179] : 0x00 (0) [180] : 0x0c (12) [181] : 0x00 (0) [182] : 0x0f (15) [183] : 0x10 (16) [184] : 0x01 (1) [185] : 0x02 (2) [186] : 0x00 (0) [187] : 0x00 (0) [188] : 0x00 (0) [189] : 0x00 (0) [190] : 0x00 (0) [191] : 0x05 (5) [192] : 0x20 (32) [193] : 0x00 (0) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x20 (32) [197] : 0x02 (2) [198] : 0x00 (0) [199] : 0x00 (0) [200] : 0x00 (0) [201] : 0x09 (9) [202] : 0x18 (24) [203] : 0x00 (0) [204] : 0x0c (12) [205] : 0x00 (0) [206] : 0x0f (15) [207] : 0x10 (16) [208] : 0x01 (1) [209] : 0x02 (2) [210] : 0x00 (0) [211] : 0x00 (0) [212] : 0x00 (0) [213] : 0x00 (0) [214] : 0x00 (0) [215] : 0x05 (5) [216] : 0x20 (32) [217] : 0x00 (0) [218] : 0x00 (0) [219] : 0x00 (0) [220] : 0x26 (38) [221] : 0x02 (2) [222] : 0x00 (0) [223] : 0x00 (0) [224] : 0x00 (0) [225] : 0x02 (2) [226] : 0x18 (24) [227] : 0x00 (0) [228] : 0x0c (12) [229] : 0x00 (0) [230] : 0x0f (15) [231] : 0x10 (16) [232] : 0x01 (1) [233] : 0x02 (2) [234] : 0x00 (0) [235] : 0x00 (0) [236] : 0x00 (0) [237] : 0x00 (0) [238] : 0x00 (0) [239] : 0x05 (5) [240] : 0x20 (32) [241] : 0x00 (0) [242] : 0x00 (0) [243] : 0x00 (0) [244] : 0x26 (38) [245] : 0x02 (2) [246] : 0x00 (0) [247] : 0x00 (0) size : * size : 0x000000f8 (248) length : * length : 0x000000f8 (248) result : WERR_OK [2013/11/07 14:25:00.714693, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001d2-0000-0000-7b52-ac947f2c0000 enum_index : 0x00000009 (9) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:25:00.716723, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 D2 01 00 00 00 00 00 00 7B 52 AC 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:00.716887, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:00.716989, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0016 (22) size : 0x0024 (36) name : * name : 'Share Name' type : * type : REG_SZ (1) value : * value: ARRAY(20) [0] : 0x73 (115) [1] : 0x00 (0) [2] : 0x70 (112) [3] : 0x00 (0) [4] : 0x72 (114) [5] : 0x00 (0) [6] : 0x69 (105) [7] : 0x00 (0) [8] : 0x6e (110) [9] : 0x00 (0) [10] : 0x74 (116) [11] : 0x00 (0) [12] : 0x65 (101) [13] : 0x00 (0) [14] : 0x72 (114) [15] : 0x00 (0) [16] : 0x31 (49) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) size : * size : 0x00000014 (20) length : * length : 0x00000014 (20) result : WERR_OK [2013/11/07 14:25:00.720842, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001d2-0000-0000-7b52-ac947f2c0000 enum_index : 0x0000000a (10) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:25:00.722812, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 D2 01 00 00 00 00 00 00 7B 52 AC 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:00.722974, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:00.723074, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0014 (20) size : 0x0024 (36) name : * name : 'StartTime' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:25:00.725118, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001d2-0000-0000-7b52-ac947f2c0000 enum_index : 0x0000000b (11) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:25:00.727103, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 D2 01 00 00 00 00 00 00 7B 52 AC 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:00.728355, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:00.728509, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0014 (20) size : 0x0024 (36) name : * name : 'UntilTime' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:25:00.729820, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001d2-0000-0000-7b52-ac947f2c0000 enum_index : 0x0000000c (12) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:25:00.731772, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 D2 01 00 00 00 00 00 00 7B 52 AC 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:00.731931, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:00.732057, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'ChangeID' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x33 (51) [1] : 0xac (172) [2] : 0x0e (14) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:25:00.734189, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001d2-0000-0000-7b52-ac947f2c0000 value_name : * value_name: struct winreg_String name_len : 0x0020 (32) name_size : 0x0020 (32) name : * name : 'Default DevMode' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2013/11/07 14:25:00.736052, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 D2 01 00 00 00 00 00 00 7B 52 AC 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:00.737322, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:00.737449, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2013/11/07 14:25:00.737546, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:316(_winreg_QueryValue) _winreg_QueryValue: reg_queryvalue failed with: WERR_BADFILE [2013/11/07 14:25:00.737629, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) result : WERR_BADFILE [2013/11/07 14:25:00.739267, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:25:00.739841, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2013/11/07 14:25:00.739926, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (2->3) [2013/11/07 14:25:00.740011, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2013/11/07 14:25:00.740091, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2013/11/07 14:25:00.741517, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:00.741605, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM] [2013/11/07 14:25:00.741739, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2013/11/07 14:25:00.741845, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:25:00.741934, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[3] [0000] 00 00 00 00 D3 01 00 00 00 00 00 00 7B 52 AC 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:00.742089, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001d3-0000-0000-7b52-ac947f2c0000 result : WERR_OK [2013/11/07 14:25:00.743555, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001d3-0000-0000-7b52-ac947f2c0000 keyname: struct winreg_String name_len : 0x008c (140) name_size : 0x008c (140) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:25:00.745742, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 D3 01 00 00 00 00 00 00 7B 52 AC 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:00.745911, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2013/11/07 14:25:00.745996, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (3->4) [2013/11/07 14:25:00.746081, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2013/11/07 14:25:00.746161, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2013/11/07 14:25:00.747312, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:00.747407, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE] [2013/11/07 14:25:00.747545, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2013/11/07 14:25:00.747653, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2013/11/07 14:25:00.747737, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (4->5) [2013/11/07 14:25:00.747821, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:25:00.747901, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:25:00.747986, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:00.748064, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:25:00.748171, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2013/11/07 14:25:00.749444, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2013/11/07 14:25:00.749538, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (5->6) [2013/11/07 14:25:00.749624, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:25:00.749731, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:25:00.749819, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:00.749898, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:25:00.750004, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:25:00.750107, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2013/11/07 14:25:00.750189, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (6->7) [2013/11/07 14:25:00.751350, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:25:00.751439, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:25:00.751527, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:00.751607, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:25:00.751751, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2013/11/07 14:25:00.751836, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (7->8) [2013/11/07 14:25:00.751920, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:25:00.752001, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:25:00.752089, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:00.752168, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:25:00.753471, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2013/11/07 14:25:00.753565, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (8->9) [2013/11/07 14:25:00.753650, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:25:00.753754, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:25:00.753847, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:00.753926, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:25:00.754031, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:25:00.754135, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [sprinter1] [2013/11/07 14:25:00.755265, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (9->10) [2013/11/07 14:25:00.755386, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:00.755468, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:00.755558, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:00.755637, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:00.755764, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:00.755869, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:25:00.755956, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (10->9) [2013/11/07 14:25:00.756040, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (9->8) [2013/11/07 14:25:00.756126, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (8->7) [2013/11/07 14:25:00.756209, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (7->6) [2013/11/07 14:25:00.757438, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (6->5) [2013/11/07 14:25:00.757530, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (5->4) [2013/11/07 14:25:00.757620, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[4] [0000] 00 00 00 00 D4 01 00 00 00 00 00 00 7B 52 AC 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:00.757797, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001d4-0000-0000-7b52-ac947f2c0000 result : WERR_OK [2013/11/07 14:25:00.758214, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001d4-0000-0000-7b52-ac947f2c0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2013/11/07 14:25:00.760088, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 D4 01 00 00 00 00 00 00 7B 52 AC 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:00.761389, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:00.761491, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2013/11/07 14:25:00.761578, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' (ops 0xb6d86bc0) [2013/11/07 14:25:00.761664, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:00.761798, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[0]: name[Attributes] len[4] [2013/11/07 14:25:00.761885, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[1]: name[Description] len[2] [2013/11/07 14:25:00.761970, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[2]: name[Datatype] len[8] [2013/11/07 14:25:00.762054, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[3]: name[Default Priority] len[4] [2013/11/07 14:25:00.763387, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[4]: name[Port] len[38] [2013/11/07 14:25:00.763491, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[5]: name[Name] len[20] [2013/11/07 14:25:00.763576, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[6]: name[Print Processor] len[18] [2013/11/07 14:25:00.763661, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[7]: name[Priority] len[4] [2013/11/07 14:25:00.763747, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[8]: name[Security] len[248] [2013/11/07 14:25:00.763831, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[9]: name[Share Name] len[20] [2013/11/07 14:25:00.763916, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[10]: name[StartTime] len[4] [2013/11/07 14:25:00.764002, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[11]: name[UntilTime] len[4] [2013/11/07 14:25:00.764086, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[12]: name[ChangeID] len[4] [2013/11/07 14:25:00.764177, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : NULL data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x00000000 (0) result : WERR_OK [2013/11/07 14:25:00.765874, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001d4-0000-0000-7b52-ac947f2c0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_BINARY (3) data : * data: ARRAY(0) data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x00000000 (0) [2013/11/07 14:25:00.767786, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 D4 01 00 00 00 00 00 00 7B 52 AC 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:00.767979, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:00.768063, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2013/11/07 14:25:00.768162, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : * data: ARRAY(248) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0xc4 (196) [55] : 0x00 (0) [56] : 0x07 (7) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x24 (36) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x05 (5) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x15 (21) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0xcd (205) [101] : 0x0e (14) [102] : 0x37 (55) [103] : 0x41 (65) [104] : 0xea (234) [105] : 0x03 (3) [106] : 0x00 (0) [107] : 0x1d (29) [108] : 0x0e (14) [109] : 0x89 (137) [110] : 0x3c (60) [111] : 0xd2 (210) [112] : 0x00 (0) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x02 (2) [118] : 0x24 (36) [119] : 0x00 (0) [120] : 0x0c (12) [121] : 0x00 (0) [122] : 0x0f (15) [123] : 0x10 (16) [124] : 0x01 (1) [125] : 0x05 (5) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x05 (5) [132] : 0x15 (21) [133] : 0x00 (0) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0xcd (205) [137] : 0x0e (14) [138] : 0x37 (55) [139] : 0x41 (65) [140] : 0xea (234) [141] : 0x03 (3) [142] : 0x00 (0) [143] : 0x1d (29) [144] : 0x0e (14) [145] : 0x89 (137) [146] : 0x3c (60) [147] : 0xd2 (210) [148] : 0x00 (0) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x09 (9) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x20 (32) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x02 (2) [178] : 0x18 (24) [179] : 0x00 (0) [180] : 0x0c (12) [181] : 0x00 (0) [182] : 0x0f (15) [183] : 0x10 (16) [184] : 0x01 (1) [185] : 0x02 (2) [186] : 0x00 (0) [187] : 0x00 (0) [188] : 0x00 (0) [189] : 0x00 (0) [190] : 0x00 (0) [191] : 0x05 (5) [192] : 0x20 (32) [193] : 0x00 (0) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x20 (32) [197] : 0x02 (2) [198] : 0x00 (0) [199] : 0x00 (0) [200] : 0x00 (0) [201] : 0x09 (9) [202] : 0x18 (24) [203] : 0x00 (0) [204] : 0x0c (12) [205] : 0x00 (0) [206] : 0x0f (15) [207] : 0x10 (16) [208] : 0x01 (1) [209] : 0x02 (2) [210] : 0x00 (0) [211] : 0x00 (0) [212] : 0x00 (0) [213] : 0x00 (0) [214] : 0x00 (0) [215] : 0x05 (5) [216] : 0x20 (32) [217] : 0x00 (0) [218] : 0x00 (0) [219] : 0x00 (0) [220] : 0x26 (38) [221] : 0x02 (2) [222] : 0x00 (0) [223] : 0x00 (0) [224] : 0x00 (0) [225] : 0x02 (2) [226] : 0x18 (24) [227] : 0x00 (0) [228] : 0x0c (12) [229] : 0x00 (0) [230] : 0x0f (15) [231] : 0x10 (16) [232] : 0x01 (1) [233] : 0x02 (2) [234] : 0x00 (0) [235] : 0x00 (0) [236] : 0x00 (0) [237] : 0x00 (0) [238] : 0x00 (0) [239] : 0x05 (5) [240] : 0x20 (32) [241] : 0x00 (0) [242] : 0x00 (0) [243] : 0x00 (0) [244] : 0x26 (38) [245] : 0x02 (2) [246] : 0x00 (0) [247] : 0x00 (0) data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x000000f8 (248) result : WERR_OK [2013/11/07 14:25:00.792030, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001d4-0000-0000-7b52-ac947f2c0000 [2013/11/07 14:25:00.793504, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 D4 01 00 00 00 00 00 00 7B 52 AC 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:00.793697, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 D4 01 00 00 00 00 00 00 7B 52 AC 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:00.793847, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:25:00.793943, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (4->3) [2013/11/07 14:25:00.794028, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:25:00.795474, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001d3-0000-0000-7b52-ac947f2c0000 [2013/11/07 14:25:00.795766, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 D3 01 00 00 00 00 00 00 7B 52 AC 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:00.795916, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 D3 01 00 00 00 00 00 00 7B 52 AC 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:00.796063, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:25:00.796148, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (3->2) [2013/11/07 14:25:00.797365, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:25:00.797755, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001d2-0000-0000-7b52-ac947f2c0000 [2013/11/07 14:25:00.798038, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 D2 01 00 00 00 00 00 00 7B 52 AC 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:00.798191, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 D2 01 00 00 00 00 00 00 7B 52 AC 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:00.799443, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:25:00.799545, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (2->1) [2013/11/07 14:25:00.799632, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:25:00.799984, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001d1-0000-0000-7b52-ac947f2c0000 [2013/11/07 14:25:00.801435, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 D1 01 00 00 00 00 00 00 7B 52 AC 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:00.801597, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 D1 01 00 00 00 00 00 00 7B 52 AC 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:00.801746, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:25:00.801829, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (1->0) [2013/11/07 14:25:00.801937, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:25:00.803388, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:416(close_policy_by_pipe) Deleted handle list for RPC connection \winreg [2013/11/07 14:25:00.803650, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) spoolss_GetPrinter: struct spoolss_GetPrinter out: struct spoolss_GetPrinter info : * info : union spoolss_PrinterInfo(case 2) info2: struct spoolss_PrinterInfo2 servername : * servername : '\\SLAVER' printername : * printername : '\\SLAVER\sprinter1' sharename : * sharename : 'sprinter1' portname : * portname : 'Samba Printer Port' drivername : * drivername : '' comment : * comment : '' location : * location : '' devmode : * devmode: struct spoolss_DeviceMode devicename : '\\SLAVER\sprinter1' specversion : DMSPEC_NT4_AND_ABOVE (1025) driverversion : 0x0400 (1024) size : 0x00dc (220) __driverextra_length : 0x0000 (0) fields : 0x00014713 (83731) 1: DEVMODE_ORIENTATION 1: DEVMODE_PAPERSIZE 0: DEVMODE_PAPERLENGTH 0: DEVMODE_PAPERWIDTH 1: DEVMODE_SCALE 0: DEVMODE_POSITION 0: DEVMODE_NUP 1: DEVMODE_COPIES 1: DEVMODE_DEFAULTSOURCE 1: DEVMODE_PRINTQUALITY 0: DEVMODE_COLOR 0: DEVMODE_DUPLEX 0: DEVMODE_YRESOLUTION 1: DEVMODE_TTOPTION 0: DEVMODE_COLLATE 1: DEVMODE_FORMNAME 0: DEVMODE_LOGPIXELS 0: DEVMODE_BITSPERPEL 0: DEVMODE_PELSWIDTH 0: DEVMODE_PELSHEIGHT 0: DEVMODE_DISPLAYFLAGS 0: DEVMODE_DISPLAYFREQUENCY 0: DEVMODE_ICMMETHOD 0: DEVMODE_ICMINTENT 0: DEVMODE_MEDIATYPE 0: DEVMODE_DITHERTYPE 0: DEVMODE_PANNINGWIDTH 0: DEVMODE_PANNINGHEIGHT orientation : DMORIENT_PORTRAIT (1) papersize : DMPAPER_LETTER (1) paperlength : 0x0000 (0) paperwidth : 0x0000 (0) scale : 0x0064 (100) copies : 0x0001 (1) defaultsource : DMBIN_FORMSOURCE (15) printquality : DMRES_HIGH (65532) color : DMRES_MONOCHROME (1) duplex : DMDUP_SIMPLEX (1) yresolution : 0x0000 (0) ttoption : DMTT_SUBDEV (3) collate : DMCOLLATE_FALSE (0) formname : 'Letter' logpixels : 0x0000 (0) bitsperpel : 0x00000000 (0) pelswidth : 0x00000000 (0) pelsheight : 0x00000000 (0) displayflags : UNKNOWN_ENUM_VALUE (0) displayfrequency : 0x00000000 (0) icmmethod : UNKNOWN_ENUM_VALUE (0) icmintent : UNKNOWN_ENUM_VALUE (0) mediatype : UNKNOWN_ENUM_VALUE (0) dithertype : UNKNOWN_ENUM_VALUE (0) reserved1 : 0x00000000 (0) reserved2 : 0x00000000 (0) panningwidth : 0x00000000 (0) panningheight : 0x00000000 (0) driverextra_data : DATA_BLOB length=0 sepfile : * sepfile : '' printprocessor : * printprocessor : 'winprint' datatype : * datatype : 'RAW' parameters : * parameters : '' secdesc : * secdesc: struct security_descriptor revision : SECURITY_DESCRIPTOR_REVISION_1 (1) type : 0x8004 (32772) 0: SEC_DESC_OWNER_DEFAULTED 0: SEC_DESC_GROUP_DEFAULTED 1: SEC_DESC_DACL_PRESENT 0: SEC_DESC_DACL_DEFAULTED 0: SEC_DESC_SACL_PRESENT 0: SEC_DESC_SACL_DEFAULTED 0: SEC_DESC_DACL_TRUSTED 0: SEC_DESC_SERVER_SECURITY 0: SEC_DESC_DACL_AUTO_INHERIT_REQ 0: SEC_DESC_SACL_AUTO_INHERIT_REQ 0: SEC_DESC_DACL_AUTO_INHERITED 0: SEC_DESC_SACL_AUTO_INHERITED 0: SEC_DESC_DACL_PROTECTED 0: SEC_DESC_SACL_PROTECTED 0: SEC_DESC_RM_CONTROL_VALID 1: SEC_DESC_SELF_RELATIVE owner_sid : * owner_sid : S-1-5-32-544 group_sid : * group_sid : S-1-5-32-544 sacl : NULL dacl : * dacl: struct security_acl revision : SECURITY_ACL_REVISION_NT4 (2) size : 0x00c4 (196) num_aces : 0x00000007 (7) aces: ARRAY(7) aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0014 (20) access_mask : 0x20020008 (537001992) object : union security_ace_object_ctr(case 0) trustee : S-1-1-0 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x09 (9) 1: SEC_ACE_FLAG_OBJECT_INHERIT 0: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 1: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0024 (36) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-21-1094127309-486540266-3527182606-512 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0024 (36) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-21-1094127309-486540266-3527182606-512 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x09 (9) 1: SEC_ACE_FLAG_OBJECT_INHERIT 0: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 1: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-544 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-544 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x09 (9) 1: SEC_ACE_FLAG_OBJECT_INHERIT 0: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 1: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-550 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-550 attributes : 0x00001048 (4168) 0: PRINTER_ATTRIBUTE_QUEUED 0: PRINTER_ATTRIBUTE_DIRECT 0: PRINTER_ATTRIBUTE_DEFAULT 1: PRINTER_ATTRIBUTE_SHARED 0: PRINTER_ATTRIBUTE_NETWORK 0: PRINTER_ATTRIBUTE_HIDDEN 1: PRINTER_ATTRIBUTE_LOCAL 0: PRINTER_ATTRIBUTE_ENABLE_DEVQ 0: PRINTER_ATTRIBUTE_KEEPPRINTEDJOBS 0: PRINTER_ATTRIBUTE_DO_COMPLETE_FIRST 0: PRINTER_ATTRIBUTE_WORK_OFFLINE 0: PRINTER_ATTRIBUTE_ENABLE_BIDI 1: PRINTER_ATTRIBUTE_RAW_ONLY 0: PRINTER_ATTRIBUTE_PUBLISHED 0: PRINTER_ATTRIBUTE_FAX 0: PRINTER_ATTRIBUTE_TS priority : 0x00000001 (1) defaultpriority : 0x00000001 (1) starttime : 0x00000000 (0) untiltime : 0x00000000 (0) status : 0x00000000 (0) 0: PRINTER_STATUS_PAUSED 0: PRINTER_STATUS_ERROR 0: PRINTER_STATUS_PENDING_DELETION 0: PRINTER_STATUS_PAPER_JAM 0: PRINTER_STATUS_PAPER_OUT 0: PRINTER_STATUS_MANUAL_FEED 0: PRINTER_STATUS_PAPER_PROBLEM 0: PRINTER_STATUS_OFFLINE 0: PRINTER_STATUS_IO_ACTIVE 0: PRINTER_STATUS_BUSY 0: PRINTER_STATUS_PRINTING 0: PRINTER_STATUS_OUTPUT_BIN_FULL 0: PRINTER_STATUS_NOT_AVAILABLE 0: PRINTER_STATUS_WAITING 0: PRINTER_STATUS_PROCESSING 0: PRINTER_STATUS_INITIALIZING 0: PRINTER_STATUS_WARMING_UP 0: PRINTER_STATUS_TONER_LOW 0: PRINTER_STATUS_NO_TONER 0: PRINTER_STATUS_PAGE_PUNT 0: PRINTER_STATUS_USER_INTERVENTION 0: PRINTER_STATUS_OUT_OF_MEMORY 0: PRINTER_STATUS_DOOR_OPEN 0: PRINTER_STATUS_SERVER_UNKNOWN 0: PRINTER_STATUS_POWER_SAVE cjobs : 0x00000000 (0) averageppm : 0x00000000 (0) needed : * needed : 0x000002f0 (752) result : WERR_OK [2013/11/07 14:25:00.828892, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1417(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2013/11/07 14:25:00.829046, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (2016, 5001) - sec_ctx_stack_ndx = 0 [2013/11/07 14:25:00.829136, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 4140 smbd_smb2_request_pending_queue: req->current_idx = 1 req->in.vector[0].iov_len = 0 req->in.vector[1].iov_len = 0 req->in.vector[2].iov_len = 64 req->in.vector[3].iov_len = 56 req->in.vector[4].iov_len = 4156 req->out.vector[0].iov_len = 4 req->out.vector[1].iov_len = 0 req->out.vector[2].iov_len = 64 req->out.vector[3].iov_len = 8 req->out.vector[4].iov_len = 0 [2013/11/07 14:25:00.830755, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:128(smbd_smb2_ioctl_pipe_write_done) smbd_smb2_ioctl_pipe_write_done: received 4156 [2013/11/07 14:25:00.830850, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:149(smbd_smb2_ioctl_pipe_write_done) smbd_smb2_ioctl_pipe_write_done: issuing np_read_send of size 4136 [2013/11/07 14:25:00.830937, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) name: \spoolss len: 4136 [2013/11/07 14:25:00.831025, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:347(read_from_internal_pipe) read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 4112. [2013/11/07 14:25:00.831129, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x1028 (4136) auth_length : 0x0000 (0) call_id : 0x0000000e (14) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00001010 (4112) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=4112 [0000] 04 00 02 00 00 10 00 00 EE 0F 00 00 C8 0F 00 00 ........ ........ [0010] B4 0F 00 00 8E 0F 00 00 8C 0F 00 00 8A 0F 00 00 ........ ........ [0020] 88 0F 00 00 8C 0E 00 00 86 0F 00 00 74 0F 00 00 ........ ....t... [0030] 6C 0F 00 00 6A 0F 00 00 94 0D 00 00 48 10 00 00 l...j... ....H... [0040] 01 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 01 00 04 80 ........ ........ [0DA0] D8 00 00 00 E8 00 00 00 00 00 00 00 14 00 00 00 ........ ........ [0DB0] 02 00 C4 00 07 00 00 00 00 02 14 00 08 00 02 20 ........ ....... [0DC0] 01 01 00 00 00 00 00 01 00 00 00 00 00 09 24 00 ........ ......$. [0DD0] 0C 00 0F 10 01 05 00 00 00 00 00 05 15 00 00 00 ........ ........ [0DE0] CD 0E 37 41 EA 03 00 1D 0E 89 3C D2 00 02 00 00 ..7A.... ..<..... [0DF0] 00 02 24 00 0C 00 0F 10 01 05 00 00 00 00 00 05 ..$..... ........ [0E00] 15 00 00 00 CD 0E 37 41 EA 03 00 1D 0E 89 3C D2 ......7A ......<. [0E10] 00 02 00 00 00 09 18 00 0C 00 0F 10 01 02 00 00 ........ ........ [0E20] 00 00 00 05 20 00 00 00 20 02 00 00 00 02 18 00 .... ... ....... [0E30] 0C 00 0F 10 01 02 00 00 00 00 00 05 20 00 00 00 ........ .... ... [0E40] 20 02 00 00 00 09 18 00 0C 00 0F 10 01 02 00 00 ....... ........ [0E50] 00 00 00 05 20 00 00 00 26 02 00 00 00 02 18 00 .... ... &....... [0E60] 0C 00 0F 10 01 02 00 00 00 00 00 05 20 00 00 00 ........ .... ... [0E70] 26 02 00 00 01 02 00 00 00 00 00 05 20 00 00 00 &....... .... ... [0E80] 20 02 00 00 01 02 00 00 00 00 00 05 20 00 00 00 ....... .... ... [0E90] 20 02 00 00 5C 00 5C 00 53 00 4C 00 41 00 56 00 ...\.\. S.L.A.V. [0EA0] 45 00 52 00 5C 00 73 00 70 00 72 00 69 00 6E 00 E.R.\.s. p.r.i.n. [0EB0] 74 00 65 00 72 00 31 00 00 00 00 00 00 00 00 00 t.e.r.1. ........ [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0ED0] 00 00 00 00 01 04 00 04 DC 00 00 00 13 47 01 00 ........ .....G.. [0EE0] 01 00 01 00 00 00 00 00 64 00 01 00 0F 00 FC FF ........ d....... [0EF0] 01 00 01 00 00 00 03 00 00 00 4C 00 65 00 74 00 ........ ..L.e.t. [0F00] 74 00 65 00 72 00 00 00 00 00 00 00 00 00 00 00 t.e.r... ........ [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F70] 00 00 00 00 52 00 41 00 57 00 00 00 77 00 69 00 ....R.A. W...w.i. [0F80] 6E 00 70 00 72 00 69 00 6E 00 74 00 00 00 00 00 n.p.r.i. n.t..... [0F90] 00 00 00 00 00 00 53 00 61 00 6D 00 62 00 61 00 ......S. a.m.b.a. [0FA0] 20 00 50 00 72 00 69 00 6E 00 74 00 65 00 72 00 .P.r.i. n.t.e.r. [0FB0] 20 00 50 00 6F 00 72 00 74 00 00 00 73 00 70 00 .P.o.r. t...s.p. [0FC0] 72 00 69 00 6E 00 74 00 65 00 72 00 31 00 00 00 r.i.n.t. e.r.1... [0FD0] 5C 00 5C 00 53 00 4C 00 41 00 56 00 45 00 52 00 \.\.S.L. A.V.E.R. [0FE0] 5C 00 73 00 70 00 72 00 69 00 6E 00 74 00 65 00 \.s.p.r. i.n.t.e. [0FF0] 72 00 31 00 00 00 5C 00 5C 00 53 00 4C 00 41 00 r.1...\. \.S.L.A. [1000] 56 00 45 00 52 00 00 00 F0 02 00 00 00 00 00 00 V.E.R... ........ [2013/11/07 14:25:00.871926, 3, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) free_pipe_context: destroying talloc pool of size 1258 [2013/11/07 14:25:00.872152, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 4136 bytes. There is no more data outstanding [2013/11/07 14:25:00.872262, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:178(smbd_smb2_ioctl_pipe_read_done) smbd_smb2_ioctl_pipe_read_done: np_read_recv nread = 4136 is_data_outstanding = 0, status = NT_STATUS_OK [2013/11/07 14:25:00.872418, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl.c:291(smbd_smb2_request_ioctl_done) smbd_smb2_request_ioctl_done: smbd_smb2_ioctl_recv returned 4136 status NT_STATUS_OK [2013/11/07 14:25:00.872537, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[48] dyn[yes:4136] at ../source3/smbd/smb2_ioctl.c:358 [2013/11/07 14:25:00.872665, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/257/127 [2013/11/07 14:25:00.873002, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) smbd_smb2_request_incoming: idx[1] of 5 vectors [2013/11/07 14:25:00.873158, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) smb2_validate_sequence_number: clearing id 257 (position 257) from bitmap [2013/11/07 14:25:00.873344, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) smbd_smb2_request_dispatch: opcode[SMB2_OP_IOCTL] mid = 257 [2013/11/07 14:25:00.873462, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2013/11/07 14:25:00.873888, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) mid 257, CreditCharge: 1, NeededCharge: 1 [2013/11/07 14:25:00.873977, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl.c:394(smbd_smb2_ioctl_send) smbd_smb2_ioctl: ctl_code[0x0011c017] spoolss, fnum 736039724 [2013/11/07 14:25:00.874074, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:59(smb2_ioctl_named_pipe) smbd_smb2_ioctl_send: np_write_send of size 4156 [2013/11/07 14:25:00.874156, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 4156 [2013/11/07 14:25:00.874238, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 4156 [2013/11/07 14:25:00.874319, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 4156 [2013/11/07 14:25:00.874400, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) fill_rpc_header: data_to_copy = 4156, len_needed_to_complete_hdr = 16, receive_len = 0 [2013/11/07 14:25:00.874483, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 16 [2013/11/07 14:25:00.874562, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 4140 [2013/11/07 14:25:00.874641, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 4140 [2013/11/07 14:25:00.874728, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 0 [2013/11/07 14:25:00.874807, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 4140 [2013/11/07 14:25:00.874886, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 4140, incoming data = 4140 [2013/11/07 14:25:00.874972, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) PDU is in Little Endian format! [2013/11/07 14:25:00.875072, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x103c (4156) auth_length : 0x0000 (0) call_id : 0x00000004 (4) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x00001024 (4132) context_id : 0x0000 (0) opnum : 0x0008 (8) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=4132 [0000] 00 00 00 00 AF 01 00 00 00 00 00 00 7B 52 AB 94 ........ ....{R.. [0010] 7F 2C 00 00 02 00 00 00 00 00 02 00 00 10 00 00 .,...... ........ [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1020] 00 10 00 00 .... [2013/11/07 14:25:00.897089, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) Processing packet type 0 [2013/11/07 14:25:00.897190, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1472(dcesrv_auth_request) Checking request auth. [2013/11/07 14:25:00.897332, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(2016, 5001) : sec_ctx_stack_ndx = 1 [2013/11/07 14:25:00.897429, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (2016, 5001) - sec_ctx_stack_ndx = 1 [2013/11/07 14:25:00.897514, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (7): SID[ 0]: S-1-5-21-1094127309-486540266-3527182606-1118 SID[ 1]: S-1-5-21-1094127309-486540266-3527182606-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-32-545 SID[ 6]: S-1-5-32-554 Privileges (0x 800000): Privilege[ 0]: SeChangeNotifyPrivilege Rights (0x 400): Right[ 0]: SeRemoteInteractiveLogonRight [2013/11/07 14:25:00.898013, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 2016 Primary group is 5001 and contains 6 supplementary groups Group[ 0]: 5001 Group[ 1]: 5012 Group[ 2]: 5032 Group[ 3]: 5010 Group[ 4]: 5067 Group[ 5]: 5052 [2013/11/07 14:25:00.898364, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1324(api_pipe_request) Requested \spoolss rpc service [2013/11/07 14:25:00.898462, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1356(api_rpcTNP) api_rpcTNP: \spoolss op 0x8 - api_rpcTNP: rpc command: SPOOLSS_GETPRINTER [2013/11/07 14:25:00.898548, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1390(api_rpcTNP) api_rpc_cmds[8].fn == 0xb766e000 [2013/11/07 14:25:00.898640, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) spoolss_GetPrinter: struct spoolss_GetPrinter in: struct spoolss_GetPrinter handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001af-0000-0000-7b52-ab947f2c0000 level : 0x00000002 (2) buffer : * buffer : DATA_BLOB length=4096 [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ offered : 0x00001000 (4096) [2013/11/07 14:25:00.919453, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[1] [0000] 00 00 00 00 AF 01 00 00 00 00 00 00 7B 52 AB 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:00.919625, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[1] [0000] 00 00 00 00 AF 01 00 00 00 00 00 00 7B 52 AB 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:00.919775, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:489(get_printer_snum) short name:sprinter1 [2013/11/07 14:25:00.919979, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) Create pipe requested \winreg [2013/11/07 14:25:00.920095, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:221(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \winreg [2013/11/07 14:25:00.920222, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg [2013/11/07 14:25:00.920374, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) Created internal pipe \winreg [2013/11/07 14:25:00.920568, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:25:00.921157, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2013/11/07 14:25:00.921245, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(2016, 5001) : sec_ctx_stack_ndx = 2 [2013/11/07 14:25:00.921384, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:485(push_conn_ctx) push_conn_ctx(2620291195) : conn_ctx_stack_ndx = 0 [2013/11/07 14:25:00.921467, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/11/07 14:25:00.921547, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/11/07 14:25:00.921628, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/11/07 14:25:00.921899, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (2016, 5001) - sec_ctx_stack_ndx = 1 [2013/11/07 14:25:00.921985, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:866(regdb_open) regdb_open: registry db opened. refcount reset (1) [2013/11/07 14:25:00.922135, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2013/11/07 14:25:00.922284, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2013/11/07 14:25:00.922371, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:00.922451, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM] [2013/11/07 14:25:00.922594, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2013/11/07 14:25:00.922701, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:25:00.922810, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 D5 01 00 00 00 00 00 00 7B 52 AC 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:00.923015, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001d5-0000-0000-7b52-ac947f2c0000 result : WERR_OK [2013/11/07 14:25:00.923403, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001d5-0000-0000-7b52-ac947f2c0000 keyname: struct winreg_String name_len : 0x008c (140) name_size : 0x008c (140) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:25:00.924563, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 D5 01 00 00 00 00 00 00 7B 52 AC 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:00.925185, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2013/11/07 14:25:00.925314, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (1->2) [2013/11/07 14:25:00.925402, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2013/11/07 14:25:00.925508, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2013/11/07 14:25:00.925716, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:00.925798, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE] [2013/11/07 14:25:00.925928, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2013/11/07 14:25:00.926034, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2013/11/07 14:25:00.926135, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (2->3) [2013/11/07 14:25:00.926220, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:25:00.926300, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:25:00.926384, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:00.926462, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:25:00.926579, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2013/11/07 14:25:00.926788, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2013/11/07 14:25:00.926874, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (3->4) [2013/11/07 14:25:00.926959, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:25:00.927038, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:25:00.927123, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:00.927202, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:25:00.927340, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:25:00.927477, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2013/11/07 14:25:00.927560, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (4->5) [2013/11/07 14:25:00.927644, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:25:00.927724, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:25:00.927856, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:00.927973, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:25:00.928105, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2013/11/07 14:25:00.928204, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (5->6) [2013/11/07 14:25:00.928318, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:25:00.928450, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:25:00.928545, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:00.928624, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:25:00.928764, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2013/11/07 14:25:00.928848, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (6->7) [2013/11/07 14:25:00.928933, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:25:00.929014, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:25:00.929129, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:00.929209, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:25:00.929336, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:25:00.929440, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [sprinter1] [2013/11/07 14:25:00.929523, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (7->8) [2013/11/07 14:25:00.929635, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:00.929716, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:00.929804, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:00.929883, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:00.930075, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:00.930183, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:25:00.930269, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (8->7) [2013/11/07 14:25:00.930379, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (7->6) [2013/11/07 14:25:00.930464, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (6->5) [2013/11/07 14:25:00.930555, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (5->4) [2013/11/07 14:25:00.930683, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (4->3) [2013/11/07 14:25:00.930798, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (3->2) [2013/11/07 14:25:00.930888, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 D6 01 00 00 00 00 00 00 7B 52 AC 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:00.931041, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001d6-0000-0000-7b52-ac947f2c0000 result : WERR_OK [2013/11/07 14:25:00.931806, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey in: struct winreg_QueryInfoKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001d6-0000-0000-7b52-ac947f2c0000 classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL [2013/11/07 14:25:00.932380, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 D6 01 00 00 00 00 00 00 7B 52 AC 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:00.932711, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' (ops 0xb6d86bc0) [2013/11/07 14:25:00.932798, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:00.932949, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[0]: name[Attributes] len[4] [2013/11/07 14:25:00.933073, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[1]: name[Description] len[2] [2013/11/07 14:25:00.933158, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[2]: name[Datatype] len[8] [2013/11/07 14:25:00.933242, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[3]: name[Default Priority] len[4] [2013/11/07 14:25:00.933407, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[4]: name[Port] len[38] [2013/11/07 14:25:00.933531, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[5]: name[Name] len[20] [2013/11/07 14:25:00.933625, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[6]: name[Print Processor] len[18] [2013/11/07 14:25:00.933710, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[7]: name[Priority] len[4] [2013/11/07 14:25:00.933795, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[8]: name[Security] len[248] [2013/11/07 14:25:00.933881, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[9]: name[Share Name] len[20] [2013/11/07 14:25:00.934055, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[10]: name[StartTime] len[4] [2013/11/07 14:25:00.934140, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[11]: name[UntilTime] len[4] [2013/11/07 14:25:00.934287, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[12]: name[ChangeID] len[4] [2013/11/07 14:25:00.934400, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:00.934519, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey out: struct winreg_QueryInfoKey classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL num_subkeys : * num_subkeys : 0x00000003 (3) max_subkeylen : * max_subkeylen : 0x00000022 (34) max_classlen : * max_classlen : 0x00000000 (0) num_values : * num_values : 0x0000000d (13) max_valnamelen : * max_valnamelen : 0x00000022 (34) max_valbufsize : * max_valbufsize : 0x000000f8 (248) secdescsize : * secdescsize : 0x00000078 (120) last_changed_time : * last_changed_time : NTTIME(0) result : WERR_OK [2013/11/07 14:25:00.935675, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001d6-0000-0000-7b52-ac947f2c0000 enum_index : 0x00000000 (0) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:25:00.936655, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 D6 01 00 00 00 00 00 00 7B 52 AC 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:00.936834, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:00.936929, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0016 (22) size : 0x0024 (36) name : * name : 'Attributes' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x48 (72) [1] : 0x10 (16) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:25:00.938277, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001d6-0000-0000-7b52-ac947f2c0000 enum_index : 0x00000001 (1) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:25:00.939333, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 D6 01 00 00 00 00 00 00 7B 52 AC 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:00.939485, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:00.939579, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0018 (24) size : 0x0024 (36) name : * name : 'Description' type : * type : REG_SZ (1) value : * value: ARRAY(2) [0] : 0x00 (0) [1] : 0x00 (0) size : * size : 0x00000002 (2) length : * length : 0x00000002 (2) result : WERR_OK [2013/11/07 14:25:00.940740, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001d6-0000-0000-7b52-ac947f2c0000 enum_index : 0x00000002 (2) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:25:00.941712, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 D6 01 00 00 00 00 00 00 7B 52 AC 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:00.942074, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:00.942189, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Datatype' type : * type : REG_SZ (1) value : * value: ARRAY(8) [0] : 0x52 (82) [1] : 0x00 (0) [2] : 0x41 (65) [3] : 0x00 (0) [4] : 0x57 (87) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) size : * size : 0x00000008 (8) length : * length : 0x00000008 (8) result : WERR_OK [2013/11/07 14:25:00.943355, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001d6-0000-0000-7b52-ac947f2c0000 enum_index : 0x00000003 (3) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:25:00.944355, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 D6 01 00 00 00 00 00 00 7B 52 AC 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:00.944574, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:00.944669, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0022 (34) size : 0x0024 (36) name : * name : 'Default Priority' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:25:00.945670, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001d6-0000-0000-7b52-ac947f2c0000 enum_index : 0x00000004 (4) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:25:00.946548, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 D6 01 00 00 00 00 00 00 7B 52 AC 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:00.946700, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:00.946793, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x000a (10) size : 0x0024 (36) name : * name : 'Port' type : * type : REG_SZ (1) value : * value: ARRAY(38) [0] : 0x53 (83) [1] : 0x00 (0) [2] : 0x61 (97) [3] : 0x00 (0) [4] : 0x6d (109) [5] : 0x00 (0) [6] : 0x62 (98) [7] : 0x00 (0) [8] : 0x61 (97) [9] : 0x00 (0) [10] : 0x20 (32) [11] : 0x00 (0) [12] : 0x50 (80) [13] : 0x00 (0) [14] : 0x72 (114) [15] : 0x00 (0) [16] : 0x69 (105) [17] : 0x00 (0) [18] : 0x6e (110) [19] : 0x00 (0) [20] : 0x74 (116) [21] : 0x00 (0) [22] : 0x65 (101) [23] : 0x00 (0) [24] : 0x72 (114) [25] : 0x00 (0) [26] : 0x20 (32) [27] : 0x00 (0) [28] : 0x50 (80) [29] : 0x00 (0) [30] : 0x6f (111) [31] : 0x00 (0) [32] : 0x72 (114) [33] : 0x00 (0) [34] : 0x74 (116) [35] : 0x00 (0) [36] : 0x00 (0) [37] : 0x00 (0) size : * size : 0x00000026 (38) length : * length : 0x00000026 (38) result : WERR_OK [2013/11/07 14:25:00.949996, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001d6-0000-0000-7b52-ac947f2c0000 enum_index : 0x00000005 (5) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:25:00.950863, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 D6 01 00 00 00 00 00 00 7B 52 AC 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:00.951974, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:00.952080, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x000a (10) size : 0x0024 (36) name : * name : 'Name' type : * type : REG_SZ (1) value : * value: ARRAY(20) [0] : 0x73 (115) [1] : 0x00 (0) [2] : 0x70 (112) [3] : 0x00 (0) [4] : 0x72 (114) [5] : 0x00 (0) [6] : 0x69 (105) [7] : 0x00 (0) [8] : 0x6e (110) [9] : 0x00 (0) [10] : 0x74 (116) [11] : 0x00 (0) [12] : 0x65 (101) [13] : 0x00 (0) [14] : 0x72 (114) [15] : 0x00 (0) [16] : 0x31 (49) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) size : * size : 0x00000014 (20) length : * length : 0x00000014 (20) result : WERR_OK [2013/11/07 14:25:00.953978, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001d6-0000-0000-7b52-ac947f2c0000 enum_index : 0x00000006 (6) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:25:00.954848, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 D6 01 00 00 00 00 00 00 7B 52 AC 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:00.955000, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:00.955090, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0020 (32) size : 0x0024 (36) name : * name : 'Print Processor' type : * type : REG_SZ (1) value : * value: ARRAY(18) [0] : 0x77 (119) [1] : 0x00 (0) [2] : 0x69 (105) [3] : 0x00 (0) [4] : 0x6e (110) [5] : 0x00 (0) [6] : 0x70 (112) [7] : 0x00 (0) [8] : 0x72 (114) [9] : 0x00 (0) [10] : 0x69 (105) [11] : 0x00 (0) [12] : 0x6e (110) [13] : 0x00 (0) [14] : 0x74 (116) [15] : 0x00 (0) [16] : 0x00 (0) [17] : 0x00 (0) size : * size : 0x00000012 (18) length : * length : 0x00000012 (18) result : WERR_OK [2013/11/07 14:25:00.956574, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001d6-0000-0000-7b52-ac947f2c0000 enum_index : 0x00000007 (7) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:25:00.957973, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 D6 01 00 00 00 00 00 00 7B 52 AC 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:00.958131, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:00.958271, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Priority' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:25:00.959354, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001d6-0000-0000-7b52-ac947f2c0000 enum_index : 0x00000008 (8) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:25:00.960366, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 D6 01 00 00 00 00 00 00 7B 52 AC 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:00.960681, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:00.960776, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Security' type : * type : REG_BINARY (3) value : * value: ARRAY(248) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0xc4 (196) [55] : 0x00 (0) [56] : 0x07 (7) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x24 (36) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x05 (5) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x15 (21) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0xcd (205) [101] : 0x0e (14) [102] : 0x37 (55) [103] : 0x41 (65) [104] : 0xea (234) [105] : 0x03 (3) [106] : 0x00 (0) [107] : 0x1d (29) [108] : 0x0e (14) [109] : 0x89 (137) [110] : 0x3c (60) [111] : 0xd2 (210) [112] : 0x00 (0) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x02 (2) [118] : 0x24 (36) [119] : 0x00 (0) [120] : 0x0c (12) [121] : 0x00 (0) [122] : 0x0f (15) [123] : 0x10 (16) [124] : 0x01 (1) [125] : 0x05 (5) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x05 (5) [132] : 0x15 (21) [133] : 0x00 (0) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0xcd (205) [137] : 0x0e (14) [138] : 0x37 (55) [139] : 0x41 (65) [140] : 0xea (234) [141] : 0x03 (3) [142] : 0x00 (0) [143] : 0x1d (29) [144] : 0x0e (14) [145] : 0x89 (137) [146] : 0x3c (60) [147] : 0xd2 (210) [148] : 0x00 (0) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x09 (9) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x20 (32) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x02 (2) [178] : 0x18 (24) [179] : 0x00 (0) [180] : 0x0c (12) [181] : 0x00 (0) [182] : 0x0f (15) [183] : 0x10 (16) [184] : 0x01 (1) [185] : 0x02 (2) [186] : 0x00 (0) [187] : 0x00 (0) [188] : 0x00 (0) [189] : 0x00 (0) [190] : 0x00 (0) [191] : 0x05 (5) [192] : 0x20 (32) [193] : 0x00 (0) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x20 (32) [197] : 0x02 (2) [198] : 0x00 (0) [199] : 0x00 (0) [200] : 0x00 (0) [201] : 0x09 (9) [202] : 0x18 (24) [203] : 0x00 (0) [204] : 0x0c (12) [205] : 0x00 (0) [206] : 0x0f (15) [207] : 0x10 (16) [208] : 0x01 (1) [209] : 0x02 (2) [210] : 0x00 (0) [211] : 0x00 (0) [212] : 0x00 (0) [213] : 0x00 (0) [214] : 0x00 (0) [215] : 0x05 (5) [216] : 0x20 (32) [217] : 0x00 (0) [218] : 0x00 (0) [219] : 0x00 (0) [220] : 0x26 (38) [221] : 0x02 (2) [222] : 0x00 (0) [223] : 0x00 (0) [224] : 0x00 (0) [225] : 0x02 (2) [226] : 0x18 (24) [227] : 0x00 (0) [228] : 0x0c (12) [229] : 0x00 (0) [230] : 0x0f (15) [231] : 0x10 (16) [232] : 0x01 (1) [233] : 0x02 (2) [234] : 0x00 (0) [235] : 0x00 (0) [236] : 0x00 (0) [237] : 0x00 (0) [238] : 0x00 (0) [239] : 0x05 (5) [240] : 0x20 (32) [241] : 0x00 (0) [242] : 0x00 (0) [243] : 0x00 (0) [244] : 0x26 (38) [245] : 0x02 (2) [246] : 0x00 (0) [247] : 0x00 (0) size : * size : 0x000000f8 (248) length : * length : 0x000000f8 (248) result : WERR_OK [2013/11/07 14:25:00.973003, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001d6-0000-0000-7b52-ac947f2c0000 enum_index : 0x00000009 (9) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:25:00.974422, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 D6 01 00 00 00 00 00 00 7B 52 AC 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:00.974586, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:00.974691, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0016 (22) size : 0x0024 (36) name : * name : 'Share Name' type : * type : REG_SZ (1) value : * value: ARRAY(20) [0] : 0x73 (115) [1] : 0x00 (0) [2] : 0x70 (112) [3] : 0x00 (0) [4] : 0x72 (114) [5] : 0x00 (0) [6] : 0x69 (105) [7] : 0x00 (0) [8] : 0x6e (110) [9] : 0x00 (0) [10] : 0x74 (116) [11] : 0x00 (0) [12] : 0x65 (101) [13] : 0x00 (0) [14] : 0x72 (114) [15] : 0x00 (0) [16] : 0x31 (49) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) size : * size : 0x00000014 (20) length : * length : 0x00000014 (20) result : WERR_OK [2013/11/07 14:25:00.978521, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001d6-0000-0000-7b52-ac947f2c0000 enum_index : 0x0000000a (10) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:25:00.980549, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 D6 01 00 00 00 00 00 00 7B 52 AC 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:00.980714, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:00.980815, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0014 (20) size : 0x0024 (36) name : * name : 'StartTime' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:25:00.982755, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001d6-0000-0000-7b52-ac947f2c0000 enum_index : 0x0000000b (11) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:25:00.983938, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 D6 01 00 00 00 00 00 00 7B 52 AC 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:00.984140, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:00.984270, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0014 (20) size : 0x0024 (36) name : * name : 'UntilTime' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:25:00.985456, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001d6-0000-0000-7b52-ac947f2c0000 enum_index : 0x0000000c (12) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:25:00.987159, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 D6 01 00 00 00 00 00 00 7B 52 AC 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:00.987532, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:00.987633, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'ChangeID' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x33 (51) [1] : 0xac (172) [2] : 0x0e (14) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:25:00.991287, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001d6-0000-0000-7b52-ac947f2c0000 value_name : * value_name: struct winreg_String name_len : 0x0020 (32) name_size : 0x0020 (32) name : * name : 'Default DevMode' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2013/11/07 14:25:00.992986, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 D6 01 00 00 00 00 00 00 7B 52 AC 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:00.993153, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:00.993402, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2013/11/07 14:25:00.993537, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:316(_winreg_QueryValue) _winreg_QueryValue: reg_queryvalue failed with: WERR_BADFILE [2013/11/07 14:25:00.993732, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) result : WERR_BADFILE [2013/11/07 14:25:00.994547, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:25:00.996003, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2013/11/07 14:25:00.996096, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (2->3) [2013/11/07 14:25:00.996184, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2013/11/07 14:25:00.997382, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2013/11/07 14:25:00.997568, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:00.997728, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM] [2013/11/07 14:25:00.997874, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2013/11/07 14:25:00.997983, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:25:00.998074, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[3] [0000] 00 00 00 00 D7 01 00 00 00 00 00 00 7B 52 AC 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:00.998370, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001d7-0000-0000-7b52-ac947f2c0000 result : WERR_OK [2013/11/07 14:25:00.999038, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001d7-0000-0000-7b52-ac947f2c0000 keyname: struct winreg_String name_len : 0x008c (140) name_size : 0x008c (140) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:25:01.000795, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 D7 01 00 00 00 00 00 00 7B 52 AC 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:01.000964, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2013/11/07 14:25:01.001049, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (3->4) [2013/11/07 14:25:01.001136, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2013/11/07 14:25:01.001365, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2013/11/07 14:25:01.001457, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:01.001699, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE] [2013/11/07 14:25:01.001903, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2013/11/07 14:25:01.002777, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2013/11/07 14:25:01.002875, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (4->5) [2013/11/07 14:25:01.002961, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:25:01.003042, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:25:01.003129, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:01.003966, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:25:01.004140, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2013/11/07 14:25:01.005408, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2013/11/07 14:25:01.005601, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (5->6) [2013/11/07 14:25:01.005772, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:25:01.005854, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:25:01.006804, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:01.007287, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:25:01.007458, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:25:01.007772, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2013/11/07 14:25:01.007858, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (6->7) [2013/11/07 14:25:01.007944, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:25:01.008024, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:25:01.008112, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:01.008193, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:25:01.009068, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2013/11/07 14:25:01.009161, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (7->8) [2013/11/07 14:25:01.009401, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:25:01.009484, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:25:01.009613, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:01.009693, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:25:01.009839, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2013/11/07 14:25:01.009924, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (8->9) [2013/11/07 14:25:01.010052, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:25:01.010307, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:25:01.010402, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:01.010482, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:25:01.010634, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:25:01.010742, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [sprinter1] [2013/11/07 14:25:01.011110, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (9->10) [2013/11/07 14:25:01.011284, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:01.011405, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:01.011532, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:01.011615, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:01.011743, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:01.011848, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:25:01.011937, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (10->9) [2013/11/07 14:25:01.012067, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (9->8) [2013/11/07 14:25:01.012154, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (8->7) [2013/11/07 14:25:01.012335, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (7->6) [2013/11/07 14:25:01.012461, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (6->5) [2013/11/07 14:25:01.012580, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (5->4) [2013/11/07 14:25:01.012671, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[4] [0000] 00 00 00 00 D8 01 00 00 00 00 00 00 7B 52 AD 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:01.012827, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001d8-0000-0000-7b52-ad947f2c0000 result : WERR_OK [2013/11/07 14:25:01.013417, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001d8-0000-0000-7b52-ad947f2c0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2013/11/07 14:25:01.020624, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 D8 01 00 00 00 00 00 00 7B 52 AD 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:01.020870, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:01.020956, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2013/11/07 14:25:01.021090, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' (ops 0xb6d86bc0) [2013/11/07 14:25:01.021178, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:01.021482, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[0]: name[Attributes] len[4] [2013/11/07 14:25:01.021629, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[1]: name[Description] len[2] [2013/11/07 14:25:01.021716, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[2]: name[Datatype] len[8] [2013/11/07 14:25:01.021801, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[3]: name[Default Priority] len[4] [2013/11/07 14:25:01.021886, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[4]: name[Port] len[38] [2013/11/07 14:25:01.021972, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[5]: name[Name] len[20] [2013/11/07 14:25:01.022092, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[6]: name[Print Processor] len[18] [2013/11/07 14:25:01.022178, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[7]: name[Priority] len[4] [2013/11/07 14:25:01.022340, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[8]: name[Security] len[248] [2013/11/07 14:25:01.022426, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[9]: name[Share Name] len[20] [2013/11/07 14:25:01.022574, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[10]: name[StartTime] len[4] [2013/11/07 14:25:01.022662, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[11]: name[UntilTime] len[4] [2013/11/07 14:25:01.022748, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[12]: name[ChangeID] len[4] [2013/11/07 14:25:01.022839, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : NULL data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x00000000 (0) result : WERR_OK [2013/11/07 14:25:01.023538, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001d8-0000-0000-7b52-ad947f2c0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_BINARY (3) data : * data: ARRAY(0) data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x00000000 (0) [2013/11/07 14:25:01.026871, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 D8 01 00 00 00 00 00 00 7B 52 AD 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:01.027036, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:01.027120, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2013/11/07 14:25:01.027275, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : * data: ARRAY(248) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0xc4 (196) [55] : 0x00 (0) [56] : 0x07 (7) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x24 (36) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x05 (5) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x15 (21) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0xcd (205) [101] : 0x0e (14) [102] : 0x37 (55) [103] : 0x41 (65) [104] : 0xea (234) [105] : 0x03 (3) [106] : 0x00 (0) [107] : 0x1d (29) [108] : 0x0e (14) [109] : 0x89 (137) [110] : 0x3c (60) [111] : 0xd2 (210) [112] : 0x00 (0) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x02 (2) [118] : 0x24 (36) [119] : 0x00 (0) [120] : 0x0c (12) [121] : 0x00 (0) [122] : 0x0f (15) [123] : 0x10 (16) [124] : 0x01 (1) [125] : 0x05 (5) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x05 (5) [132] : 0x15 (21) [133] : 0x00 (0) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0xcd (205) [137] : 0x0e (14) [138] : 0x37 (55) [139] : 0x41 (65) [140] : 0xea (234) [141] : 0x03 (3) [142] : 0x00 (0) [143] : 0x1d (29) [144] : 0x0e (14) [145] : 0x89 (137) [146] : 0x3c (60) [147] : 0xd2 (210) [148] : 0x00 (0) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x09 (9) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x20 (32) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x02 (2) [178] : 0x18 (24) [179] : 0x00 (0) [180] : 0x0c (12) [181] : 0x00 (0) [182] : 0x0f (15) [183] : 0x10 (16) [184] : 0x01 (1) [185] : 0x02 (2) [186] : 0x00 (0) [187] : 0x00 (0) [188] : 0x00 (0) [189] : 0x00 (0) [190] : 0x00 (0) [191] : 0x05 (5) [192] : 0x20 (32) [193] : 0x00 (0) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x20 (32) [197] : 0x02 (2) [198] : 0x00 (0) [199] : 0x00 (0) [200] : 0x00 (0) [201] : 0x09 (9) [202] : 0x18 (24) [203] : 0x00 (0) [204] : 0x0c (12) [205] : 0x00 (0) [206] : 0x0f (15) [207] : 0x10 (16) [208] : 0x01 (1) [209] : 0x02 (2) [210] : 0x00 (0) [211] : 0x00 (0) [212] : 0x00 (0) [213] : 0x00 (0) [214] : 0x00 (0) [215] : 0x05 (5) [216] : 0x20 (32) [217] : 0x00 (0) [218] : 0x00 (0) [219] : 0x00 (0) [220] : 0x26 (38) [221] : 0x02 (2) [222] : 0x00 (0) [223] : 0x00 (0) [224] : 0x00 (0) [225] : 0x02 (2) [226] : 0x18 (24) [227] : 0x00 (0) [228] : 0x0c (12) [229] : 0x00 (0) [230] : 0x0f (15) [231] : 0x10 (16) [232] : 0x01 (1) [233] : 0x02 (2) [234] : 0x00 (0) [235] : 0x00 (0) [236] : 0x00 (0) [237] : 0x00 (0) [238] : 0x00 (0) [239] : 0x05 (5) [240] : 0x20 (32) [241] : 0x00 (0) [242] : 0x00 (0) [243] : 0x00 (0) [244] : 0x26 (38) [245] : 0x02 (2) [246] : 0x00 (0) [247] : 0x00 (0) data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x000000f8 (248) result : WERR_OK [2013/11/07 14:25:01.040146, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001d8-0000-0000-7b52-ad947f2c0000 [2013/11/07 14:25:01.040513, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 D8 01 00 00 00 00 00 00 7B 52 AD 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:01.040671, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 D8 01 00 00 00 00 00 00 7B 52 AD 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:01.040821, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:25:01.040916, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (4->3) [2013/11/07 14:25:01.041000, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:25:01.041390, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001d7-0000-0000-7b52-ac947f2c0000 [2013/11/07 14:25:01.041671, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 D7 01 00 00 00 00 00 00 7B 52 AC 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:01.041865, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 D7 01 00 00 00 00 00 00 7B 52 AC 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:01.042013, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:25:01.042269, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (3->2) [2013/11/07 14:25:01.042354, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:25:01.042702, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001d6-0000-0000-7b52-ac947f2c0000 [2013/11/07 14:25:01.043001, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 D6 01 00 00 00 00 00 00 7B 52 AC 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:01.043271, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 D6 01 00 00 00 00 00 00 7B 52 AC 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:01.043424, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:25:01.043517, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (2->1) [2013/11/07 14:25:01.043603, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:25:01.043941, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001d5-0000-0000-7b52-ac947f2c0000 [2013/11/07 14:25:01.044290, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 D5 01 00 00 00 00 00 00 7B 52 AC 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:01.044476, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 D5 01 00 00 00 00 00 00 7B 52 AC 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:01.044626, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:25:01.044709, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (1->0) [2013/11/07 14:25:01.044816, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:25:01.045162, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:416(close_policy_by_pipe) Deleted handle list for RPC connection \winreg [2013/11/07 14:25:01.045474, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) spoolss_GetPrinter: struct spoolss_GetPrinter out: struct spoolss_GetPrinter info : * info : union spoolss_PrinterInfo(case 2) info2: struct spoolss_PrinterInfo2 servername : * servername : '\\SLAVER' printername : * printername : '\\SLAVER\sprinter1' sharename : * sharename : 'sprinter1' portname : * portname : 'Samba Printer Port' drivername : * drivername : '' comment : * comment : '' location : * location : '' devmode : * devmode: struct spoolss_DeviceMode devicename : '\\SLAVER\sprinter1' specversion : DMSPEC_NT4_AND_ABOVE (1025) driverversion : 0x0400 (1024) size : 0x00dc (220) __driverextra_length : 0x0000 (0) fields : 0x00014713 (83731) 1: DEVMODE_ORIENTATION 1: DEVMODE_PAPERSIZE 0: DEVMODE_PAPERLENGTH 0: DEVMODE_PAPERWIDTH 1: DEVMODE_SCALE 0: DEVMODE_POSITION 0: DEVMODE_NUP 1: DEVMODE_COPIES 1: DEVMODE_DEFAULTSOURCE 1: DEVMODE_PRINTQUALITY 0: DEVMODE_COLOR 0: DEVMODE_DUPLEX 0: DEVMODE_YRESOLUTION 1: DEVMODE_TTOPTION 0: DEVMODE_COLLATE 1: DEVMODE_FORMNAME 0: DEVMODE_LOGPIXELS 0: DEVMODE_BITSPERPEL 0: DEVMODE_PELSWIDTH 0: DEVMODE_PELSHEIGHT 0: DEVMODE_DISPLAYFLAGS 0: DEVMODE_DISPLAYFREQUENCY 0: DEVMODE_ICMMETHOD 0: DEVMODE_ICMINTENT 0: DEVMODE_MEDIATYPE 0: DEVMODE_DITHERTYPE 0: DEVMODE_PANNINGWIDTH 0: DEVMODE_PANNINGHEIGHT orientation : DMORIENT_PORTRAIT (1) papersize : DMPAPER_LETTER (1) paperlength : 0x0000 (0) paperwidth : 0x0000 (0) scale : 0x0064 (100) copies : 0x0001 (1) defaultsource : DMBIN_FORMSOURCE (15) printquality : DMRES_HIGH (65532) color : DMRES_MONOCHROME (1) duplex : DMDUP_SIMPLEX (1) yresolution : 0x0000 (0) ttoption : DMTT_SUBDEV (3) collate : DMCOLLATE_FALSE (0) formname : 'Letter' logpixels : 0x0000 (0) bitsperpel : 0x00000000 (0) pelswidth : 0x00000000 (0) pelsheight : 0x00000000 (0) displayflags : UNKNOWN_ENUM_VALUE (0) displayfrequency : 0x00000000 (0) icmmethod : UNKNOWN_ENUM_VALUE (0) icmintent : UNKNOWN_ENUM_VALUE (0) mediatype : UNKNOWN_ENUM_VALUE (0) dithertype : UNKNOWN_ENUM_VALUE (0) reserved1 : 0x00000000 (0) reserved2 : 0x00000000 (0) panningwidth : 0x00000000 (0) panningheight : 0x00000000 (0) driverextra_data : DATA_BLOB length=0 sepfile : * sepfile : '' printprocessor : * printprocessor : 'winprint' datatype : * datatype : 'RAW' parameters : * parameters : '' secdesc : * secdesc: struct security_descriptor revision : SECURITY_DESCRIPTOR_REVISION_1 (1) type : 0x8004 (32772) 0: SEC_DESC_OWNER_DEFAULTED 0: SEC_DESC_GROUP_DEFAULTED 1: SEC_DESC_DACL_PRESENT 0: SEC_DESC_DACL_DEFAULTED 0: SEC_DESC_SACL_PRESENT 0: SEC_DESC_SACL_DEFAULTED 0: SEC_DESC_DACL_TRUSTED 0: SEC_DESC_SERVER_SECURITY 0: SEC_DESC_DACL_AUTO_INHERIT_REQ 0: SEC_DESC_SACL_AUTO_INHERIT_REQ 0: SEC_DESC_DACL_AUTO_INHERITED 0: SEC_DESC_SACL_AUTO_INHERITED 0: SEC_DESC_DACL_PROTECTED 0: SEC_DESC_SACL_PROTECTED 0: SEC_DESC_RM_CONTROL_VALID 1: SEC_DESC_SELF_RELATIVE owner_sid : * owner_sid : S-1-5-32-544 group_sid : * group_sid : S-1-5-32-544 sacl : NULL dacl : * dacl: struct security_acl revision : SECURITY_ACL_REVISION_NT4 (2) size : 0x00c4 (196) num_aces : 0x00000007 (7) aces: ARRAY(7) aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0014 (20) access_mask : 0x20020008 (537001992) object : union security_ace_object_ctr(case 0) trustee : S-1-1-0 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x09 (9) 1: SEC_ACE_FLAG_OBJECT_INHERIT 0: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 1: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0024 (36) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-21-1094127309-486540266-3527182606-512 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0024 (36) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-21-1094127309-486540266-3527182606-512 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x09 (9) 1: SEC_ACE_FLAG_OBJECT_INHERIT 0: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 1: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-544 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-544 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x09 (9) 1: SEC_ACE_FLAG_OBJECT_INHERIT 0: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 1: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-550 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-550 attributes : 0x00001048 (4168) 0: PRINTER_ATTRIBUTE_QUEUED 0: PRINTER_ATTRIBUTE_DIRECT 0: PRINTER_ATTRIBUTE_DEFAULT 1: PRINTER_ATTRIBUTE_SHARED 0: PRINTER_ATTRIBUTE_NETWORK 0: PRINTER_ATTRIBUTE_HIDDEN 1: PRINTER_ATTRIBUTE_LOCAL 0: PRINTER_ATTRIBUTE_ENABLE_DEVQ 0: PRINTER_ATTRIBUTE_KEEPPRINTEDJOBS 0: PRINTER_ATTRIBUTE_DO_COMPLETE_FIRST 0: PRINTER_ATTRIBUTE_WORK_OFFLINE 0: PRINTER_ATTRIBUTE_ENABLE_BIDI 1: PRINTER_ATTRIBUTE_RAW_ONLY 0: PRINTER_ATTRIBUTE_PUBLISHED 0: PRINTER_ATTRIBUTE_FAX 0: PRINTER_ATTRIBUTE_TS priority : 0x00000001 (1) defaultpriority : 0x00000001 (1) starttime : 0x00000000 (0) untiltime : 0x00000000 (0) status : 0x00000000 (0) 0: PRINTER_STATUS_PAUSED 0: PRINTER_STATUS_ERROR 0: PRINTER_STATUS_PENDING_DELETION 0: PRINTER_STATUS_PAPER_JAM 0: PRINTER_STATUS_PAPER_OUT 0: PRINTER_STATUS_MANUAL_FEED 0: PRINTER_STATUS_PAPER_PROBLEM 0: PRINTER_STATUS_OFFLINE 0: PRINTER_STATUS_IO_ACTIVE 0: PRINTER_STATUS_BUSY 0: PRINTER_STATUS_PRINTING 0: PRINTER_STATUS_OUTPUT_BIN_FULL 0: PRINTER_STATUS_NOT_AVAILABLE 0: PRINTER_STATUS_WAITING 0: PRINTER_STATUS_PROCESSING 0: PRINTER_STATUS_INITIALIZING 0: PRINTER_STATUS_WARMING_UP 0: PRINTER_STATUS_TONER_LOW 0: PRINTER_STATUS_NO_TONER 0: PRINTER_STATUS_PAGE_PUNT 0: PRINTER_STATUS_USER_INTERVENTION 0: PRINTER_STATUS_OUT_OF_MEMORY 0: PRINTER_STATUS_DOOR_OPEN 0: PRINTER_STATUS_SERVER_UNKNOWN 0: PRINTER_STATUS_POWER_SAVE cjobs : 0x00000000 (0) averageppm : 0x00000000 (0) needed : * needed : 0x000002f0 (752) result : WERR_OK [2013/11/07 14:25:01.059970, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1417(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2013/11/07 14:25:01.060165, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (2016, 5001) - sec_ctx_stack_ndx = 0 [2013/11/07 14:25:01.060255, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 4140 smbd_smb2_request_pending_queue: req->current_idx = 1 req->in.vector[0].iov_len = 0 req->in.vector[1].iov_len = 0 req->in.vector[2].iov_len = 64 req->in.vector[3].iov_len = 56 req->in.vector[4].iov_len = 4156 req->out.vector[0].iov_len = 4 req->out.vector[1].iov_len = 0 req->out.vector[2].iov_len = 64 req->out.vector[3].iov_len = 8 req->out.vector[4].iov_len = 0 [2013/11/07 14:25:01.060863, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:128(smbd_smb2_ioctl_pipe_write_done) smbd_smb2_ioctl_pipe_write_done: received 4156 [2013/11/07 14:25:01.060949, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:149(smbd_smb2_ioctl_pipe_write_done) smbd_smb2_ioctl_pipe_write_done: issuing np_read_send of size 4136 [2013/11/07 14:25:01.061096, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) name: \spoolss len: 4136 [2013/11/07 14:25:01.061182, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:347(read_from_internal_pipe) read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 4112. [2013/11/07 14:25:01.061316, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x1028 (4136) auth_length : 0x0000 (0) call_id : 0x00000004 (4) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00001010 (4112) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=4112 [0000] 04 00 02 00 00 10 00 00 EE 0F 00 00 C8 0F 00 00 ........ ........ [0010] B4 0F 00 00 8E 0F 00 00 8C 0F 00 00 8A 0F 00 00 ........ ........ [0020] 88 0F 00 00 8C 0E 00 00 86 0F 00 00 74 0F 00 00 ........ ....t... [0030] 6C 0F 00 00 6A 0F 00 00 94 0D 00 00 48 10 00 00 l...j... ....H... [0040] 01 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 01 00 04 80 ........ ........ [0DA0] D8 00 00 00 E8 00 00 00 00 00 00 00 14 00 00 00 ........ ........ [0DB0] 02 00 C4 00 07 00 00 00 00 02 14 00 08 00 02 20 ........ ....... [0DC0] 01 01 00 00 00 00 00 01 00 00 00 00 00 09 24 00 ........ ......$. [0DD0] 0C 00 0F 10 01 05 00 00 00 00 00 05 15 00 00 00 ........ ........ [0DE0] CD 0E 37 41 EA 03 00 1D 0E 89 3C D2 00 02 00 00 ..7A.... ..<..... [0DF0] 00 02 24 00 0C 00 0F 10 01 05 00 00 00 00 00 05 ..$..... ........ [0E00] 15 00 00 00 CD 0E 37 41 EA 03 00 1D 0E 89 3C D2 ......7A ......<. [0E10] 00 02 00 00 00 09 18 00 0C 00 0F 10 01 02 00 00 ........ ........ [0E20] 00 00 00 05 20 00 00 00 20 02 00 00 00 02 18 00 .... ... ....... [0E30] 0C 00 0F 10 01 02 00 00 00 00 00 05 20 00 00 00 ........ .... ... [0E40] 20 02 00 00 00 09 18 00 0C 00 0F 10 01 02 00 00 ....... ........ [0E50] 00 00 00 05 20 00 00 00 26 02 00 00 00 02 18 00 .... ... &....... [0E60] 0C 00 0F 10 01 02 00 00 00 00 00 05 20 00 00 00 ........ .... ... [0E70] 26 02 00 00 01 02 00 00 00 00 00 05 20 00 00 00 &....... .... ... [0E80] 20 02 00 00 01 02 00 00 00 00 00 05 20 00 00 00 ....... .... ... [0E90] 20 02 00 00 5C 00 5C 00 53 00 4C 00 41 00 56 00 ...\.\. S.L.A.V. [0EA0] 45 00 52 00 5C 00 73 00 70 00 72 00 69 00 6E 00 E.R.\.s. p.r.i.n. [0EB0] 74 00 65 00 72 00 31 00 00 00 00 00 00 00 00 00 t.e.r.1. ........ [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0ED0] 00 00 00 00 01 04 00 04 DC 00 00 00 13 47 01 00 ........ .....G.. [0EE0] 01 00 01 00 00 00 00 00 64 00 01 00 0F 00 FC FF ........ d....... [0EF0] 01 00 01 00 00 00 03 00 00 00 4C 00 65 00 74 00 ........ ..L.e.t. [0F00] 74 00 65 00 72 00 00 00 00 00 00 00 00 00 00 00 t.e.r... ........ [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F70] 00 00 00 00 52 00 41 00 57 00 00 00 77 00 69 00 ....R.A. W...w.i. [0F80] 6E 00 70 00 72 00 69 00 6E 00 74 00 00 00 00 00 n.p.r.i. n.t..... [0F90] 00 00 00 00 00 00 53 00 61 00 6D 00 62 00 61 00 ......S. a.m.b.a. [0FA0] 20 00 50 00 72 00 69 00 6E 00 74 00 65 00 72 00 .P.r.i. n.t.e.r. [0FB0] 20 00 50 00 6F 00 72 00 74 00 00 00 73 00 70 00 .P.o.r. t...s.p. [0FC0] 72 00 69 00 6E 00 74 00 65 00 72 00 31 00 00 00 r.i.n.t. e.r.1... [0FD0] 5C 00 5C 00 53 00 4C 00 41 00 56 00 45 00 52 00 \.\.S.L. A.V.E.R. [0FE0] 5C 00 73 00 70 00 72 00 69 00 6E 00 74 00 65 00 \.s.p.r. i.n.t.e. [0FF0] 72 00 31 00 00 00 5C 00 5C 00 53 00 4C 00 41 00 r.1...\. \.S.L.A. [1000] 56 00 45 00 52 00 00 00 F0 02 00 00 00 00 00 00 V.E.R... ........ [2013/11/07 14:25:01.083023, 3, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) free_pipe_context: destroying talloc pool of size 1258 [2013/11/07 14:25:01.083281, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 4136 bytes. There is no more data outstanding [2013/11/07 14:25:01.083364, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:178(smbd_smb2_ioctl_pipe_read_done) smbd_smb2_ioctl_pipe_read_done: np_read_recv nread = 4136 is_data_outstanding = 0, status = NT_STATUS_OK [2013/11/07 14:25:01.083459, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl.c:291(smbd_smb2_request_ioctl_done) smbd_smb2_request_ioctl_done: smbd_smb2_ioctl_recv returned 4136 status NT_STATUS_OK [2013/11/07 14:25:01.083545, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[48] dyn[yes:4136] at ../source3/smbd/smb2_ioctl.c:358 [2013/11/07 14:25:01.083653, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/258/127 [2013/11/07 14:25:01.084061, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) smbd_smb2_request_incoming: idx[1] of 5 vectors [2013/11/07 14:25:01.084163, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) smb2_validate_sequence_number: clearing id 258 (position 258) from bitmap [2013/11/07 14:25:01.084250, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) smbd_smb2_request_dispatch: opcode[SMB2_OP_IOCTL] mid = 258 [2013/11/07 14:25:01.084373, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2013/11/07 14:25:01.084509, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) mid 258, CreditCharge: 1, NeededCharge: 1 [2013/11/07 14:25:01.084659, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl.c:394(smbd_smb2_ioctl_send) smbd_smb2_ioctl: ctl_code[0x0011c017] spoolss, fnum 3764318751 [2013/11/07 14:25:01.084960, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:59(smb2_ioctl_named_pipe) smbd_smb2_ioctl_send: np_write_send of size 4156 [2013/11/07 14:25:01.085096, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 4156 [2013/11/07 14:25:01.085181, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 4156 [2013/11/07 14:25:01.085263, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 4156 [2013/11/07 14:25:01.085377, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) fill_rpc_header: data_to_copy = 4156, len_needed_to_complete_hdr = 16, receive_len = 0 [2013/11/07 14:25:01.085460, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 16 [2013/11/07 14:25:01.085540, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 4140 [2013/11/07 14:25:01.085620, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 4140 [2013/11/07 14:25:01.085709, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 0 [2013/11/07 14:25:01.085789, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 4140 [2013/11/07 14:25:01.085925, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 4140, incoming data = 4140 [2013/11/07 14:25:01.086045, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) PDU is in Little Endian format! [2013/11/07 14:25:01.086166, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x103c (4156) auth_length : 0x0000 (0) call_id : 0x0000000f (15) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x00001024 (4132) context_id : 0x0000 (0) opnum : 0x0008 (8) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=4132 [0000] 00 00 00 00 7E 01 00 00 00 00 00 00 7B 52 AA 94 ....~... ....{R.. [0010] 7F 2C 00 00 02 00 00 00 00 00 02 00 00 10 00 00 .,...... ........ [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1020] 00 10 00 00 .... [2013/11/07 14:25:01.109848, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) Processing packet type 0 [2013/11/07 14:25:01.110015, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1472(dcesrv_auth_request) Checking request auth. [2013/11/07 14:25:01.110121, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(2016, 5001) : sec_ctx_stack_ndx = 1 [2013/11/07 14:25:01.110228, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (2016, 5001) - sec_ctx_stack_ndx = 1 [2013/11/07 14:25:01.110313, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (7): SID[ 0]: S-1-5-21-1094127309-486540266-3527182606-1118 SID[ 1]: S-1-5-21-1094127309-486540266-3527182606-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-32-545 SID[ 6]: S-1-5-32-554 Privileges (0x 800000): Privilege[ 0]: SeChangeNotifyPrivilege Rights (0x 400): Right[ 0]: SeRemoteInteractiveLogonRight [2013/11/07 14:25:01.110818, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 2016 Primary group is 5001 and contains 6 supplementary groups Group[ 0]: 5001 Group[ 1]: 5012 Group[ 2]: 5032 Group[ 3]: 5010 Group[ 4]: 5067 Group[ 5]: 5052 [2013/11/07 14:25:01.112222, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1324(api_pipe_request) Requested \spoolss rpc service [2013/11/07 14:25:01.112324, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1356(api_rpcTNP) api_rpcTNP: \spoolss op 0x8 - api_rpcTNP: rpc command: SPOOLSS_GETPRINTER [2013/11/07 14:25:01.112492, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1390(api_rpcTNP) api_rpc_cmds[8].fn == 0xb766e000 [2013/11/07 14:25:01.112587, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) spoolss_GetPrinter: struct spoolss_GetPrinter in: struct spoolss_GetPrinter handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000017e-0000-0000-7b52-aa947f2c0000 level : 0x00000002 (2) buffer : * buffer : DATA_BLOB length=4096 [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ offered : 0x00001000 (4096) [2013/11/07 14:25:01.131756, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[5] [0000] 00 00 00 00 7E 01 00 00 00 00 00 00 7B 52 AA 94 ....~... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:01.131947, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[5] [0000] 00 00 00 00 7E 01 00 00 00 00 00 00 7B 52 AA 94 ....~... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:01.132106, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:489(get_printer_snum) short name:sprinter1 [2013/11/07 14:25:01.132317, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) Create pipe requested \winreg [2013/11/07 14:25:01.132480, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:221(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \winreg [2013/11/07 14:25:01.132567, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg [2013/11/07 14:25:01.132721, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) Created internal pipe \winreg [2013/11/07 14:25:01.132857, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:25:01.133410, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2013/11/07 14:25:01.133499, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(2016, 5001) : sec_ctx_stack_ndx = 2 [2013/11/07 14:25:01.133590, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:485(push_conn_ctx) push_conn_ctx(2620291195) : conn_ctx_stack_ndx = 0 [2013/11/07 14:25:01.133672, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/11/07 14:25:01.133753, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/11/07 14:25:01.133834, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/11/07 14:25:01.134110, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (2016, 5001) - sec_ctx_stack_ndx = 1 [2013/11/07 14:25:01.134197, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:866(regdb_open) regdb_open: registry db opened. refcount reset (1) [2013/11/07 14:25:01.134284, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2013/11/07 14:25:01.134365, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2013/11/07 14:25:01.134450, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:01.134547, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM] [2013/11/07 14:25:01.134683, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2013/11/07 14:25:01.134789, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:25:01.134880, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 D9 01 00 00 00 00 00 00 7B 52 AD 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:01.135035, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001d9-0000-0000-7b52-ad947f2c0000 result : WERR_OK [2013/11/07 14:25:01.135415, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001d9-0000-0000-7b52-ad947f2c0000 keyname: struct winreg_String name_len : 0x008c (140) name_size : 0x008c (140) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:25:01.136471, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 D9 01 00 00 00 00 00 00 7B 52 AD 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:01.136630, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2013/11/07 14:25:01.136786, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (1->2) [2013/11/07 14:25:01.136872, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2013/11/07 14:25:01.136952, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2013/11/07 14:25:01.137056, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:01.137138, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE] [2013/11/07 14:25:01.137256, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2013/11/07 14:25:01.137419, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2013/11/07 14:25:01.137502, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (2->3) [2013/11/07 14:25:01.137598, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:25:01.137678, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:25:01.137936, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:01.138234, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:25:01.138377, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2013/11/07 14:25:01.138689, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2013/11/07 14:25:01.138778, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (3->4) [2013/11/07 14:25:01.138864, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:25:01.138944, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:25:01.139031, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:01.139111, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:25:01.139217, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:25:01.139319, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2013/11/07 14:25:01.139401, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (4->5) [2013/11/07 14:25:01.139486, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:25:01.139620, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:25:01.139709, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:01.139787, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:25:01.139918, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2013/11/07 14:25:01.140002, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (5->6) [2013/11/07 14:25:01.140196, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:25:01.140277, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:25:01.140366, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:01.140491, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:25:01.140644, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2013/11/07 14:25:01.140729, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (6->7) [2013/11/07 14:25:01.140814, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:25:01.140896, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:25:01.140984, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:01.141063, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:25:01.141167, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:25:01.141270, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [sprinter1] [2013/11/07 14:25:01.141383, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (7->8) [2013/11/07 14:25:01.141469, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:01.141565, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:01.141687, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:01.141767, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:01.141901, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:01.142008, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:25:01.142094, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (8->7) [2013/11/07 14:25:01.142178, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (7->6) [2013/11/07 14:25:01.142262, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (6->5) [2013/11/07 14:25:01.142511, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (5->4) [2013/11/07 14:25:01.142607, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (4->3) [2013/11/07 14:25:01.142693, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (3->2) [2013/11/07 14:25:01.142781, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 DA 01 00 00 00 00 00 00 7B 52 AD 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:01.142936, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001da-0000-0000-7b52-ad947f2c0000 result : WERR_OK [2013/11/07 14:25:01.143337, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey in: struct winreg_QueryInfoKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001da-0000-0000-7b52-ad947f2c0000 classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL [2013/11/07 14:25:01.143816, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 DA 01 00 00 00 00 00 00 7B 52 AD 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:01.143992, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' (ops 0xb6d86bc0) [2013/11/07 14:25:01.144076, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:01.144201, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[0]: name[Attributes] len[4] [2013/11/07 14:25:01.144287, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[1]: name[Description] len[2] [2013/11/07 14:25:01.144370, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[2]: name[Datatype] len[8] [2013/11/07 14:25:01.144502, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[3]: name[Default Priority] len[4] [2013/11/07 14:25:01.144587, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[4]: name[Port] len[38] [2013/11/07 14:25:01.144671, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[5]: name[Name] len[20] [2013/11/07 14:25:01.144756, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[6]: name[Print Processor] len[18] [2013/11/07 14:25:01.144840, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[7]: name[Priority] len[4] [2013/11/07 14:25:01.144925, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[8]: name[Security] len[248] [2013/11/07 14:25:01.145010, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[9]: name[Share Name] len[20] [2013/11/07 14:25:01.145095, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[10]: name[StartTime] len[4] [2013/11/07 14:25:01.145180, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[11]: name[UntilTime] len[4] [2013/11/07 14:25:01.145265, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[12]: name[ChangeID] len[4] [2013/11/07 14:25:01.145426, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:01.145657, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey out: struct winreg_QueryInfoKey classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL num_subkeys : * num_subkeys : 0x00000003 (3) max_subkeylen : * max_subkeylen : 0x00000022 (34) max_classlen : * max_classlen : 0x00000000 (0) num_values : * num_values : 0x0000000d (13) max_valnamelen : * max_valnamelen : 0x00000022 (34) max_valbufsize : * max_valbufsize : 0x000000f8 (248) secdescsize : * secdescsize : 0x00000078 (120) last_changed_time : * last_changed_time : NTTIME(0) result : WERR_OK [2013/11/07 14:25:01.146677, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001da-0000-0000-7b52-ad947f2c0000 enum_index : 0x00000000 (0) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:25:01.147526, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 DA 01 00 00 00 00 00 00 7B 52 AD 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:01.147676, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:01.147764, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0016 (22) size : 0x0024 (36) name : * name : 'Attributes' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x48 (72) [1] : 0x10 (16) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:25:01.148781, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001da-0000-0000-7b52-ad947f2c0000 enum_index : 0x00000001 (1) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:25:01.149682, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 DA 01 00 00 00 00 00 00 7B 52 AD 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:01.149831, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:01.149950, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0018 (24) size : 0x0024 (36) name : * name : 'Description' type : * type : REG_SZ (1) value : * value: ARRAY(2) [0] : 0x00 (0) [1] : 0x00 (0) size : * size : 0x00000002 (2) length : * length : 0x00000002 (2) result : WERR_OK [2013/11/07 14:25:01.150747, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001da-0000-0000-7b52-ad947f2c0000 enum_index : 0x00000002 (2) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:25:01.151614, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 DA 01 00 00 00 00 00 00 7B 52 AD 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:01.151763, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:01.151850, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Datatype' type : * type : REG_SZ (1) value : * value: ARRAY(8) [0] : 0x52 (82) [1] : 0x00 (0) [2] : 0x41 (65) [3] : 0x00 (0) [4] : 0x57 (87) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) size : * size : 0x00000008 (8) length : * length : 0x00000008 (8) result : WERR_OK [2013/11/07 14:25:01.153634, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001da-0000-0000-7b52-ad947f2c0000 enum_index : 0x00000003 (3) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:25:01.154521, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 DA 01 00 00 00 00 00 00 7B 52 AD 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:01.154673, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:01.154780, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0022 (34) size : 0x0024 (36) name : * name : 'Default Priority' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:25:01.155785, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001da-0000-0000-7b52-ad947f2c0000 enum_index : 0x00000004 (4) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:25:01.177384, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 DA 01 00 00 00 00 00 00 7B 52 AD 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:01.178794, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:01.179784, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x000a (10) size : 0x0024 (36) name : * name : 'Port' type : * type : REG_SZ (1) value : * value: ARRAY(38) [0] : 0x53 (83) [1] : 0x00 (0) [2] : 0x61 (97) [3] : 0x00 (0) [4] : 0x6d (109) [5] : 0x00 (0) [6] : 0x62 (98) [7] : 0x00 (0) [8] : 0x61 (97) [9] : 0x00 (0) [10] : 0x20 (32) [11] : 0x00 (0) [12] : 0x50 (80) [13] : 0x00 (0) [14] : 0x72 (114) [15] : 0x00 (0) [16] : 0x69 (105) [17] : 0x00 (0) [18] : 0x6e (110) [19] : 0x00 (0) [20] : 0x74 (116) [21] : 0x00 (0) [22] : 0x65 (101) [23] : 0x00 (0) [24] : 0x72 (114) [25] : 0x00 (0) [26] : 0x20 (32) [27] : 0x00 (0) [28] : 0x50 (80) [29] : 0x00 (0) [30] : 0x6f (111) [31] : 0x00 (0) [32] : 0x72 (114) [33] : 0x00 (0) [34] : 0x74 (116) [35] : 0x00 (0) [36] : 0x00 (0) [37] : 0x00 (0) size : * size : 0x00000026 (38) length : * length : 0x00000026 (38) result : WERR_OK [2013/11/07 14:25:01.269383, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001da-0000-0000-7b52-ad947f2c0000 enum_index : 0x00000005 (5) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:25:01.283021, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 DA 01 00 00 00 00 00 00 7B 52 AD 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:01.315575, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:01.316276, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x000a (10) size : 0x0024 (36) name : * name : 'Name' type : * type : REG_SZ (1) value : * value: ARRAY(20) [0] : 0x73 (115) [1] : 0x00 (0) [2] : 0x70 (112) [3] : 0x00 (0) [4] : 0x72 (114) [5] : 0x00 (0) [6] : 0x69 (105) [7] : 0x00 (0) [8] : 0x6e (110) [9] : 0x00 (0) [10] : 0x74 (116) [11] : 0x00 (0) [12] : 0x65 (101) [13] : 0x00 (0) [14] : 0x72 (114) [15] : 0x00 (0) [16] : 0x31 (49) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) size : * size : 0x00000014 (20) length : * length : 0x00000014 (20) result : WERR_OK [2013/11/07 14:25:01.340382, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001da-0000-0000-7b52-ad947f2c0000 enum_index : 0x00000006 (6) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:25:01.385222, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 DA 01 00 00 00 00 00 00 7B 52 AD 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:01.386998, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:01.387294, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0020 (32) size : 0x0024 (36) name : * name : 'Print Processor' type : * type : REG_SZ (1) value : * value: ARRAY(18) [0] : 0x77 (119) [1] : 0x00 (0) [2] : 0x69 (105) [3] : 0x00 (0) [4] : 0x6e (110) [5] : 0x00 (0) [6] : 0x70 (112) [7] : 0x00 (0) [8] : 0x72 (114) [9] : 0x00 (0) [10] : 0x69 (105) [11] : 0x00 (0) [12] : 0x6e (110) [13] : 0x00 (0) [14] : 0x74 (116) [15] : 0x00 (0) [16] : 0x00 (0) [17] : 0x00 (0) size : * size : 0x00000012 (18) length : * length : 0x00000012 (18) result : WERR_OK [2013/11/07 14:25:01.491549, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001da-0000-0000-7b52-ad947f2c0000 enum_index : 0x00000007 (7) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:25:01.494715, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 DA 01 00 00 00 00 00 00 7B 52 AD 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:01.494949, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:01.495116, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Priority' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:25:01.501032, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001da-0000-0000-7b52-ad947f2c0000 enum_index : 0x00000008 (8) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:25:01.502783, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 DA 01 00 00 00 00 00 00 7B 52 AD 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:01.502977, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:01.503147, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Security' type : * type : REG_BINARY (3) value : * value: ARRAY(248) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0xc4 (196) [55] : 0x00 (0) [56] : 0x07 (7) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x24 (36) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x05 (5) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x15 (21) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0xcd (205) [101] : 0x0e (14) [102] : 0x37 (55) [103] : 0x41 (65) [104] : 0xea (234) [105] : 0x03 (3) [106] : 0x00 (0) [107] : 0x1d (29) [108] : 0x0e (14) [109] : 0x89 (137) [110] : 0x3c (60) [111] : 0xd2 (210) [112] : 0x00 (0) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x02 (2) [118] : 0x24 (36) [119] : 0x00 (0) [120] : 0x0c (12) [121] : 0x00 (0) [122] : 0x0f (15) [123] : 0x10 (16) [124] : 0x01 (1) [125] : 0x05 (5) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x05 (5) [132] : 0x15 (21) [133] : 0x00 (0) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0xcd (205) [137] : 0x0e (14) [138] : 0x37 (55) [139] : 0x41 (65) [140] : 0xea (234) [141] : 0x03 (3) [142] : 0x00 (0) [143] : 0x1d (29) [144] : 0x0e (14) [145] : 0x89 (137) [146] : 0x3c (60) [147] : 0xd2 (210) [148] : 0x00 (0) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x09 (9) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x20 (32) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x02 (2) [178] : 0x18 (24) [179] : 0x00 (0) [180] : 0x0c (12) [181] : 0x00 (0) [182] : 0x0f (15) [183] : 0x10 (16) [184] : 0x01 (1) [185] : 0x02 (2) [186] : 0x00 (0) [187] : 0x00 (0) [188] : 0x00 (0) [189] : 0x00 (0) [190] : 0x00 (0) [191] : 0x05 (5) [192] : 0x20 (32) [193] : 0x00 (0) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x20 (32) [197] : 0x02 (2) [198] : 0x00 (0) [199] : 0x00 (0) [200] : 0x00 (0) [201] : 0x09 (9) [202] : 0x18 (24) [203] : 0x00 (0) [204] : 0x0c (12) [205] : 0x00 (0) [206] : 0x0f (15) [207] : 0x10 (16) [208] : 0x01 (1) [209] : 0x02 (2) [210] : 0x00 (0) [211] : 0x00 (0) [212] : 0x00 (0) [213] : 0x00 (0) [214] : 0x00 (0) [215] : 0x05 (5) [216] : 0x20 (32) [217] : 0x00 (0) [218] : 0x00 (0) [219] : 0x00 (0) [220] : 0x26 (38) [221] : 0x02 (2) [222] : 0x00 (0) [223] : 0x00 (0) [224] : 0x00 (0) [225] : 0x02 (2) [226] : 0x18 (24) [227] : 0x00 (0) [228] : 0x0c (12) [229] : 0x00 (0) [230] : 0x0f (15) [231] : 0x10 (16) [232] : 0x01 (1) [233] : 0x02 (2) [234] : 0x00 (0) [235] : 0x00 (0) [236] : 0x00 (0) [237] : 0x00 (0) [238] : 0x00 (0) [239] : 0x05 (5) [240] : 0x20 (32) [241] : 0x00 (0) [242] : 0x00 (0) [243] : 0x00 (0) [244] : 0x26 (38) [245] : 0x02 (2) [246] : 0x00 (0) [247] : 0x00 (0) size : * size : 0x000000f8 (248) length : * length : 0x000000f8 (248) result : WERR_OK [2013/11/07 14:25:01.563420, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001da-0000-0000-7b52-ad947f2c0000 enum_index : 0x00000009 (9) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:25:01.578196, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 DA 01 00 00 00 00 00 00 7B 52 AD 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:01.613557, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:01.613980, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0016 (22) size : 0x0024 (36) name : * name : 'Share Name' type : * type : REG_SZ (1) value : * value: ARRAY(20) [0] : 0x73 (115) [1] : 0x00 (0) [2] : 0x70 (112) [3] : 0x00 (0) [4] : 0x72 (114) [5] : 0x00 (0) [6] : 0x69 (105) [7] : 0x00 (0) [8] : 0x6e (110) [9] : 0x00 (0) [10] : 0x74 (116) [11] : 0x00 (0) [12] : 0x65 (101) [13] : 0x00 (0) [14] : 0x72 (114) [15] : 0x00 (0) [16] : 0x31 (49) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) size : * size : 0x00000014 (20) length : * length : 0x00000014 (20) result : WERR_OK [2013/11/07 14:25:01.635605, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001da-0000-0000-7b52-ad947f2c0000 enum_index : 0x0000000a (10) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:25:01.645165, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 DA 01 00 00 00 00 00 00 7B 52 AD 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:01.645500, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:01.645766, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0014 (20) size : 0x0024 (36) name : * name : 'StartTime' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:25:01.648914, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001da-0000-0000-7b52-ad947f2c0000 enum_index : 0x0000000b (11) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:25:01.650001, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 DA 01 00 00 00 00 00 00 7B 52 AD 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:01.650180, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:01.650308, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0014 (20) size : 0x0024 (36) name : * name : 'UntilTime' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:25:01.651366, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001da-0000-0000-7b52-ad947f2c0000 enum_index : 0x0000000c (12) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:25:01.660477, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 DA 01 00 00 00 00 00 00 7B 52 AD 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:01.660782, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:01.660936, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'ChangeID' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x33 (51) [1] : 0xac (172) [2] : 0x0e (14) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:25:01.662371, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001da-0000-0000-7b52-ad947f2c0000 value_name : * value_name: struct winreg_String name_len : 0x0020 (32) name_size : 0x0020 (32) name : * name : 'Default DevMode' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2013/11/07 14:25:01.663329, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 DA 01 00 00 00 00 00 00 7B 52 AD 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:01.663517, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:01.663624, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2013/11/07 14:25:01.663720, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:316(_winreg_QueryValue) _winreg_QueryValue: reg_queryvalue failed with: WERR_BADFILE [2013/11/07 14:25:01.663802, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) result : WERR_BADFILE [2013/11/07 14:25:01.676584, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:25:01.677352, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2013/11/07 14:25:01.677442, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (2->3) [2013/11/07 14:25:01.677530, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2013/11/07 14:25:01.677611, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2013/11/07 14:25:01.677768, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:01.677885, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM] [2013/11/07 14:25:01.678027, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2013/11/07 14:25:01.678135, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:25:01.678226, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[3] [0000] 00 00 00 00 DB 01 00 00 00 00 00 00 7B 52 AD 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:01.678455, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001db-0000-0000-7b52-ad947f2c0000 result : WERR_OK [2013/11/07 14:25:01.678906, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001db-0000-0000-7b52-ad947f2c0000 keyname: struct winreg_String name_len : 0x008c (140) name_size : 0x008c (140) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:25:01.680090, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 DB 01 00 00 00 00 00 00 7B 52 AD 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:01.688617, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2013/11/07 14:25:01.688726, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (3->4) [2013/11/07 14:25:01.688852, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2013/11/07 14:25:01.688939, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2013/11/07 14:25:01.689051, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:01.689130, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE] [2013/11/07 14:25:01.689364, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2013/11/07 14:25:01.689477, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2013/11/07 14:25:01.689560, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (4->5) [2013/11/07 14:25:01.689673, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:25:01.689755, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:25:01.689892, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:01.689973, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:25:01.690086, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2013/11/07 14:25:01.690278, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2013/11/07 14:25:01.690364, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (5->6) [2013/11/07 14:25:01.690448, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:25:01.690529, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:25:01.690636, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:01.690717, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:25:01.690866, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:25:01.691031, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2013/11/07 14:25:01.691116, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (6->7) [2013/11/07 14:25:01.691201, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:25:01.691280, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:25:01.691367, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:01.691487, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:25:01.691621, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2013/11/07 14:25:01.691706, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (7->8) [2013/11/07 14:25:01.691863, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:25:01.691947, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:25:01.692037, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:01.692116, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:25:01.692231, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2013/11/07 14:25:01.692315, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (8->9) [2013/11/07 14:25:01.700479, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:25:01.700618, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:25:01.700743, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:01.700870, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:25:01.701060, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:25:01.701181, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [sprinter1] [2013/11/07 14:25:01.701267, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (9->10) [2013/11/07 14:25:01.701413, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:01.701520, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:01.701610, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:01.701690, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:01.701849, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:01.702015, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:25:01.702106, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (10->9) [2013/11/07 14:25:01.702191, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (9->8) [2013/11/07 14:25:01.702321, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (8->7) [2013/11/07 14:25:01.702408, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (7->6) [2013/11/07 14:25:01.702492, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (6->5) [2013/11/07 14:25:01.702578, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (5->4) [2013/11/07 14:25:01.702668, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[4] [0000] 00 00 00 00 DC 01 00 00 00 00 00 00 7B 52 AD 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:01.702854, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001dc-0000-0000-7b52-ad947f2c0000 result : WERR_OK [2013/11/07 14:25:01.703296, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001dc-0000-0000-7b52-ad947f2c0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2013/11/07 14:25:01.704208, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 DC 01 00 00 00 00 00 00 7B 52 AD 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:01.704361, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:01.712580, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2013/11/07 14:25:01.712710, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' (ops 0xb6d86bc0) [2013/11/07 14:25:01.712800, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:01.712999, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[0]: name[Attributes] len[4] [2013/11/07 14:25:01.713090, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[1]: name[Description] len[2] [2013/11/07 14:25:01.713174, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[2]: name[Datatype] len[8] [2013/11/07 14:25:01.713258, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[3]: name[Default Priority] len[4] [2013/11/07 14:25:01.713416, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[4]: name[Port] len[38] [2013/11/07 14:25:01.713503, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[5]: name[Name] len[20] [2013/11/07 14:25:01.713587, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[6]: name[Print Processor] len[18] [2013/11/07 14:25:01.713672, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[7]: name[Priority] len[4] [2013/11/07 14:25:01.713757, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[8]: name[Security] len[248] [2013/11/07 14:25:01.713874, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[9]: name[Share Name] len[20] [2013/11/07 14:25:01.713960, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[10]: name[StartTime] len[4] [2013/11/07 14:25:01.714069, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[11]: name[UntilTime] len[4] [2013/11/07 14:25:01.714155, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[12]: name[ChangeID] len[4] [2013/11/07 14:25:01.714245, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : NULL data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x00000000 (0) result : WERR_OK [2013/11/07 14:25:01.714851, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001dc-0000-0000-7b52-ad947f2c0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_BINARY (3) data : * data: ARRAY(0) data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x00000000 (0) [2013/11/07 14:25:01.715796, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 DC 01 00 00 00 00 00 00 7B 52 AD 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:01.715998, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:01.716081, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2013/11/07 14:25:01.716195, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : * data: ARRAY(248) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0xc4 (196) [55] : 0x00 (0) [56] : 0x07 (7) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x24 (36) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x05 (5) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x15 (21) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0xcd (205) [101] : 0x0e (14) [102] : 0x37 (55) [103] : 0x41 (65) [104] : 0xea (234) [105] : 0x03 (3) [106] : 0x00 (0) [107] : 0x1d (29) [108] : 0x0e (14) [109] : 0x89 (137) [110] : 0x3c (60) [111] : 0xd2 (210) [112] : 0x00 (0) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x02 (2) [118] : 0x24 (36) [119] : 0x00 (0) [120] : 0x0c (12) [121] : 0x00 (0) [122] : 0x0f (15) [123] : 0x10 (16) [124] : 0x01 (1) [125] : 0x05 (5) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x05 (5) [132] : 0x15 (21) [133] : 0x00 (0) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0xcd (205) [137] : 0x0e (14) [138] : 0x37 (55) [139] : 0x41 (65) [140] : 0xea (234) [141] : 0x03 (3) [142] : 0x00 (0) [143] : 0x1d (29) [144] : 0x0e (14) [145] : 0x89 (137) [146] : 0x3c (60) [147] : 0xd2 (210) [148] : 0x00 (0) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x09 (9) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x20 (32) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x02 (2) [178] : 0x18 (24) [179] : 0x00 (0) [180] : 0x0c (12) [181] : 0x00 (0) [182] : 0x0f (15) [183] : 0x10 (16) [184] : 0x01 (1) [185] : 0x02 (2) [186] : 0x00 (0) [187] : 0x00 (0) [188] : 0x00 (0) [189] : 0x00 (0) [190] : 0x00 (0) [191] : 0x05 (5) [192] : 0x20 (32) [193] : 0x00 (0) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x20 (32) [197] : 0x02 (2) [198] : 0x00 (0) [199] : 0x00 (0) [200] : 0x00 (0) [201] : 0x09 (9) [202] : 0x18 (24) [203] : 0x00 (0) [204] : 0x0c (12) [205] : 0x00 (0) [206] : 0x0f (15) [207] : 0x10 (16) [208] : 0x01 (1) [209] : 0x02 (2) [210] : 0x00 (0) [211] : 0x00 (0) [212] : 0x00 (0) [213] : 0x00 (0) [214] : 0x00 (0) [215] : 0x05 (5) [216] : 0x20 (32) [217] : 0x00 (0) [218] : 0x00 (0) [219] : 0x00 (0) [220] : 0x26 (38) [221] : 0x02 (2) [222] : 0x00 (0) [223] : 0x00 (0) [224] : 0x00 (0) [225] : 0x02 (2) [226] : 0x18 (24) [227] : 0x00 (0) [228] : 0x0c (12) [229] : 0x00 (0) [230] : 0x0f (15) [231] : 0x10 (16) [232] : 0x01 (1) [233] : 0x02 (2) [234] : 0x00 (0) [235] : 0x00 (0) [236] : 0x00 (0) [237] : 0x00 (0) [238] : 0x00 (0) [239] : 0x05 (5) [240] : 0x20 (32) [241] : 0x00 (0) [242] : 0x00 (0) [243] : 0x00 (0) [244] : 0x26 (38) [245] : 0x02 (2) [246] : 0x00 (0) [247] : 0x00 (0) data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x000000f8 (248) result : WERR_OK [2013/11/07 14:25:01.757652, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001dc-0000-0000-7b52-ad947f2c0000 [2013/11/07 14:25:01.757963, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 DC 01 00 00 00 00 00 00 7B 52 AD 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:01.758121, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 DC 01 00 00 00 00 00 00 7B 52 AD 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:01.758271, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:25:01.758367, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (4->3) [2013/11/07 14:25:01.758452, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:25:01.758793, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001db-0000-0000-7b52-ad947f2c0000 [2013/11/07 14:25:01.759076, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 DB 01 00 00 00 00 00 00 7B 52 AD 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:01.759226, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 DB 01 00 00 00 00 00 00 7B 52 AD 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:01.759373, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:25:01.759473, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (3->2) [2013/11/07 14:25:01.759556, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:25:01.759898, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001da-0000-0000-7b52-ad947f2c0000 [2013/11/07 14:25:01.760179, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 DA 01 00 00 00 00 00 00 7B 52 AD 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:01.760329, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 DA 01 00 00 00 00 00 00 7B 52 AD 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:01.768639, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:25:01.768761, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (2->1) [2013/11/07 14:25:01.768855, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:25:01.769252, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001d9-0000-0000-7b52-ad947f2c0000 [2013/11/07 14:25:01.769579, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 D9 01 00 00 00 00 00 00 7B 52 AD 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:01.769733, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 D9 01 00 00 00 00 00 00 7B 52 AD 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:01.769883, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:25:01.769965, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (1->0) [2013/11/07 14:25:01.770102, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:25:01.770446, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:416(close_policy_by_pipe) Deleted handle list for RPC connection \winreg [2013/11/07 14:25:01.770698, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) spoolss_GetPrinter: struct spoolss_GetPrinter out: struct spoolss_GetPrinter info : * info : union spoolss_PrinterInfo(case 2) info2: struct spoolss_PrinterInfo2 servername : * servername : '\\SLAVER' printername : * printername : '\\SLAVER\sprinter1' sharename : * sharename : 'sprinter1' portname : * portname : 'Samba Printer Port' drivername : * drivername : '' comment : * comment : '' location : * location : '' devmode : * devmode: struct spoolss_DeviceMode devicename : '\\SLAVER\sprinter1' specversion : DMSPEC_NT4_AND_ABOVE (1025) driverversion : 0x0400 (1024) size : 0x00dc (220) __driverextra_length : 0x0000 (0) fields : 0x00014713 (83731) 1: DEVMODE_ORIENTATION 1: DEVMODE_PAPERSIZE 0: DEVMODE_PAPERLENGTH 0: DEVMODE_PAPERWIDTH 1: DEVMODE_SCALE 0: DEVMODE_POSITION 0: DEVMODE_NUP 1: DEVMODE_COPIES 1: DEVMODE_DEFAULTSOURCE 1: DEVMODE_PRINTQUALITY 0: DEVMODE_COLOR 0: DEVMODE_DUPLEX 0: DEVMODE_YRESOLUTION 1: DEVMODE_TTOPTION 0: DEVMODE_COLLATE 1: DEVMODE_FORMNAME 0: DEVMODE_LOGPIXELS 0: DEVMODE_BITSPERPEL 0: DEVMODE_PELSWIDTH 0: DEVMODE_PELSHEIGHT 0: DEVMODE_DISPLAYFLAGS 0: DEVMODE_DISPLAYFREQUENCY 0: DEVMODE_ICMMETHOD 0: DEVMODE_ICMINTENT 0: DEVMODE_MEDIATYPE 0: DEVMODE_DITHERTYPE 0: DEVMODE_PANNINGWIDTH 0: DEVMODE_PANNINGHEIGHT orientation : DMORIENT_PORTRAIT (1) papersize : DMPAPER_LETTER (1) paperlength : 0x0000 (0) paperwidth : 0x0000 (0) scale : 0x0064 (100) copies : 0x0001 (1) defaultsource : DMBIN_FORMSOURCE (15) printquality : DMRES_HIGH (65532) color : DMRES_MONOCHROME (1) duplex : DMDUP_SIMPLEX (1) yresolution : 0x0000 (0) ttoption : DMTT_SUBDEV (3) collate : DMCOLLATE_FALSE (0) formname : 'Letter' logpixels : 0x0000 (0) bitsperpel : 0x00000000 (0) pelswidth : 0x00000000 (0) pelsheight : 0x00000000 (0) displayflags : UNKNOWN_ENUM_VALUE (0) displayfrequency : 0x00000000 (0) icmmethod : UNKNOWN_ENUM_VALUE (0) icmintent : UNKNOWN_ENUM_VALUE (0) mediatype : UNKNOWN_ENUM_VALUE (0) dithertype : UNKNOWN_ENUM_VALUE (0) reserved1 : 0x00000000 (0) reserved2 : 0x00000000 (0) panningwidth : 0x00000000 (0) panningheight : 0x00000000 (0) driverextra_data : DATA_BLOB length=0 sepfile : * sepfile : '' printprocessor : * printprocessor : 'winprint' datatype : * datatype : 'RAW' parameters : * parameters : '' secdesc : * secdesc: struct security_descriptor revision : SECURITY_DESCRIPTOR_REVISION_1 (1) type : 0x8004 (32772) 0: SEC_DESC_OWNER_DEFAULTED 0: SEC_DESC_GROUP_DEFAULTED 1: SEC_DESC_DACL_PRESENT 0: SEC_DESC_DACL_DEFAULTED 0: SEC_DESC_SACL_PRESENT 0: SEC_DESC_SACL_DEFAULTED 0: SEC_DESC_DACL_TRUSTED 0: SEC_DESC_SERVER_SECURITY 0: SEC_DESC_DACL_AUTO_INHERIT_REQ 0: SEC_DESC_SACL_AUTO_INHERIT_REQ 0: SEC_DESC_DACL_AUTO_INHERITED 0: SEC_DESC_SACL_AUTO_INHERITED 0: SEC_DESC_DACL_PROTECTED 0: SEC_DESC_SACL_PROTECTED 0: SEC_DESC_RM_CONTROL_VALID 1: SEC_DESC_SELF_RELATIVE owner_sid : * owner_sid : S-1-5-32-544 group_sid : * group_sid : S-1-5-32-544 sacl : NULL dacl : * dacl: struct security_acl revision : SECURITY_ACL_REVISION_NT4 (2) size : 0x00c4 (196) num_aces : 0x00000007 (7) aces: ARRAY(7) aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0014 (20) access_mask : 0x20020008 (537001992) object : union security_ace_object_ctr(case 0) trustee : S-1-1-0 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x09 (9) 1: SEC_ACE_FLAG_OBJECT_INHERIT 0: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 1: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0024 (36) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-21-1094127309-486540266-3527182606-512 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0024 (36) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-21-1094127309-486540266-3527182606-512 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x09 (9) 1: SEC_ACE_FLAG_OBJECT_INHERIT 0: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 1: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-544 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-544 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x09 (9) 1: SEC_ACE_FLAG_OBJECT_INHERIT 0: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 1: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-550 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-550 attributes : 0x00001048 (4168) 0: PRINTER_ATTRIBUTE_QUEUED 0: PRINTER_ATTRIBUTE_DIRECT 0: PRINTER_ATTRIBUTE_DEFAULT 1: PRINTER_ATTRIBUTE_SHARED 0: PRINTER_ATTRIBUTE_NETWORK 0: PRINTER_ATTRIBUTE_HIDDEN 1: PRINTER_ATTRIBUTE_LOCAL 0: PRINTER_ATTRIBUTE_ENABLE_DEVQ 0: PRINTER_ATTRIBUTE_KEEPPRINTEDJOBS 0: PRINTER_ATTRIBUTE_DO_COMPLETE_FIRST 0: PRINTER_ATTRIBUTE_WORK_OFFLINE 0: PRINTER_ATTRIBUTE_ENABLE_BIDI 1: PRINTER_ATTRIBUTE_RAW_ONLY 0: PRINTER_ATTRIBUTE_PUBLISHED 0: PRINTER_ATTRIBUTE_FAX 0: PRINTER_ATTRIBUTE_TS priority : 0x00000001 (1) defaultpriority : 0x00000001 (1) starttime : 0x00000000 (0) untiltime : 0x00000000 (0) status : 0x00000000 (0) 0: PRINTER_STATUS_PAUSED 0: PRINTER_STATUS_ERROR 0: PRINTER_STATUS_PENDING_DELETION 0: PRINTER_STATUS_PAPER_JAM 0: PRINTER_STATUS_PAPER_OUT 0: PRINTER_STATUS_MANUAL_FEED 0: PRINTER_STATUS_PAPER_PROBLEM 0: PRINTER_STATUS_OFFLINE 0: PRINTER_STATUS_IO_ACTIVE 0: PRINTER_STATUS_BUSY 0: PRINTER_STATUS_PRINTING 0: PRINTER_STATUS_OUTPUT_BIN_FULL 0: PRINTER_STATUS_NOT_AVAILABLE 0: PRINTER_STATUS_WAITING 0: PRINTER_STATUS_PROCESSING 0: PRINTER_STATUS_INITIALIZING 0: PRINTER_STATUS_WARMING_UP 0: PRINTER_STATUS_TONER_LOW 0: PRINTER_STATUS_NO_TONER 0: PRINTER_STATUS_PAGE_PUNT 0: PRINTER_STATUS_USER_INTERVENTION 0: PRINTER_STATUS_OUT_OF_MEMORY 0: PRINTER_STATUS_DOOR_OPEN 0: PRINTER_STATUS_SERVER_UNKNOWN 0: PRINTER_STATUS_POWER_SAVE cjobs : 0x00000000 (0) averageppm : 0x00000000 (0) needed : * needed : 0x000002f0 (752) result : WERR_OK [2013/11/07 14:25:01.806937, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1417(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2013/11/07 14:25:01.807089, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (2016, 5001) - sec_ctx_stack_ndx = 0 [2013/11/07 14:25:01.807179, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 4140 smbd_smb2_request_pending_queue: req->current_idx = 1 req->in.vector[0].iov_len = 0 req->in.vector[1].iov_len = 0 req->in.vector[2].iov_len = 64 req->in.vector[3].iov_len = 56 req->in.vector[4].iov_len = 4156 req->out.vector[0].iov_len = 4 req->out.vector[1].iov_len = 0 req->out.vector[2].iov_len = 64 req->out.vector[3].iov_len = 8 req->out.vector[4].iov_len = 0 [2013/11/07 14:25:01.807697, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:128(smbd_smb2_ioctl_pipe_write_done) smbd_smb2_ioctl_pipe_write_done: received 4156 [2013/11/07 14:25:01.807783, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:149(smbd_smb2_ioctl_pipe_write_done) smbd_smb2_ioctl_pipe_write_done: issuing np_read_send of size 4136 [2013/11/07 14:25:01.807868, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) name: \spoolss len: 4136 [2013/11/07 14:25:01.807953, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:347(read_from_internal_pipe) read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 4112. [2013/11/07 14:25:01.808053, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x1028 (4136) auth_length : 0x0000 (0) call_id : 0x0000000f (15) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00001010 (4112) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=4112 [0000] 04 00 02 00 00 10 00 00 EE 0F 00 00 C8 0F 00 00 ........ ........ [0010] B4 0F 00 00 8E 0F 00 00 8C 0F 00 00 8A 0F 00 00 ........ ........ [0020] 88 0F 00 00 8C 0E 00 00 86 0F 00 00 74 0F 00 00 ........ ....t... [0030] 6C 0F 00 00 6A 0F 00 00 94 0D 00 00 48 10 00 00 l...j... ....H... [0040] 01 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 01 00 04 80 ........ ........ [0DA0] D8 00 00 00 E8 00 00 00 00 00 00 00 14 00 00 00 ........ ........ [0DB0] 02 00 C4 00 07 00 00 00 00 02 14 00 08 00 02 20 ........ ....... [0DC0] 01 01 00 00 00 00 00 01 00 00 00 00 00 09 24 00 ........ ......$. [0DD0] 0C 00 0F 10 01 05 00 00 00 00 00 05 15 00 00 00 ........ ........ [0DE0] CD 0E 37 41 EA 03 00 1D 0E 89 3C D2 00 02 00 00 ..7A.... ..<..... [0DF0] 00 02 24 00 0C 00 0F 10 01 05 00 00 00 00 00 05 ..$..... ........ [0E00] 15 00 00 00 CD 0E 37 41 EA 03 00 1D 0E 89 3C D2 ......7A ......<. [0E10] 00 02 00 00 00 09 18 00 0C 00 0F 10 01 02 00 00 ........ ........ [0E20] 00 00 00 05 20 00 00 00 20 02 00 00 00 02 18 00 .... ... ....... [0E30] 0C 00 0F 10 01 02 00 00 00 00 00 05 20 00 00 00 ........ .... ... [0E40] 20 02 00 00 00 09 18 00 0C 00 0F 10 01 02 00 00 ....... ........ [0E50] 00 00 00 05 20 00 00 00 26 02 00 00 00 02 18 00 .... ... &....... [0E60] 0C 00 0F 10 01 02 00 00 00 00 00 05 20 00 00 00 ........ .... ... [0E70] 26 02 00 00 01 02 00 00 00 00 00 05 20 00 00 00 &....... .... ... [0E80] 20 02 00 00 01 02 00 00 00 00 00 05 20 00 00 00 ....... .... ... [0E90] 20 02 00 00 5C 00 5C 00 53 00 4C 00 41 00 56 00 ...\.\. S.L.A.V. [0EA0] 45 00 52 00 5C 00 73 00 70 00 72 00 69 00 6E 00 E.R.\.s. p.r.i.n. [0EB0] 74 00 65 00 72 00 31 00 00 00 00 00 00 00 00 00 t.e.r.1. ........ [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0ED0] 00 00 00 00 01 04 00 04 DC 00 00 00 13 47 01 00 ........ .....G.. [0EE0] 01 00 01 00 00 00 00 00 64 00 01 00 0F 00 FC FF ........ d....... [0EF0] 01 00 01 00 00 00 03 00 00 00 4C 00 65 00 74 00 ........ ..L.e.t. [0F00] 74 00 65 00 72 00 00 00 00 00 00 00 00 00 00 00 t.e.r... ........ [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F70] 00 00 00 00 52 00 41 00 57 00 00 00 77 00 69 00 ....R.A. W...w.i. [0F80] 6E 00 70 00 72 00 69 00 6E 00 74 00 00 00 00 00 n.p.r.i. n.t..... [0F90] 00 00 00 00 00 00 53 00 61 00 6D 00 62 00 61 00 ......S. a.m.b.a. [0FA0] 20 00 50 00 72 00 69 00 6E 00 74 00 65 00 72 00 .P.r.i. n.t.e.r. [0FB0] 20 00 50 00 6F 00 72 00 74 00 00 00 73 00 70 00 .P.o.r. t...s.p. [0FC0] 72 00 69 00 6E 00 74 00 65 00 72 00 31 00 00 00 r.i.n.t. e.r.1... [0FD0] 5C 00 5C 00 53 00 4C 00 41 00 56 00 45 00 52 00 \.\.S.L. A.V.E.R. [0FE0] 5C 00 73 00 70 00 72 00 69 00 6E 00 74 00 65 00 \.s.p.r. i.n.t.e. [0FF0] 72 00 31 00 00 00 5C 00 5C 00 53 00 4C 00 41 00 r.1...\. \.S.L.A. [1000] 56 00 45 00 52 00 00 00 F0 02 00 00 00 00 00 00 V.E.R... ........ [2013/11/07 14:25:01.884714, 3, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) free_pipe_context: destroying talloc pool of size 1258 [2013/11/07 14:25:01.884937, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 4136 bytes. There is no more data outstanding [2013/11/07 14:25:01.885071, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:178(smbd_smb2_ioctl_pipe_read_done) smbd_smb2_ioctl_pipe_read_done: np_read_recv nread = 4136 is_data_outstanding = 0, status = NT_STATUS_OK [2013/11/07 14:25:01.885167, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl.c:291(smbd_smb2_request_ioctl_done) smbd_smb2_request_ioctl_done: smbd_smb2_ioctl_recv returned 4136 status NT_STATUS_OK [2013/11/07 14:25:01.885254, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[48] dyn[yes:4136] at ../source3/smbd/smb2_ioctl.c:358 [2013/11/07 14:25:01.885435, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/259/127 [2013/11/07 14:25:01.885906, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) smbd_smb2_request_incoming: idx[1] of 5 vectors [2013/11/07 14:25:01.886111, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) smb2_validate_sequence_number: clearing id 259 (position 259) from bitmap [2013/11/07 14:25:01.886200, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) smbd_smb2_request_dispatch: opcode[SMB2_OP_IOCTL] mid = 259 [2013/11/07 14:25:01.886457, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2013/11/07 14:25:01.886556, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) mid 259, CreditCharge: 1, NeededCharge: 1 [2013/11/07 14:25:01.886640, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl.c:394(smbd_smb2_ioctl_send) smbd_smb2_ioctl: ctl_code[0x0011c017] spoolss, fnum 736039724 [2013/11/07 14:25:01.886757, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:59(smb2_ioctl_named_pipe) smbd_smb2_ioctl_send: np_write_send of size 4156 [2013/11/07 14:25:01.886839, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 4156 [2013/11/07 14:25:01.886923, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 4156 [2013/11/07 14:25:01.887026, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 4156 [2013/11/07 14:25:01.887109, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) fill_rpc_header: data_to_copy = 4156, len_needed_to_complete_hdr = 16, receive_len = 0 [2013/11/07 14:25:01.887192, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 16 [2013/11/07 14:25:01.887551, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 4140 [2013/11/07 14:25:01.888216, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 4140 [2013/11/07 14:25:01.896582, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 0 [2013/11/07 14:25:01.896723, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 4140 [2013/11/07 14:25:01.896807, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 4140, incoming data = 4140 [2013/11/07 14:25:01.896941, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) PDU is in Little Endian format! [2013/11/07 14:25:01.897043, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x103c (4156) auth_length : 0x0000 (0) call_id : 0x00000005 (5) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x00001024 (4132) context_id : 0x0000 (0) opnum : 0x0008 (8) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=4132 [0000] 00 00 00 00 AF 01 00 00 00 00 00 00 7B 52 AB 94 ........ ....{R.. [0010] 7F 2C 00 00 02 00 00 00 00 00 02 00 00 10 00 00 .,...... ........ [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1020] 00 10 00 00 .... [2013/11/07 14:25:01.970325, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) Processing packet type 0 [2013/11/07 14:25:01.970435, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1472(dcesrv_auth_request) Checking request auth. [2013/11/07 14:25:01.970537, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(2016, 5001) : sec_ctx_stack_ndx = 1 [2013/11/07 14:25:01.970630, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (2016, 5001) - sec_ctx_stack_ndx = 1 [2013/11/07 14:25:01.970714, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (7): SID[ 0]: S-1-5-21-1094127309-486540266-3527182606-1118 SID[ 1]: S-1-5-21-1094127309-486540266-3527182606-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-32-545 SID[ 6]: S-1-5-32-554 Privileges (0x 800000): Privilege[ 0]: SeChangeNotifyPrivilege Rights (0x 400): Right[ 0]: SeRemoteInteractiveLogonRight [2013/11/07 14:25:01.971207, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 2016 Primary group is 5001 and contains 6 supplementary groups Group[ 0]: 5001 Group[ 1]: 5012 Group[ 2]: 5032 Group[ 3]: 5010 Group[ 4]: 5067 Group[ 5]: 5052 [2013/11/07 14:25:01.971560, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1324(api_pipe_request) Requested \spoolss rpc service [2013/11/07 14:25:01.971650, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1356(api_rpcTNP) api_rpcTNP: \spoolss op 0x8 - api_rpcTNP: rpc command: SPOOLSS_GETPRINTER [2013/11/07 14:25:01.971736, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1390(api_rpcTNP) api_rpc_cmds[8].fn == 0xb766e000 [2013/11/07 14:25:01.971858, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) spoolss_GetPrinter: struct spoolss_GetPrinter in: struct spoolss_GetPrinter handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001af-0000-0000-7b52-ab947f2c0000 level : 0x00000002 (2) buffer : * buffer : DATA_BLOB length=4096 [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ offered : 0x00001000 (4096) [2013/11/07 14:25:02.083785, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[1] [0000] 00 00 00 00 AF 01 00 00 00 00 00 00 7B 52 AB 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:02.084011, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[1] [0000] 00 00 00 00 AF 01 00 00 00 00 00 00 7B 52 AB 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:02.084162, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:489(get_printer_snum) short name:sprinter1 [2013/11/07 14:25:02.084367, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) Create pipe requested \winreg [2013/11/07 14:25:02.092606, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:221(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \winreg [2013/11/07 14:25:02.092710, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg [2013/11/07 14:25:02.092870, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) Created internal pipe \winreg [2013/11/07 14:25:02.093000, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:25:02.093545, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2013/11/07 14:25:02.093633, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(2016, 5001) : sec_ctx_stack_ndx = 2 [2013/11/07 14:25:02.093724, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:485(push_conn_ctx) push_conn_ctx(2620291195) : conn_ctx_stack_ndx = 0 [2013/11/07 14:25:02.093807, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/11/07 14:25:02.093888, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/11/07 14:25:02.093968, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/11/07 14:25:02.094301, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (2016, 5001) - sec_ctx_stack_ndx = 1 [2013/11/07 14:25:02.094463, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:866(regdb_open) regdb_open: registry db opened. refcount reset (1) [2013/11/07 14:25:02.094552, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2013/11/07 14:25:02.094633, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2013/11/07 14:25:02.094719, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:02.094798, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM] [2013/11/07 14:25:02.094935, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2013/11/07 14:25:02.095040, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:25:02.095131, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 DD 01 00 00 00 00 00 00 7B 52 AE 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:02.095412, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001dd-0000-0000-7b52-ae947f2c0000 result : WERR_OK [2013/11/07 14:25:02.095940, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001dd-0000-0000-7b52-ae947f2c0000 keyname: struct winreg_String name_len : 0x008c (140) name_size : 0x008c (140) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:25:02.102868, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 DD 01 00 00 00 00 00 00 7B 52 AE 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:02.103078, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2013/11/07 14:25:02.103165, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (1->2) [2013/11/07 14:25:02.103253, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2013/11/07 14:25:02.103333, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2013/11/07 14:25:02.103425, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:02.103507, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE] [2013/11/07 14:25:02.103670, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2013/11/07 14:25:02.103779, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2013/11/07 14:25:02.103863, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (2->3) [2013/11/07 14:25:02.103971, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:25:02.104051, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:25:02.104136, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:02.104214, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:25:02.104327, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2013/11/07 14:25:02.112605, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2013/11/07 14:25:02.112750, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (3->4) [2013/11/07 14:25:02.112841, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:25:02.112922, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:25:02.113035, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:02.113116, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:25:02.113234, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:25:02.113405, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2013/11/07 14:25:02.113488, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (4->5) [2013/11/07 14:25:02.113573, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:25:02.113653, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:25:02.113760, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:02.113839, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:25:02.113991, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2013/11/07 14:25:02.114075, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (5->6) [2013/11/07 14:25:02.114160, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:25:02.114240, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:25:02.114355, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:02.114434, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:25:02.114546, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2013/11/07 14:25:02.114649, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (6->7) [2013/11/07 14:25:02.114735, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:25:02.114816, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:25:02.114924, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:02.121121, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:25:02.121347, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:25:02.121488, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [sprinter1] [2013/11/07 14:25:02.121574, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (7->8) [2013/11/07 14:25:02.121661, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:02.121769, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:02.121866, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:02.121946, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:02.122103, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:02.122213, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:25:02.122301, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (8->7) [2013/11/07 14:25:02.122409, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (7->6) [2013/11/07 14:25:02.122505, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (6->5) [2013/11/07 14:25:02.122729, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (5->4) [2013/11/07 14:25:02.122816, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (4->3) [2013/11/07 14:25:02.122901, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (3->2) [2013/11/07 14:25:02.122992, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 DE 01 00 00 00 00 00 00 7B 52 AE 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:02.123173, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001de-0000-0000-7b52-ae947f2c0000 result : WERR_OK [2013/11/07 14:25:02.123803, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey in: struct winreg_QueryInfoKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001de-0000-0000-7b52-ae947f2c0000 classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL [2013/11/07 14:25:02.124372, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 DE 01 00 00 00 00 00 00 7B 52 AE 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:02.132834, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' (ops 0xb6d86bc0) [2013/11/07 14:25:02.132940, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:02.133215, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[0]: name[Attributes] len[4] [2013/11/07 14:25:02.133338, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[1]: name[Description] len[2] [2013/11/07 14:25:02.133424, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[2]: name[Datatype] len[8] [2013/11/07 14:25:02.133509, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[3]: name[Default Priority] len[4] [2013/11/07 14:25:02.133594, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[4]: name[Port] len[38] [2013/11/07 14:25:02.133679, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[5]: name[Name] len[20] [2013/11/07 14:25:02.133815, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[6]: name[Print Processor] len[18] [2013/11/07 14:25:02.133901, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[7]: name[Priority] len[4] [2013/11/07 14:25:02.133997, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[8]: name[Security] len[248] [2013/11/07 14:25:02.134084, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[9]: name[Share Name] len[20] [2013/11/07 14:25:02.134170, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[10]: name[StartTime] len[4] [2013/11/07 14:25:02.134297, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[11]: name[UntilTime] len[4] [2013/11/07 14:25:02.134414, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[12]: name[ChangeID] len[4] [2013/11/07 14:25:02.134506, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:02.134626, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey out: struct winreg_QueryInfoKey classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL num_subkeys : * num_subkeys : 0x00000003 (3) max_subkeylen : * max_subkeylen : 0x00000022 (34) max_classlen : * max_classlen : 0x00000000 (0) num_values : * num_values : 0x0000000d (13) max_valnamelen : * max_valnamelen : 0x00000022 (34) max_valbufsize : * max_valbufsize : 0x000000f8 (248) secdescsize : * secdescsize : 0x00000078 (120) last_changed_time : * last_changed_time : NTTIME(0) result : WERR_OK [2013/11/07 14:25:02.135677, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001de-0000-0000-7b52-ae947f2c0000 enum_index : 0x00000000 (0) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:25:02.144794, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 DE 01 00 00 00 00 00 00 7B 52 AE 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:02.145070, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:02.145181, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0016 (22) size : 0x0024 (36) name : * name : 'Attributes' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x48 (72) [1] : 0x10 (16) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:25:02.146366, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001de-0000-0000-7b52-ae947f2c0000 enum_index : 0x00000001 (1) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:25:02.147490, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 DE 01 00 00 00 00 00 00 7B 52 AE 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:02.147707, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:02.147820, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0018 (24) size : 0x0024 (36) name : * name : 'Description' type : * type : REG_SZ (1) value : * value: ARRAY(2) [0] : 0x00 (0) [1] : 0x00 (0) size : * size : 0x00000002 (2) length : * length : 0x00000002 (2) result : WERR_OK [2013/11/07 14:25:02.152589, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001de-0000-0000-7b52-ae947f2c0000 enum_index : 0x00000002 (2) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:25:02.153511, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 DE 01 00 00 00 00 00 00 7B 52 AE 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:02.153666, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:02.153760, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Datatype' type : * type : REG_SZ (1) value : * value: ARRAY(8) [0] : 0x52 (82) [1] : 0x00 (0) [2] : 0x41 (65) [3] : 0x00 (0) [4] : 0x57 (87) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) size : * size : 0x00000008 (8) length : * length : 0x00000008 (8) result : WERR_OK [2013/11/07 14:25:02.154964, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001de-0000-0000-7b52-ae947f2c0000 enum_index : 0x00000003 (3) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:25:02.155994, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 DE 01 00 00 00 00 00 00 7B 52 AE 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:02.156146, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:02.156239, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0022 (34) size : 0x0024 (36) name : * name : 'Default Priority' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:25:02.161387, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001de-0000-0000-7b52-ae947f2c0000 enum_index : 0x00000004 (4) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:25:02.162541, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 DE 01 00 00 00 00 00 00 7B 52 AE 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:02.162707, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:02.162809, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x000a (10) size : 0x0024 (36) name : * name : 'Port' type : * type : REG_SZ (1) value : * value: ARRAY(38) [0] : 0x53 (83) [1] : 0x00 (0) [2] : 0x61 (97) [3] : 0x00 (0) [4] : 0x6d (109) [5] : 0x00 (0) [6] : 0x62 (98) [7] : 0x00 (0) [8] : 0x61 (97) [9] : 0x00 (0) [10] : 0x20 (32) [11] : 0x00 (0) [12] : 0x50 (80) [13] : 0x00 (0) [14] : 0x72 (114) [15] : 0x00 (0) [16] : 0x69 (105) [17] : 0x00 (0) [18] : 0x6e (110) [19] : 0x00 (0) [20] : 0x74 (116) [21] : 0x00 (0) [22] : 0x65 (101) [23] : 0x00 (0) [24] : 0x72 (114) [25] : 0x00 (0) [26] : 0x20 (32) [27] : 0x00 (0) [28] : 0x50 (80) [29] : 0x00 (0) [30] : 0x6f (111) [31] : 0x00 (0) [32] : 0x72 (114) [33] : 0x00 (0) [34] : 0x74 (116) [35] : 0x00 (0) [36] : 0x00 (0) [37] : 0x00 (0) size : * size : 0x00000026 (38) length : * length : 0x00000026 (38) result : WERR_OK [2013/11/07 14:25:02.169556, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001de-0000-0000-7b52-ae947f2c0000 enum_index : 0x00000005 (5) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:25:02.170593, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 DE 01 00 00 00 00 00 00 7B 52 AE 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:02.170747, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:02.170848, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x000a (10) size : 0x0024 (36) name : * name : 'Name' type : * type : REG_SZ (1) value : * value: ARRAY(20) [0] : 0x73 (115) [1] : 0x00 (0) [2] : 0x70 (112) [3] : 0x00 (0) [4] : 0x72 (114) [5] : 0x00 (0) [6] : 0x69 (105) [7] : 0x00 (0) [8] : 0x6e (110) [9] : 0x00 (0) [10] : 0x74 (116) [11] : 0x00 (0) [12] : 0x65 (101) [13] : 0x00 (0) [14] : 0x72 (114) [15] : 0x00 (0) [16] : 0x31 (49) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) size : * size : 0x00000014 (20) length : * length : 0x00000014 (20) result : WERR_OK [2013/11/07 14:25:02.172351, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001de-0000-0000-7b52-ae947f2c0000 enum_index : 0x00000006 (6) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:25:02.180506, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 DE 01 00 00 00 00 00 00 7B 52 AE 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:02.180707, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:02.180809, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0020 (32) size : 0x0024 (36) name : * name : 'Print Processor' type : * type : REG_SZ (1) value : * value: ARRAY(18) [0] : 0x77 (119) [1] : 0x00 (0) [2] : 0x69 (105) [3] : 0x00 (0) [4] : 0x6e (110) [5] : 0x00 (0) [6] : 0x70 (112) [7] : 0x00 (0) [8] : 0x72 (114) [9] : 0x00 (0) [10] : 0x69 (105) [11] : 0x00 (0) [12] : 0x6e (110) [13] : 0x00 (0) [14] : 0x74 (116) [15] : 0x00 (0) [16] : 0x00 (0) [17] : 0x00 (0) size : * size : 0x00000012 (18) length : * length : 0x00000012 (18) result : WERR_OK [2013/11/07 14:25:02.182341, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001de-0000-0000-7b52-ae947f2c0000 enum_index : 0x00000007 (7) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:25:02.183201, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 DE 01 00 00 00 00 00 00 7B 52 AE 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:02.183378, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:02.183464, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Priority' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:25:02.184339, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001de-0000-0000-7b52-ae947f2c0000 enum_index : 0x00000008 (8) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:25:02.197407, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 DE 01 00 00 00 00 00 00 7B 52 AE 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:02.197573, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:02.197673, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Security' type : * type : REG_BINARY (3) value : * value: ARRAY(248) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0xc4 (196) [55] : 0x00 (0) [56] : 0x07 (7) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x24 (36) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x05 (5) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x15 (21) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0xcd (205) [101] : 0x0e (14) [102] : 0x37 (55) [103] : 0x41 (65) [104] : 0xea (234) [105] : 0x03 (3) [106] : 0x00 (0) [107] : 0x1d (29) [108] : 0x0e (14) [109] : 0x89 (137) [110] : 0x3c (60) [111] : 0xd2 (210) [112] : 0x00 (0) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x02 (2) [118] : 0x24 (36) [119] : 0x00 (0) [120] : 0x0c (12) [121] : 0x00 (0) [122] : 0x0f (15) [123] : 0x10 (16) [124] : 0x01 (1) [125] : 0x05 (5) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x05 (5) [132] : 0x15 (21) [133] : 0x00 (0) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0xcd (205) [137] : 0x0e (14) [138] : 0x37 (55) [139] : 0x41 (65) [140] : 0xea (234) [141] : 0x03 (3) [142] : 0x00 (0) [143] : 0x1d (29) [144] : 0x0e (14) [145] : 0x89 (137) [146] : 0x3c (60) [147] : 0xd2 (210) [148] : 0x00 (0) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x09 (9) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x20 (32) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x02 (2) [178] : 0x18 (24) [179] : 0x00 (0) [180] : 0x0c (12) [181] : 0x00 (0) [182] : 0x0f (15) [183] : 0x10 (16) [184] : 0x01 (1) [185] : 0x02 (2) [186] : 0x00 (0) [187] : 0x00 (0) [188] : 0x00 (0) [189] : 0x00 (0) [190] : 0x00 (0) [191] : 0x05 (5) [192] : 0x20 (32) [193] : 0x00 (0) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x20 (32) [197] : 0x02 (2) [198] : 0x00 (0) [199] : 0x00 (0) [200] : 0x00 (0) [201] : 0x09 (9) [202] : 0x18 (24) [203] : 0x00 (0) [204] : 0x0c (12) [205] : 0x00 (0) [206] : 0x0f (15) [207] : 0x10 (16) [208] : 0x01 (1) [209] : 0x02 (2) [210] : 0x00 (0) [211] : 0x00 (0) [212] : 0x00 (0) [213] : 0x00 (0) [214] : 0x00 (0) [215] : 0x05 (5) [216] : 0x20 (32) [217] : 0x00 (0) [218] : 0x00 (0) [219] : 0x00 (0) [220] : 0x26 (38) [221] : 0x02 (2) [222] : 0x00 (0) [223] : 0x00 (0) [224] : 0x00 (0) [225] : 0x02 (2) [226] : 0x18 (24) [227] : 0x00 (0) [228] : 0x0c (12) [229] : 0x00 (0) [230] : 0x0f (15) [231] : 0x10 (16) [232] : 0x01 (1) [233] : 0x02 (2) [234] : 0x00 (0) [235] : 0x00 (0) [236] : 0x00 (0) [237] : 0x00 (0) [238] : 0x00 (0) [239] : 0x05 (5) [240] : 0x20 (32) [241] : 0x00 (0) [242] : 0x00 (0) [243] : 0x00 (0) [244] : 0x26 (38) [245] : 0x02 (2) [246] : 0x00 (0) [247] : 0x00 (0) size : * size : 0x000000f8 (248) length : * length : 0x000000f8 (248) result : WERR_OK [2013/11/07 14:25:02.229820, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001de-0000-0000-7b52-ae947f2c0000 enum_index : 0x00000009 (9) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:25:02.230789, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 DE 01 00 00 00 00 00 00 7B 52 AE 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:02.230970, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:02.231070, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0016 (22) size : 0x0024 (36) name : * name : 'Share Name' type : * type : REG_SZ (1) value : * value: ARRAY(20) [0] : 0x73 (115) [1] : 0x00 (0) [2] : 0x70 (112) [3] : 0x00 (0) [4] : 0x72 (114) [5] : 0x00 (0) [6] : 0x69 (105) [7] : 0x00 (0) [8] : 0x6e (110) [9] : 0x00 (0) [10] : 0x74 (116) [11] : 0x00 (0) [12] : 0x65 (101) [13] : 0x00 (0) [14] : 0x72 (114) [15] : 0x00 (0) [16] : 0x31 (49) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) size : * size : 0x00000014 (20) length : * length : 0x00000014 (20) result : WERR_OK [2013/11/07 14:25:02.240906, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001de-0000-0000-7b52-ae947f2c0000 enum_index : 0x0000000a (10) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:25:02.241999, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 DE 01 00 00 00 00 00 00 7B 52 AE 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:02.242201, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:02.242361, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0014 (20) size : 0x0024 (36) name : * name : 'StartTime' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:25:02.244023, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001de-0000-0000-7b52-ae947f2c0000 enum_index : 0x0000000b (11) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:25:02.253215, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 DE 01 00 00 00 00 00 00 7B 52 AE 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:02.253421, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:02.253530, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0014 (20) size : 0x0024 (36) name : * name : 'UntilTime' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:25:02.254608, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001de-0000-0000-7b52-ae947f2c0000 enum_index : 0x0000000c (12) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:25:02.255586, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 DE 01 00 00 00 00 00 00 7B 52 AE 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:02.255736, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:02.255829, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'ChangeID' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x33 (51) [1] : 0xac (172) [2] : 0x0e (14) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:25:02.265079, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001de-0000-0000-7b52-ae947f2c0000 value_name : * value_name: struct winreg_String name_len : 0x0020 (32) name_size : 0x0020 (32) name : * name : 'Default DevMode' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2013/11/07 14:25:02.266039, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 DE 01 00 00 00 00 00 00 7B 52 AE 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:02.266216, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:02.266300, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2013/11/07 14:25:02.266396, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:316(_winreg_QueryValue) _winreg_QueryValue: reg_queryvalue failed with: WERR_BADFILE [2013/11/07 14:25:02.266477, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) result : WERR_BADFILE [2013/11/07 14:25:02.266989, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:25:02.267524, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2013/11/07 14:25:02.267608, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (2->3) [2013/11/07 14:25:02.267694, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2013/11/07 14:25:02.267775, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2013/11/07 14:25:02.267881, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:02.267960, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM] [2013/11/07 14:25:02.268105, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2013/11/07 14:25:02.268238, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:25:02.268326, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[3] [0000] 00 00 00 00 DF 01 00 00 00 00 00 00 7B 52 AE 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:02.276623, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001df-0000-0000-7b52-ae947f2c0000 result : WERR_OK [2013/11/07 14:25:02.277121, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001df-0000-0000-7b52-ae947f2c0000 keyname: struct winreg_String name_len : 0x008c (140) name_size : 0x008c (140) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:25:02.278323, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 DF 01 00 00 00 00 00 00 7B 52 AE 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:02.278486, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2013/11/07 14:25:02.278572, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (3->4) [2013/11/07 14:25:02.278659, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2013/11/07 14:25:02.278740, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2013/11/07 14:25:02.278827, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:02.278905, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE] [2013/11/07 14:25:02.279070, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2013/11/07 14:25:02.279178, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2013/11/07 14:25:02.279367, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (4->5) [2013/11/07 14:25:02.279453, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:25:02.279532, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:25:02.279616, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:02.279694, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:25:02.279847, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2013/11/07 14:25:02.279973, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2013/11/07 14:25:02.280057, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (5->6) [2013/11/07 14:25:02.280141, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:25:02.280221, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:25:02.280305, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:02.288452, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:25:02.288725, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:25:02.288844, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2013/11/07 14:25:02.288929, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (6->7) [2013/11/07 14:25:02.289097, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:25:02.289182, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:25:02.289336, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:02.289420, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:25:02.289558, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2013/11/07 14:25:02.289713, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (7->8) [2013/11/07 14:25:02.289800, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:25:02.289882, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:25:02.289971, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:02.290050, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:25:02.290390, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2013/11/07 14:25:02.290483, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (8->9) [2013/11/07 14:25:02.290569, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:25:02.290698, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:25:02.290809, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:02.290888, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:25:02.291021, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:25:02.291130, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [sprinter1] [2013/11/07 14:25:02.291214, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (9->10) [2013/11/07 14:25:02.291300, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:02.291380, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:02.291509, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:02.291590, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:02.291708, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:02.291810, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:25:02.291897, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (10->9) [2013/11/07 14:25:02.291981, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (9->8) [2013/11/07 14:25:02.292110, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (8->7) [2013/11/07 14:25:02.292194, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (7->6) [2013/11/07 14:25:02.292278, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (6->5) [2013/11/07 14:25:02.292363, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (5->4) [2013/11/07 14:25:02.300667, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[4] [0000] 00 00 00 00 E0 01 00 00 00 00 00 00 7B 52 AE 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:02.300844, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001e0-0000-0000-7b52-ae947f2c0000 result : WERR_OK [2013/11/07 14:25:02.301342, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001e0-0000-0000-7b52-ae947f2c0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2013/11/07 14:25:02.302334, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 E0 01 00 00 00 00 00 00 7B 52 AE 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:02.302491, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:02.308650, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2013/11/07 14:25:02.308741, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' (ops 0xb6d86bc0) [2013/11/07 14:25:02.308828, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:02.308978, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[0]: name[Attributes] len[4] [2013/11/07 14:25:02.309067, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[1]: name[Description] len[2] [2013/11/07 14:25:02.309151, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[2]: name[Datatype] len[8] [2013/11/07 14:25:02.309235, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[3]: name[Default Priority] len[4] [2013/11/07 14:25:02.309339, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[4]: name[Port] len[38] [2013/11/07 14:25:02.309534, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[5]: name[Name] len[20] [2013/11/07 14:25:02.309622, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[6]: name[Print Processor] len[18] [2013/11/07 14:25:02.309707, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[7]: name[Priority] len[4] [2013/11/07 14:25:02.309793, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[8]: name[Security] len[248] [2013/11/07 14:25:02.309893, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[9]: name[Share Name] len[20] [2013/11/07 14:25:02.309979, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[10]: name[StartTime] len[4] [2013/11/07 14:25:02.310065, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[11]: name[UntilTime] len[4] [2013/11/07 14:25:02.310150, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[12]: name[ChangeID] len[4] [2013/11/07 14:25:02.310357, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : NULL data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x00000000 (0) result : WERR_OK [2013/11/07 14:25:02.310949, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001e0-0000-0000-7b52-ae947f2c0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_BINARY (3) data : * data: ARRAY(0) data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x00000000 (0) [2013/11/07 14:25:02.311857, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 E0 01 00 00 00 00 00 00 7B 52 AE 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:02.312012, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:02.312155, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2013/11/07 14:25:02.312249, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : * data: ARRAY(248) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0xc4 (196) [55] : 0x00 (0) [56] : 0x07 (7) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x24 (36) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x05 (5) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x15 (21) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0xcd (205) [101] : 0x0e (14) [102] : 0x37 (55) [103] : 0x41 (65) [104] : 0xea (234) [105] : 0x03 (3) [106] : 0x00 (0) [107] : 0x1d (29) [108] : 0x0e (14) [109] : 0x89 (137) [110] : 0x3c (60) [111] : 0xd2 (210) [112] : 0x00 (0) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x02 (2) [118] : 0x24 (36) [119] : 0x00 (0) [120] : 0x0c (12) [121] : 0x00 (0) [122] : 0x0f (15) [123] : 0x10 (16) [124] : 0x01 (1) [125] : 0x05 (5) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x05 (5) [132] : 0x15 (21) [133] : 0x00 (0) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0xcd (205) [137] : 0x0e (14) [138] : 0x37 (55) [139] : 0x41 (65) [140] : 0xea (234) [141] : 0x03 (3) [142] : 0x00 (0) [143] : 0x1d (29) [144] : 0x0e (14) [145] : 0x89 (137) [146] : 0x3c (60) [147] : 0xd2 (210) [148] : 0x00 (0) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x09 (9) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x20 (32) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x02 (2) [178] : 0x18 (24) [179] : 0x00 (0) [180] : 0x0c (12) [181] : 0x00 (0) [182] : 0x0f (15) [183] : 0x10 (16) [184] : 0x01 (1) [185] : 0x02 (2) [186] : 0x00 (0) [187] : 0x00 (0) [188] : 0x00 (0) [189] : 0x00 (0) [190] : 0x00 (0) [191] : 0x05 (5) [192] : 0x20 (32) [193] : 0x00 (0) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x20 (32) [197] : 0x02 (2) [198] : 0x00 (0) [199] : 0x00 (0) [200] : 0x00 (0) [201] : 0x09 (9) [202] : 0x18 (24) [203] : 0x00 (0) [204] : 0x0c (12) [205] : 0x00 (0) [206] : 0x0f (15) [207] : 0x10 (16) [208] : 0x01 (1) [209] : 0x02 (2) [210] : 0x00 (0) [211] : 0x00 (0) [212] : 0x00 (0) [213] : 0x00 (0) [214] : 0x00 (0) [215] : 0x05 (5) [216] : 0x20 (32) [217] : 0x00 (0) [218] : 0x00 (0) [219] : 0x00 (0) [220] : 0x26 (38) [221] : 0x02 (2) [222] : 0x00 (0) [223] : 0x00 (0) [224] : 0x00 (0) [225] : 0x02 (2) [226] : 0x18 (24) [227] : 0x00 (0) [228] : 0x0c (12) [229] : 0x00 (0) [230] : 0x0f (15) [231] : 0x10 (16) [232] : 0x01 (1) [233] : 0x02 (2) [234] : 0x00 (0) [235] : 0x00 (0) [236] : 0x00 (0) [237] : 0x00 (0) [238] : 0x00 (0) [239] : 0x05 (5) [240] : 0x20 (32) [241] : 0x00 (0) [242] : 0x00 (0) [243] : 0x00 (0) [244] : 0x26 (38) [245] : 0x02 (2) [246] : 0x00 (0) [247] : 0x00 (0) data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x000000f8 (248) result : WERR_OK [2013/11/07 14:25:02.356974, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001e0-0000-0000-7b52-ae947f2c0000 [2013/11/07 14:25:02.357302, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 E0 01 00 00 00 00 00 00 7B 52 AE 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:02.357463, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 E0 01 00 00 00 00 00 00 7B 52 AE 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:02.357614, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:25:02.357709, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (4->3) [2013/11/07 14:25:02.357794, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:25:02.358135, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001df-0000-0000-7b52-ae947f2c0000 [2013/11/07 14:25:02.358417, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 DF 01 00 00 00 00 00 00 7B 52 AE 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:02.358593, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 DF 01 00 00 00 00 00 00 7B 52 AE 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:02.358741, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:25:02.358825, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (3->2) [2013/11/07 14:25:02.358908, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:25:02.359247, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001de-0000-0000-7b52-ae947f2c0000 [2013/11/07 14:25:02.359528, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 DE 01 00 00 00 00 00 00 7B 52 AE 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:02.359681, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 DE 01 00 00 00 00 00 00 7B 52 AE 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:02.359832, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:25:02.359925, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (2->1) [2013/11/07 14:25:02.360008, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:25:02.360342, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001dd-0000-0000-7b52-ae947f2c0000 [2013/11/07 14:25:02.369424, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 DD 01 00 00 00 00 00 00 7B 52 AE 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:02.369712, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 DD 01 00 00 00 00 00 00 7B 52 AE 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:02.369866, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:25:02.369952, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (1->0) [2013/11/07 14:25:02.370072, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:25:02.370472, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:416(close_policy_by_pipe) Deleted handle list for RPC connection \winreg [2013/11/07 14:25:02.371031, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) spoolss_GetPrinter: struct spoolss_GetPrinter out: struct spoolss_GetPrinter info : * info : union spoolss_PrinterInfo(case 2) info2: struct spoolss_PrinterInfo2 servername : * servername : '\\SLAVER' printername : * printername : '\\SLAVER\sprinter1' sharename : * sharename : 'sprinter1' portname : * portname : 'Samba Printer Port' drivername : * drivername : '' comment : * comment : '' location : * location : '' devmode : * devmode: struct spoolss_DeviceMode devicename : '\\SLAVER\sprinter1' specversion : DMSPEC_NT4_AND_ABOVE (1025) driverversion : 0x0400 (1024) size : 0x00dc (220) __driverextra_length : 0x0000 (0) fields : 0x00014713 (83731) 1: DEVMODE_ORIENTATION 1: DEVMODE_PAPERSIZE 0: DEVMODE_PAPERLENGTH 0: DEVMODE_PAPERWIDTH 1: DEVMODE_SCALE 0: DEVMODE_POSITION 0: DEVMODE_NUP 1: DEVMODE_COPIES 1: DEVMODE_DEFAULTSOURCE 1: DEVMODE_PRINTQUALITY 0: DEVMODE_COLOR 0: DEVMODE_DUPLEX 0: DEVMODE_YRESOLUTION 1: DEVMODE_TTOPTION 0: DEVMODE_COLLATE 1: DEVMODE_FORMNAME 0: DEVMODE_LOGPIXELS 0: DEVMODE_BITSPERPEL 0: DEVMODE_PELSWIDTH 0: DEVMODE_PELSHEIGHT 0: DEVMODE_DISPLAYFLAGS 0: DEVMODE_DISPLAYFREQUENCY 0: DEVMODE_ICMMETHOD 0: DEVMODE_ICMINTENT 0: DEVMODE_MEDIATYPE 0: DEVMODE_DITHERTYPE 0: DEVMODE_PANNINGWIDTH 0: DEVMODE_PANNINGHEIGHT orientation : DMORIENT_PORTRAIT (1) papersize : DMPAPER_LETTER (1) paperlength : 0x0000 (0) paperwidth : 0x0000 (0) scale : 0x0064 (100) copies : 0x0001 (1) defaultsource : DMBIN_FORMSOURCE (15) printquality : DMRES_HIGH (65532) color : DMRES_MONOCHROME (1) duplex : DMDUP_SIMPLEX (1) yresolution : 0x0000 (0) ttoption : DMTT_SUBDEV (3) collate : DMCOLLATE_FALSE (0) formname : 'Letter' logpixels : 0x0000 (0) bitsperpel : 0x00000000 (0) pelswidth : 0x00000000 (0) pelsheight : 0x00000000 (0) displayflags : UNKNOWN_ENUM_VALUE (0) displayfrequency : 0x00000000 (0) icmmethod : UNKNOWN_ENUM_VALUE (0) icmintent : UNKNOWN_ENUM_VALUE (0) mediatype : UNKNOWN_ENUM_VALUE (0) dithertype : UNKNOWN_ENUM_VALUE (0) reserved1 : 0x00000000 (0) reserved2 : 0x00000000 (0) panningwidth : 0x00000000 (0) panningheight : 0x00000000 (0) driverextra_data : DATA_BLOB length=0 sepfile : * sepfile : '' printprocessor : * printprocessor : 'winprint' datatype : * datatype : 'RAW' parameters : * parameters : '' secdesc : * secdesc: struct security_descriptor revision : SECURITY_DESCRIPTOR_REVISION_1 (1) type : 0x8004 (32772) 0: SEC_DESC_OWNER_DEFAULTED 0: SEC_DESC_GROUP_DEFAULTED 1: SEC_DESC_DACL_PRESENT 0: SEC_DESC_DACL_DEFAULTED 0: SEC_DESC_SACL_PRESENT 0: SEC_DESC_SACL_DEFAULTED 0: SEC_DESC_DACL_TRUSTED 0: SEC_DESC_SERVER_SECURITY 0: SEC_DESC_DACL_AUTO_INHERIT_REQ 0: SEC_DESC_SACL_AUTO_INHERIT_REQ 0: SEC_DESC_DACL_AUTO_INHERITED 0: SEC_DESC_SACL_AUTO_INHERITED 0: SEC_DESC_DACL_PROTECTED 0: SEC_DESC_SACL_PROTECTED 0: SEC_DESC_RM_CONTROL_VALID 1: SEC_DESC_SELF_RELATIVE owner_sid : * owner_sid : S-1-5-32-544 group_sid : * group_sid : S-1-5-32-544 sacl : NULL dacl : * dacl: struct security_acl revision : SECURITY_ACL_REVISION_NT4 (2) size : 0x00c4 (196) num_aces : 0x00000007 (7) aces: ARRAY(7) aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0014 (20) access_mask : 0x20020008 (537001992) object : union security_ace_object_ctr(case 0) trustee : S-1-1-0 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x09 (9) 1: SEC_ACE_FLAG_OBJECT_INHERIT 0: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 1: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0024 (36) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-21-1094127309-486540266-3527182606-512 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0024 (36) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-21-1094127309-486540266-3527182606-512 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x09 (9) 1: SEC_ACE_FLAG_OBJECT_INHERIT 0: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 1: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-544 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-544 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x09 (9) 1: SEC_ACE_FLAG_OBJECT_INHERIT 0: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 1: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-550 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-550 attributes : 0x00001048 (4168) 0: PRINTER_ATTRIBUTE_QUEUED 0: PRINTER_ATTRIBUTE_DIRECT 0: PRINTER_ATTRIBUTE_DEFAULT 1: PRINTER_ATTRIBUTE_SHARED 0: PRINTER_ATTRIBUTE_NETWORK 0: PRINTER_ATTRIBUTE_HIDDEN 1: PRINTER_ATTRIBUTE_LOCAL 0: PRINTER_ATTRIBUTE_ENABLE_DEVQ 0: PRINTER_ATTRIBUTE_KEEPPRINTEDJOBS 0: PRINTER_ATTRIBUTE_DO_COMPLETE_FIRST 0: PRINTER_ATTRIBUTE_WORK_OFFLINE 0: PRINTER_ATTRIBUTE_ENABLE_BIDI 1: PRINTER_ATTRIBUTE_RAW_ONLY 0: PRINTER_ATTRIBUTE_PUBLISHED 0: PRINTER_ATTRIBUTE_FAX 0: PRINTER_ATTRIBUTE_TS priority : 0x00000001 (1) defaultpriority : 0x00000001 (1) starttime : 0x00000000 (0) untiltime : 0x00000000 (0) status : 0x00000000 (0) 0: PRINTER_STATUS_PAUSED 0: PRINTER_STATUS_ERROR 0: PRINTER_STATUS_PENDING_DELETION 0: PRINTER_STATUS_PAPER_JAM 0: PRINTER_STATUS_PAPER_OUT 0: PRINTER_STATUS_MANUAL_FEED 0: PRINTER_STATUS_PAPER_PROBLEM 0: PRINTER_STATUS_OFFLINE 0: PRINTER_STATUS_IO_ACTIVE 0: PRINTER_STATUS_BUSY 0: PRINTER_STATUS_PRINTING 0: PRINTER_STATUS_OUTPUT_BIN_FULL 0: PRINTER_STATUS_NOT_AVAILABLE 0: PRINTER_STATUS_WAITING 0: PRINTER_STATUS_PROCESSING 0: PRINTER_STATUS_INITIALIZING 0: PRINTER_STATUS_WARMING_UP 0: PRINTER_STATUS_TONER_LOW 0: PRINTER_STATUS_NO_TONER 0: PRINTER_STATUS_PAGE_PUNT 0: PRINTER_STATUS_USER_INTERVENTION 0: PRINTER_STATUS_OUT_OF_MEMORY 0: PRINTER_STATUS_DOOR_OPEN 0: PRINTER_STATUS_SERVER_UNKNOWN 0: PRINTER_STATUS_POWER_SAVE cjobs : 0x00000000 (0) averageppm : 0x00000000 (0) needed : * needed : 0x000002f0 (752) result : WERR_OK [2013/11/07 14:25:02.510312, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1417(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2013/11/07 14:25:02.510462, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (2016, 5001) - sec_ctx_stack_ndx = 0 [2013/11/07 14:25:02.510552, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 4140 smbd_smb2_request_pending_queue: req->current_idx = 1 req->in.vector[0].iov_len = 0 req->in.vector[1].iov_len = 0 req->in.vector[2].iov_len = 64 req->in.vector[3].iov_len = 56 req->in.vector[4].iov_len = 4156 req->out.vector[0].iov_len = 4 req->out.vector[1].iov_len = 0 req->out.vector[2].iov_len = 64 req->out.vector[3].iov_len = 8 req->out.vector[4].iov_len = 0 [2013/11/07 14:25:02.511068, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:128(smbd_smb2_ioctl_pipe_write_done) smbd_smb2_ioctl_pipe_write_done: received 4156 [2013/11/07 14:25:02.511153, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:149(smbd_smb2_ioctl_pipe_write_done) smbd_smb2_ioctl_pipe_write_done: issuing np_read_send of size 4136 [2013/11/07 14:25:02.511238, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) name: \spoolss len: 4136 [2013/11/07 14:25:02.511323, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:347(read_from_internal_pipe) read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 4112. [2013/11/07 14:25:02.511422, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x1028 (4136) auth_length : 0x0000 (0) call_id : 0x00000005 (5) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00001010 (4112) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=4112 [0000] 04 00 02 00 00 10 00 00 EE 0F 00 00 C8 0F 00 00 ........ ........ [0010] B4 0F 00 00 8E 0F 00 00 8C 0F 00 00 8A 0F 00 00 ........ ........ [0020] 88 0F 00 00 8C 0E 00 00 86 0F 00 00 74 0F 00 00 ........ ....t... [0030] 6C 0F 00 00 6A 0F 00 00 94 0D 00 00 48 10 00 00 l...j... ....H... [0040] 01 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 01 00 04 80 ........ ........ [0DA0] D8 00 00 00 E8 00 00 00 00 00 00 00 14 00 00 00 ........ ........ [0DB0] 02 00 C4 00 07 00 00 00 00 02 14 00 08 00 02 20 ........ ....... [0DC0] 01 01 00 00 00 00 00 01 00 00 00 00 00 09 24 00 ........ ......$. [0DD0] 0C 00 0F 10 01 05 00 00 00 00 00 05 15 00 00 00 ........ ........ [0DE0] CD 0E 37 41 EA 03 00 1D 0E 89 3C D2 00 02 00 00 ..7A.... ..<..... [0DF0] 00 02 24 00 0C 00 0F 10 01 05 00 00 00 00 00 05 ..$..... ........ [0E00] 15 00 00 00 CD 0E 37 41 EA 03 00 1D 0E 89 3C D2 ......7A ......<. [0E10] 00 02 00 00 00 09 18 00 0C 00 0F 10 01 02 00 00 ........ ........ [0E20] 00 00 00 05 20 00 00 00 20 02 00 00 00 02 18 00 .... ... ....... [0E30] 0C 00 0F 10 01 02 00 00 00 00 00 05 20 00 00 00 ........ .... ... [0E40] 20 02 00 00 00 09 18 00 0C 00 0F 10 01 02 00 00 ....... ........ [0E50] 00 00 00 05 20 00 00 00 26 02 00 00 00 02 18 00 .... ... &....... [0E60] 0C 00 0F 10 01 02 00 00 00 00 00 05 20 00 00 00 ........ .... ... [0E70] 26 02 00 00 01 02 00 00 00 00 00 05 20 00 00 00 &....... .... ... [0E80] 20 02 00 00 01 02 00 00 00 00 00 05 20 00 00 00 ....... .... ... [0E90] 20 02 00 00 5C 00 5C 00 53 00 4C 00 41 00 56 00 ...\.\. S.L.A.V. [0EA0] 45 00 52 00 5C 00 73 00 70 00 72 00 69 00 6E 00 E.R.\.s. p.r.i.n. [0EB0] 74 00 65 00 72 00 31 00 00 00 00 00 00 00 00 00 t.e.r.1. ........ [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0ED0] 00 00 00 00 01 04 00 04 DC 00 00 00 13 47 01 00 ........ .....G.. [0EE0] 01 00 01 00 00 00 00 00 64 00 01 00 0F 00 FC FF ........ d....... [0EF0] 01 00 01 00 00 00 03 00 00 00 4C 00 65 00 74 00 ........ ..L.e.t. [0F00] 74 00 65 00 72 00 00 00 00 00 00 00 00 00 00 00 t.e.r... ........ [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F70] 00 00 00 00 52 00 41 00 57 00 00 00 77 00 69 00 ....R.A. W...w.i. [0F80] 6E 00 70 00 72 00 69 00 6E 00 74 00 00 00 00 00 n.p.r.i. n.t..... [0F90] 00 00 00 00 00 00 53 00 61 00 6D 00 62 00 61 00 ......S. a.m.b.a. [0FA0] 20 00 50 00 72 00 69 00 6E 00 74 00 65 00 72 00 .P.r.i. n.t.e.r. [0FB0] 20 00 50 00 6F 00 72 00 74 00 00 00 73 00 70 00 .P.o.r. t...s.p. [0FC0] 72 00 69 00 6E 00 74 00 65 00 72 00 31 00 00 00 r.i.n.t. e.r.1... [0FD0] 5C 00 5C 00 53 00 4C 00 41 00 56 00 45 00 52 00 \.\.S.L. A.V.E.R. [0FE0] 5C 00 73 00 70 00 72 00 69 00 6E 00 74 00 65 00 \.s.p.r. i.n.t.e. [0FF0] 72 00 31 00 00 00 5C 00 5C 00 53 00 4C 00 41 00 r.1...\. \.S.L.A. [1000] 56 00 45 00 52 00 00 00 F0 02 00 00 00 00 00 00 V.E.R... ........ [2013/11/07 14:25:02.602431, 3, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) free_pipe_context: destroying talloc pool of size 1258 [2013/11/07 14:25:02.602606, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 4136 bytes. There is no more data outstanding [2013/11/07 14:25:02.602720, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:178(smbd_smb2_ioctl_pipe_read_done) smbd_smb2_ioctl_pipe_read_done: np_read_recv nread = 4136 is_data_outstanding = 0, status = NT_STATUS_OK [2013/11/07 14:25:02.602817, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl.c:291(smbd_smb2_request_ioctl_done) smbd_smb2_request_ioctl_done: smbd_smb2_ioctl_recv returned 4136 status NT_STATUS_OK [2013/11/07 14:25:02.602902, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[48] dyn[yes:4136] at ../source3/smbd/smb2_ioctl.c:358 [2013/11/07 14:25:02.602991, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/260/127 [2013/11/07 14:25:02.603346, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) smbd_smb2_request_incoming: idx[1] of 5 vectors [2013/11/07 14:25:02.603478, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) smb2_validate_sequence_number: clearing id 260 (position 260) from bitmap [2013/11/07 14:25:02.603564, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) smbd_smb2_request_dispatch: opcode[SMB2_OP_IOCTL] mid = 260 [2013/11/07 14:25:02.603709, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2013/11/07 14:25:02.603869, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) mid 260, CreditCharge: 1, NeededCharge: 1 [2013/11/07 14:25:02.603953, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl.c:394(smbd_smb2_ioctl_send) smbd_smb2_ioctl: ctl_code[0x0011c017] spoolss, fnum 3764318751 [2013/11/07 14:25:02.604045, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:59(smb2_ioctl_named_pipe) smbd_smb2_ioctl_send: np_write_send of size 4156 [2013/11/07 14:25:02.604127, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 4156 [2013/11/07 14:25:02.604211, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 4156 [2013/11/07 14:25:02.604350, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 4156 [2013/11/07 14:25:02.608550, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) fill_rpc_header: data_to_copy = 4156, len_needed_to_complete_hdr = 16, receive_len = 0 [2013/11/07 14:25:02.608701, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 16 [2013/11/07 14:25:02.608787, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 4140 [2013/11/07 14:25:02.608868, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 4140 [2013/11/07 14:25:02.608957, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 0 [2013/11/07 14:25:02.609037, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 4140 [2013/11/07 14:25:02.609116, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 4140, incoming data = 4140 [2013/11/07 14:25:02.609202, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) PDU is in Little Endian format! [2013/11/07 14:25:02.609380, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x103c (4156) auth_length : 0x0000 (0) call_id : 0x00000010 (16) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x00001024 (4132) context_id : 0x0000 (0) opnum : 0x0008 (8) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=4132 [0000] 00 00 00 00 7E 01 00 00 00 00 00 00 7B 52 AA 94 ....~... ....{R.. [0010] 7F 2C 00 00 02 00 00 00 00 00 02 00 00 10 00 00 .,...... ........ [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1020] 00 10 00 00 .... [2013/11/07 14:25:02.673572, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) Processing packet type 0 [2013/11/07 14:25:02.673676, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1472(dcesrv_auth_request) Checking request auth. [2013/11/07 14:25:02.673779, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(2016, 5001) : sec_ctx_stack_ndx = 1 [2013/11/07 14:25:02.673873, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (2016, 5001) - sec_ctx_stack_ndx = 1 [2013/11/07 14:25:02.673958, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (7): SID[ 0]: S-1-5-21-1094127309-486540266-3527182606-1118 SID[ 1]: S-1-5-21-1094127309-486540266-3527182606-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-32-545 SID[ 6]: S-1-5-32-554 Privileges (0x 800000): Privilege[ 0]: SeChangeNotifyPrivilege Rights (0x 400): Right[ 0]: SeRemoteInteractiveLogonRight [2013/11/07 14:25:02.674445, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 2016 Primary group is 5001 and contains 6 supplementary groups Group[ 0]: 5001 Group[ 1]: 5012 Group[ 2]: 5032 Group[ 3]: 5010 Group[ 4]: 5067 Group[ 5]: 5052 [2013/11/07 14:25:02.674828, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1324(api_pipe_request) Requested \spoolss rpc service [2013/11/07 14:25:02.674919, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1356(api_rpcTNP) api_rpcTNP: \spoolss op 0x8 - api_rpcTNP: rpc command: SPOOLSS_GETPRINTER [2013/11/07 14:25:02.675005, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1390(api_rpcTNP) api_rpc_cmds[8].fn == 0xb766e000 [2013/11/07 14:25:02.675100, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) spoolss_GetPrinter: struct spoolss_GetPrinter in: struct spoolss_GetPrinter handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000017e-0000-0000-7b52-aa947f2c0000 level : 0x00000002 (2) buffer : * buffer : DATA_BLOB length=4096 [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ offered : 0x00001000 (4096) [2013/11/07 14:25:02.710978, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[5] [0000] 00 00 00 00 7E 01 00 00 00 00 00 00 7B 52 AA 94 ....~... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:02.711159, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[5] [0000] 00 00 00 00 7E 01 00 00 00 00 00 00 7B 52 AA 94 ....~... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:02.711309, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:489(get_printer_snum) short name:sprinter1 [2013/11/07 14:25:02.711511, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) Create pipe requested \winreg [2013/11/07 14:25:02.711610, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:221(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \winreg [2013/11/07 14:25:02.711693, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg [2013/11/07 14:25:02.711846, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) Created internal pipe \winreg [2013/11/07 14:25:02.711967, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:25:02.720575, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2013/11/07 14:25:02.720676, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(2016, 5001) : sec_ctx_stack_ndx = 2 [2013/11/07 14:25:02.720770, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:485(push_conn_ctx) push_conn_ctx(2620291195) : conn_ctx_stack_ndx = 0 [2013/11/07 14:25:02.720875, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/11/07 14:25:02.720957, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/11/07 14:25:02.721038, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/11/07 14:25:02.721344, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (2016, 5001) - sec_ctx_stack_ndx = 1 [2013/11/07 14:25:02.721431, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:866(regdb_open) regdb_open: registry db opened. refcount reset (1) [2013/11/07 14:25:02.721518, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2013/11/07 14:25:02.721598, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2013/11/07 14:25:02.721682, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:02.721761, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM] [2013/11/07 14:25:02.721895, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2013/11/07 14:25:02.722000, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:25:02.722089, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 E1 01 00 00 00 00 00 00 7B 52 AE 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:02.722245, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001e1-0000-0000-7b52-ae947f2c0000 result : WERR_OK [2013/11/07 14:25:02.722628, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001e1-0000-0000-7b52-ae947f2c0000 keyname: struct winreg_String name_len : 0x008c (140) name_size : 0x008c (140) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:25:02.723650, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 E1 01 00 00 00 00 00 00 7B 52 AE 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:02.723806, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2013/11/07 14:25:02.723888, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (1->2) [2013/11/07 14:25:02.723972, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2013/11/07 14:25:02.724051, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2013/11/07 14:25:02.724136, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:02.724217, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE] [2013/11/07 14:25:02.724331, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2013/11/07 14:25:02.728531, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2013/11/07 14:25:02.728630, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (2->3) [2013/11/07 14:25:02.728717, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:25:02.728798, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:25:02.728884, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:02.728962, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:25:02.729075, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2013/11/07 14:25:02.729175, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2013/11/07 14:25:02.729258, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (3->4) [2013/11/07 14:25:02.729371, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:25:02.729470, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:25:02.729555, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:02.729633, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:25:02.729737, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:25:02.729837, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2013/11/07 14:25:02.729918, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (4->5) [2013/11/07 14:25:02.730071, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:25:02.730155, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:25:02.730240, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:02.730318, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:25:02.730444, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2013/11/07 14:25:02.730526, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (5->6) [2013/11/07 14:25:02.730610, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:25:02.730689, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:25:02.730778, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:02.730856, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:25:02.730964, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2013/11/07 14:25:02.731045, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (6->7) [2013/11/07 14:25:02.731129, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:25:02.731223, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:25:02.731310, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:02.731388, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:25:02.731492, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:25:02.731594, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [sprinter1] [2013/11/07 14:25:02.731676, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (7->8) [2013/11/07 14:25:02.731760, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:02.731840, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:02.731927, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:02.732005, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:02.732132, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:02.732237, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:25:02.732322, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (8->7) [2013/11/07 14:25:02.736470, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (7->6) [2013/11/07 14:25:02.736578, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (6->5) [2013/11/07 14:25:02.736663, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (5->4) [2013/11/07 14:25:02.736746, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (4->3) [2013/11/07 14:25:02.736829, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (3->2) [2013/11/07 14:25:02.736917, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 E2 01 00 00 00 00 00 00 7B 52 AE 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:02.737093, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001e2-0000-0000-7b52-ae947f2c0000 result : WERR_OK [2013/11/07 14:25:02.737504, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey in: struct winreg_QueryInfoKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001e2-0000-0000-7b52-ae947f2c0000 classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL [2013/11/07 14:25:02.737980, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 E2 01 00 00 00 00 00 00 7B 52 AE 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:02.738138, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' (ops 0xb6d86bc0) [2013/11/07 14:25:02.738222, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:02.738349, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[0]: name[Attributes] len[4] [2013/11/07 14:25:02.738435, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[1]: name[Description] len[2] [2013/11/07 14:25:02.738518, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[2]: name[Datatype] len[8] [2013/11/07 14:25:02.738602, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[3]: name[Default Priority] len[4] [2013/11/07 14:25:02.738685, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[4]: name[Port] len[38] [2013/11/07 14:25:02.738769, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[5]: name[Name] len[20] [2013/11/07 14:25:02.738853, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[6]: name[Print Processor] len[18] [2013/11/07 14:25:02.738937, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[7]: name[Priority] len[4] [2013/11/07 14:25:02.739035, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[8]: name[Security] len[248] [2013/11/07 14:25:02.739120, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[9]: name[Share Name] len[20] [2013/11/07 14:25:02.739205, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[10]: name[StartTime] len[4] [2013/11/07 14:25:02.739289, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[11]: name[UntilTime] len[4] [2013/11/07 14:25:02.739373, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[12]: name[ChangeID] len[4] [2013/11/07 14:25:02.739458, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:02.739565, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey out: struct winreg_QueryInfoKey classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL num_subkeys : * num_subkeys : 0x00000003 (3) max_subkeylen : * max_subkeylen : 0x00000022 (34) max_classlen : * max_classlen : 0x00000000 (0) num_values : * num_values : 0x0000000d (13) max_valnamelen : * max_valnamelen : 0x00000022 (34) max_valbufsize : * max_valbufsize : 0x000000f8 (248) secdescsize : * secdescsize : 0x00000078 (120) last_changed_time : * last_changed_time : NTTIME(0) result : WERR_OK [2013/11/07 14:25:02.744665, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001e2-0000-0000-7b52-ae947f2c0000 enum_index : 0x00000000 (0) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:25:02.745566, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 E2 01 00 00 00 00 00 00 7B 52 AE 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:02.745744, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:02.746028, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0016 (22) size : 0x0024 (36) name : * name : 'Attributes' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x48 (72) [1] : 0x10 (16) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:25:02.747909, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001e2-0000-0000-7b52-ae947f2c0000 enum_index : 0x00000001 (1) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:25:02.752856, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 E2 01 00 00 00 00 00 00 7B 52 AE 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:02.753017, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:02.753110, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0018 (24) size : 0x0024 (36) name : * name : 'Description' type : * type : REG_SZ (1) value : * value: ARRAY(2) [0] : 0x00 (0) [1] : 0x00 (0) size : * size : 0x00000002 (2) length : * length : 0x00000002 (2) result : WERR_OK [2013/11/07 14:25:02.753954, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001e2-0000-0000-7b52-ae947f2c0000 enum_index : 0x00000002 (2) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:25:02.754903, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 E2 01 00 00 00 00 00 00 7B 52 AE 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:02.755053, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:02.755144, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Datatype' type : * type : REG_SZ (1) value : * value: ARRAY(8) [0] : 0x52 (82) [1] : 0x00 (0) [2] : 0x41 (65) [3] : 0x00 (0) [4] : 0x57 (87) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) size : * size : 0x00000008 (8) length : * length : 0x00000008 (8) result : WERR_OK [2013/11/07 14:25:02.757449, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001e2-0000-0000-7b52-ae947f2c0000 enum_index : 0x00000003 (3) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:25:02.758321, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 E2 01 00 00 00 00 00 00 7B 52 AE 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:02.758470, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:02.758560, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0022 (34) size : 0x0024 (36) name : * name : 'Default Priority' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:25:02.759427, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001e2-0000-0000-7b52-ae947f2c0000 enum_index : 0x00000004 (4) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:25:02.760265, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 E2 01 00 00 00 00 00 00 7B 52 AE 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:02.764504, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:02.764610, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x000a (10) size : 0x0024 (36) name : * name : 'Port' type : * type : REG_SZ (1) value : * value: ARRAY(38) [0] : 0x53 (83) [1] : 0x00 (0) [2] : 0x61 (97) [3] : 0x00 (0) [4] : 0x6d (109) [5] : 0x00 (0) [6] : 0x62 (98) [7] : 0x00 (0) [8] : 0x61 (97) [9] : 0x00 (0) [10] : 0x20 (32) [11] : 0x00 (0) [12] : 0x50 (80) [13] : 0x00 (0) [14] : 0x72 (114) [15] : 0x00 (0) [16] : 0x69 (105) [17] : 0x00 (0) [18] : 0x6e (110) [19] : 0x00 (0) [20] : 0x74 (116) [21] : 0x00 (0) [22] : 0x65 (101) [23] : 0x00 (0) [24] : 0x72 (114) [25] : 0x00 (0) [26] : 0x20 (32) [27] : 0x00 (0) [28] : 0x50 (80) [29] : 0x00 (0) [30] : 0x6f (111) [31] : 0x00 (0) [32] : 0x72 (114) [33] : 0x00 (0) [34] : 0x74 (116) [35] : 0x00 (0) [36] : 0x00 (0) [37] : 0x00 (0) size : * size : 0x00000026 (38) length : * length : 0x00000026 (38) result : WERR_OK [2013/11/07 14:25:02.766845, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001e2-0000-0000-7b52-ae947f2c0000 enum_index : 0x00000005 (5) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:25:02.767708, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 E2 01 00 00 00 00 00 00 7B 52 AE 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:02.767858, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:02.767945, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x000a (10) size : 0x0024 (36) name : * name : 'Name' type : * type : REG_SZ (1) value : * value: ARRAY(20) [0] : 0x73 (115) [1] : 0x00 (0) [2] : 0x70 (112) [3] : 0x00 (0) [4] : 0x72 (114) [5] : 0x00 (0) [6] : 0x69 (105) [7] : 0x00 (0) [8] : 0x6e (110) [9] : 0x00 (0) [10] : 0x74 (116) [11] : 0x00 (0) [12] : 0x65 (101) [13] : 0x00 (0) [14] : 0x72 (114) [15] : 0x00 (0) [16] : 0x31 (49) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) size : * size : 0x00000014 (20) length : * length : 0x00000014 (20) result : WERR_OK [2013/11/07 14:25:02.773665, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001e2-0000-0000-7b52-ae947f2c0000 enum_index : 0x00000006 (6) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:25:02.774554, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 E2 01 00 00 00 00 00 00 7B 52 AE 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:02.774707, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:02.774796, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0020 (32) size : 0x0024 (36) name : * name : 'Print Processor' type : * type : REG_SZ (1) value : * value: ARRAY(18) [0] : 0x77 (119) [1] : 0x00 (0) [2] : 0x69 (105) [3] : 0x00 (0) [4] : 0x6e (110) [5] : 0x00 (0) [6] : 0x70 (112) [7] : 0x00 (0) [8] : 0x72 (114) [9] : 0x00 (0) [10] : 0x69 (105) [11] : 0x00 (0) [12] : 0x6e (110) [13] : 0x00 (0) [14] : 0x74 (116) [15] : 0x00 (0) [16] : 0x00 (0) [17] : 0x00 (0) size : * size : 0x00000012 (18) length : * length : 0x00000012 (18) result : WERR_OK [2013/11/07 14:25:02.776205, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001e2-0000-0000-7b52-ae947f2c0000 enum_index : 0x00000007 (7) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:25:02.781189, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 E2 01 00 00 00 00 00 00 7B 52 AE 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:02.781395, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:02.781491, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Priority' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:25:02.782385, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001e2-0000-0000-7b52-ae947f2c0000 enum_index : 0x00000008 (8) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:25:02.783236, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 E2 01 00 00 00 00 00 00 7B 52 AE 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:02.783385, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:02.783488, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Security' type : * type : REG_BINARY (3) value : * value: ARRAY(248) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0xc4 (196) [55] : 0x00 (0) [56] : 0x07 (7) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x24 (36) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x05 (5) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x15 (21) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0xcd (205) [101] : 0x0e (14) [102] : 0x37 (55) [103] : 0x41 (65) [104] : 0xea (234) [105] : 0x03 (3) [106] : 0x00 (0) [107] : 0x1d (29) [108] : 0x0e (14) [109] : 0x89 (137) [110] : 0x3c (60) [111] : 0xd2 (210) [112] : 0x00 (0) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x02 (2) [118] : 0x24 (36) [119] : 0x00 (0) [120] : 0x0c (12) [121] : 0x00 (0) [122] : 0x0f (15) [123] : 0x10 (16) [124] : 0x01 (1) [125] : 0x05 (5) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x05 (5) [132] : 0x15 (21) [133] : 0x00 (0) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0xcd (205) [137] : 0x0e (14) [138] : 0x37 (55) [139] : 0x41 (65) [140] : 0xea (234) [141] : 0x03 (3) [142] : 0x00 (0) [143] : 0x1d (29) [144] : 0x0e (14) [145] : 0x89 (137) [146] : 0x3c (60) [147] : 0xd2 (210) [148] : 0x00 (0) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x09 (9) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x20 (32) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x02 (2) [178] : 0x18 (24) [179] : 0x00 (0) [180] : 0x0c (12) [181] : 0x00 (0) [182] : 0x0f (15) [183] : 0x10 (16) [184] : 0x01 (1) [185] : 0x02 (2) [186] : 0x00 (0) [187] : 0x00 (0) [188] : 0x00 (0) [189] : 0x00 (0) [190] : 0x00 (0) [191] : 0x05 (5) [192] : 0x20 (32) [193] : 0x00 (0) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x20 (32) [197] : 0x02 (2) [198] : 0x00 (0) [199] : 0x00 (0) [200] : 0x00 (0) [201] : 0x09 (9) [202] : 0x18 (24) [203] : 0x00 (0) [204] : 0x0c (12) [205] : 0x00 (0) [206] : 0x0f (15) [207] : 0x10 (16) [208] : 0x01 (1) [209] : 0x02 (2) [210] : 0x00 (0) [211] : 0x00 (0) [212] : 0x00 (0) [213] : 0x00 (0) [214] : 0x00 (0) [215] : 0x05 (5) [216] : 0x20 (32) [217] : 0x00 (0) [218] : 0x00 (0) [219] : 0x00 (0) [220] : 0x26 (38) [221] : 0x02 (2) [222] : 0x00 (0) [223] : 0x00 (0) [224] : 0x00 (0) [225] : 0x02 (2) [226] : 0x18 (24) [227] : 0x00 (0) [228] : 0x0c (12) [229] : 0x00 (0) [230] : 0x0f (15) [231] : 0x10 (16) [232] : 0x01 (1) [233] : 0x02 (2) [234] : 0x00 (0) [235] : 0x00 (0) [236] : 0x00 (0) [237] : 0x00 (0) [238] : 0x00 (0) [239] : 0x05 (5) [240] : 0x20 (32) [241] : 0x00 (0) [242] : 0x00 (0) [243] : 0x00 (0) [244] : 0x26 (38) [245] : 0x02 (2) [246] : 0x00 (0) [247] : 0x00 (0) size : * size : 0x000000f8 (248) length : * length : 0x000000f8 (248) result : WERR_OK [2013/11/07 14:25:02.806096, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001e2-0000-0000-7b52-ae947f2c0000 enum_index : 0x00000009 (9) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:25:02.808731, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 E2 01 00 00 00 00 00 00 7B 52 AE 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:02.808892, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:02.808988, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0016 (22) size : 0x0024 (36) name : * name : 'Share Name' type : * type : REG_SZ (1) value : * value: ARRAY(20) [0] : 0x73 (115) [1] : 0x00 (0) [2] : 0x70 (112) [3] : 0x00 (0) [4] : 0x72 (114) [5] : 0x00 (0) [6] : 0x69 (105) [7] : 0x00 (0) [8] : 0x6e (110) [9] : 0x00 (0) [10] : 0x74 (116) [11] : 0x00 (0) [12] : 0x65 (101) [13] : 0x00 (0) [14] : 0x72 (114) [15] : 0x00 (0) [16] : 0x31 (49) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) size : * size : 0x00000014 (20) length : * length : 0x00000014 (20) result : WERR_OK [2013/11/07 14:25:02.810527, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001e2-0000-0000-7b52-ae947f2c0000 enum_index : 0x0000000a (10) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:25:02.811406, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 E2 01 00 00 00 00 00 00 7B 52 AE 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:02.811555, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:02.811641, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0014 (20) size : 0x0024 (36) name : * name : 'StartTime' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:25:02.816640, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001e2-0000-0000-7b52-ae947f2c0000 enum_index : 0x0000000b (11) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:25:02.817551, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 E2 01 00 00 00 00 00 00 7B 52 AE 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:02.817703, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:02.817797, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0014 (20) size : 0x0024 (36) name : * name : 'UntilTime' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:25:02.818690, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001e2-0000-0000-7b52-ae947f2c0000 enum_index : 0x0000000c (12) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:25:02.819541, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 E2 01 00 00 00 00 00 00 7B 52 AE 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:02.819689, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:02.819775, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'ChangeID' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x33 (51) [1] : 0xac (172) [2] : 0x0e (14) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:25:02.824887, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001e2-0000-0000-7b52-ae947f2c0000 value_name : * value_name: struct winreg_String name_len : 0x0020 (32) name_size : 0x0020 (32) name : * name : 'Default DevMode' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2013/11/07 14:25:02.825721, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 E2 01 00 00 00 00 00 00 7B 52 AE 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:02.825878, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:02.825962, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2013/11/07 14:25:02.826054, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:316(_winreg_QueryValue) _winreg_QueryValue: reg_queryvalue failed with: WERR_BADFILE [2013/11/07 14:25:02.826134, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) result : WERR_BADFILE [2013/11/07 14:25:02.826595, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:25:02.827101, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2013/11/07 14:25:02.827184, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (2->3) [2013/11/07 14:25:02.827283, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2013/11/07 14:25:02.827364, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2013/11/07 14:25:02.827449, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:02.827527, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM] [2013/11/07 14:25:02.827653, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2013/11/07 14:25:02.827759, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:25:02.827846, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[3] [0000] 00 00 00 00 E3 01 00 00 00 00 00 00 7B 52 AE 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:02.827998, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001e3-0000-0000-7b52-ae947f2c0000 result : WERR_OK [2013/11/07 14:25:02.828344, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001e3-0000-0000-7b52-ae947f2c0000 keyname: struct winreg_String name_len : 0x008c (140) name_size : 0x008c (140) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:25:02.837493, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 E3 01 00 00 00 00 00 00 7B 52 AE 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:02.837666, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2013/11/07 14:25:02.837752, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (3->4) [2013/11/07 14:25:02.837864, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2013/11/07 14:25:02.837945, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2013/11/07 14:25:02.838032, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:02.838111, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE] [2013/11/07 14:25:02.838242, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2013/11/07 14:25:02.838350, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2013/11/07 14:25:02.838432, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (4->5) [2013/11/07 14:25:02.838516, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:25:02.838596, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:25:02.838680, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:02.838758, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:25:02.838865, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2013/11/07 14:25:02.838966, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2013/11/07 14:25:02.839049, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (5->6) [2013/11/07 14:25:02.839132, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:25:02.839212, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:25:02.839296, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:02.839376, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:25:02.839478, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:25:02.839580, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2013/11/07 14:25:02.839676, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (6->7) [2013/11/07 14:25:02.839760, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:25:02.839839, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:25:02.839925, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:02.840004, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:25:02.840131, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2013/11/07 14:25:02.840215, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (7->8) [2013/11/07 14:25:02.840300, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:25:02.840380, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:25:02.840507, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:02.840586, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:25:02.840696, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2013/11/07 14:25:02.840778, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (8->9) [2013/11/07 14:25:02.840863, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:25:02.840944, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:25:02.841032, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:02.841110, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:25:02.841214, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:25:02.841441, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [sprinter1] [2013/11/07 14:25:02.841539, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (9->10) [2013/11/07 14:25:02.841625, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:02.841704, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:02.841791, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:02.841869, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:02.841982, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:02.842084, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:25:02.842169, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (10->9) [2013/11/07 14:25:02.842253, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (9->8) [2013/11/07 14:25:02.842336, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (8->7) [2013/11/07 14:25:02.842419, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (7->6) [2013/11/07 14:25:02.842502, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (6->5) [2013/11/07 14:25:02.842584, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (5->4) [2013/11/07 14:25:02.842670, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[4] [0000] 00 00 00 00 E4 01 00 00 00 00 00 00 7B 52 AE 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:02.842821, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001e4-0000-0000-7b52-ae947f2c0000 result : WERR_OK [2013/11/07 14:25:02.843219, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001e4-0000-0000-7b52-ae947f2c0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2013/11/07 14:25:02.844008, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 E4 01 00 00 00 00 00 00 7B 52 AE 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:02.844158, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:02.844239, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2013/11/07 14:25:02.844321, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' (ops 0xb6d86bc0) [2013/11/07 14:25:02.848471, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:02.848625, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[0]: name[Attributes] len[4] [2013/11/07 14:25:02.848714, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[1]: name[Description] len[2] [2013/11/07 14:25:02.848799, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[2]: name[Datatype] len[8] [2013/11/07 14:25:02.848884, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[3]: name[Default Priority] len[4] [2013/11/07 14:25:02.848969, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[4]: name[Port] len[38] [2013/11/07 14:25:02.849054, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[5]: name[Name] len[20] [2013/11/07 14:25:02.849138, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[6]: name[Print Processor] len[18] [2013/11/07 14:25:02.849222, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[7]: name[Priority] len[4] [2013/11/07 14:25:02.849335, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[8]: name[Security] len[248] [2013/11/07 14:25:02.849442, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[9]: name[Share Name] len[20] [2013/11/07 14:25:02.849527, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[10]: name[StartTime] len[4] [2013/11/07 14:25:02.849613, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[11]: name[UntilTime] len[4] [2013/11/07 14:25:02.849697, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[12]: name[ChangeID] len[4] [2013/11/07 14:25:02.849787, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : NULL data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x00000000 (0) result : WERR_OK [2013/11/07 14:25:02.850276, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001e4-0000-0000-7b52-ae947f2c0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_BINARY (3) data : * data: ARRAY(0) data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x00000000 (0) [2013/11/07 14:25:02.851093, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 E4 01 00 00 00 00 00 00 7B 52 AE 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:02.851245, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:02.851326, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2013/11/07 14:25:02.851415, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : * data: ARRAY(248) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0xc4 (196) [55] : 0x00 (0) [56] : 0x07 (7) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x24 (36) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x05 (5) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x15 (21) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0xcd (205) [101] : 0x0e (14) [102] : 0x37 (55) [103] : 0x41 (65) [104] : 0xea (234) [105] : 0x03 (3) [106] : 0x00 (0) [107] : 0x1d (29) [108] : 0x0e (14) [109] : 0x89 (137) [110] : 0x3c (60) [111] : 0xd2 (210) [112] : 0x00 (0) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x02 (2) [118] : 0x24 (36) [119] : 0x00 (0) [120] : 0x0c (12) [121] : 0x00 (0) [122] : 0x0f (15) [123] : 0x10 (16) [124] : 0x01 (1) [125] : 0x05 (5) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x05 (5) [132] : 0x15 (21) [133] : 0x00 (0) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0xcd (205) [137] : 0x0e (14) [138] : 0x37 (55) [139] : 0x41 (65) [140] : 0xea (234) [141] : 0x03 (3) [142] : 0x00 (0) [143] : 0x1d (29) [144] : 0x0e (14) [145] : 0x89 (137) [146] : 0x3c (60) [147] : 0xd2 (210) [148] : 0x00 (0) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x09 (9) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x20 (32) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x02 (2) [178] : 0x18 (24) [179] : 0x00 (0) [180] : 0x0c (12) [181] : 0x00 (0) [182] : 0x0f (15) [183] : 0x10 (16) [184] : 0x01 (1) [185] : 0x02 (2) [186] : 0x00 (0) [187] : 0x00 (0) [188] : 0x00 (0) [189] : 0x00 (0) [190] : 0x00 (0) [191] : 0x05 (5) [192] : 0x20 (32) [193] : 0x00 (0) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x20 (32) [197] : 0x02 (2) [198] : 0x00 (0) [199] : 0x00 (0) [200] : 0x00 (0) [201] : 0x09 (9) [202] : 0x18 (24) [203] : 0x00 (0) [204] : 0x0c (12) [205] : 0x00 (0) [206] : 0x0f (15) [207] : 0x10 (16) [208] : 0x01 (1) [209] : 0x02 (2) [210] : 0x00 (0) [211] : 0x00 (0) [212] : 0x00 (0) [213] : 0x00 (0) [214] : 0x00 (0) [215] : 0x05 (5) [216] : 0x20 (32) [217] : 0x00 (0) [218] : 0x00 (0) [219] : 0x00 (0) [220] : 0x26 (38) [221] : 0x02 (2) [222] : 0x00 (0) [223] : 0x00 (0) [224] : 0x00 (0) [225] : 0x02 (2) [226] : 0x18 (24) [227] : 0x00 (0) [228] : 0x0c (12) [229] : 0x00 (0) [230] : 0x0f (15) [231] : 0x10 (16) [232] : 0x01 (1) [233] : 0x02 (2) [234] : 0x00 (0) [235] : 0x00 (0) [236] : 0x00 (0) [237] : 0x00 (0) [238] : 0x00 (0) [239] : 0x05 (5) [240] : 0x20 (32) [241] : 0x00 (0) [242] : 0x00 (0) [243] : 0x00 (0) [244] : 0x26 (38) [245] : 0x02 (2) [246] : 0x00 (0) [247] : 0x00 (0) data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x000000f8 (248) result : WERR_OK [2013/11/07 14:25:02.877127, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001e4-0000-0000-7b52-ae947f2c0000 [2013/11/07 14:25:02.877474, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 E4 01 00 00 00 00 00 00 7B 52 AE 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:02.877632, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 E4 01 00 00 00 00 00 00 7B 52 AE 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:02.877783, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:25:02.877876, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (4->3) [2013/11/07 14:25:02.877960, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:25:02.878321, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001e3-0000-0000-7b52-ae947f2c0000 [2013/11/07 14:25:02.878602, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 E3 01 00 00 00 00 00 00 7B 52 AE 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:02.878750, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 E3 01 00 00 00 00 00 00 7B 52 AE 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:02.878896, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:25:02.878980, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (3->2) [2013/11/07 14:25:02.879062, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:25:02.879400, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001e2-0000-0000-7b52-ae947f2c0000 [2013/11/07 14:25:02.879681, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 E2 01 00 00 00 00 00 00 7B 52 AE 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:02.879831, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 E2 01 00 00 00 00 00 00 7B 52 AE 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:02.879980, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:25:02.880071, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (2->1) [2013/11/07 14:25:02.880154, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:25:02.884667, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001e1-0000-0000-7b52-ae947f2c0000 [2013/11/07 14:25:02.884967, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 E1 01 00 00 00 00 00 00 7B 52 AE 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:02.885123, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 E1 01 00 00 00 00 00 00 7B 52 AE 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:02.885296, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:25:02.885381, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (1->0) [2013/11/07 14:25:02.885485, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:25:02.885829, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:416(close_policy_by_pipe) Deleted handle list for RPC connection \winreg [2013/11/07 14:25:02.886069, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) spoolss_GetPrinter: struct spoolss_GetPrinter out: struct spoolss_GetPrinter info : * info : union spoolss_PrinterInfo(case 2) info2: struct spoolss_PrinterInfo2 servername : * servername : '\\SLAVER' printername : * printername : '\\SLAVER\sprinter1' sharename : * sharename : 'sprinter1' portname : * portname : 'Samba Printer Port' drivername : * drivername : '' comment : * comment : '' location : * location : '' devmode : * devmode: struct spoolss_DeviceMode devicename : '\\SLAVER\sprinter1' specversion : DMSPEC_NT4_AND_ABOVE (1025) driverversion : 0x0400 (1024) size : 0x00dc (220) __driverextra_length : 0x0000 (0) fields : 0x00014713 (83731) 1: DEVMODE_ORIENTATION 1: DEVMODE_PAPERSIZE 0: DEVMODE_PAPERLENGTH 0: DEVMODE_PAPERWIDTH 1: DEVMODE_SCALE 0: DEVMODE_POSITION 0: DEVMODE_NUP 1: DEVMODE_COPIES 1: DEVMODE_DEFAULTSOURCE 1: DEVMODE_PRINTQUALITY 0: DEVMODE_COLOR 0: DEVMODE_DUPLEX 0: DEVMODE_YRESOLUTION 1: DEVMODE_TTOPTION 0: DEVMODE_COLLATE 1: DEVMODE_FORMNAME 0: DEVMODE_LOGPIXELS 0: DEVMODE_BITSPERPEL 0: DEVMODE_PELSWIDTH 0: DEVMODE_PELSHEIGHT 0: DEVMODE_DISPLAYFLAGS 0: DEVMODE_DISPLAYFREQUENCY 0: DEVMODE_ICMMETHOD 0: DEVMODE_ICMINTENT 0: DEVMODE_MEDIATYPE 0: DEVMODE_DITHERTYPE 0: DEVMODE_PANNINGWIDTH 0: DEVMODE_PANNINGHEIGHT orientation : DMORIENT_PORTRAIT (1) papersize : DMPAPER_LETTER (1) paperlength : 0x0000 (0) paperwidth : 0x0000 (0) scale : 0x0064 (100) copies : 0x0001 (1) defaultsource : DMBIN_FORMSOURCE (15) printquality : DMRES_HIGH (65532) color : DMRES_MONOCHROME (1) duplex : DMDUP_SIMPLEX (1) yresolution : 0x0000 (0) ttoption : DMTT_SUBDEV (3) collate : DMCOLLATE_FALSE (0) formname : 'Letter' logpixels : 0x0000 (0) bitsperpel : 0x00000000 (0) pelswidth : 0x00000000 (0) pelsheight : 0x00000000 (0) displayflags : UNKNOWN_ENUM_VALUE (0) displayfrequency : 0x00000000 (0) icmmethod : UNKNOWN_ENUM_VALUE (0) icmintent : UNKNOWN_ENUM_VALUE (0) mediatype : UNKNOWN_ENUM_VALUE (0) dithertype : UNKNOWN_ENUM_VALUE (0) reserved1 : 0x00000000 (0) reserved2 : 0x00000000 (0) panningwidth : 0x00000000 (0) panningheight : 0x00000000 (0) driverextra_data : DATA_BLOB length=0 sepfile : * sepfile : '' printprocessor : * printprocessor : 'winprint' datatype : * datatype : 'RAW' parameters : * parameters : '' secdesc : * secdesc: struct security_descriptor revision : SECURITY_DESCRIPTOR_REVISION_1 (1) type : 0x8004 (32772) 0: SEC_DESC_OWNER_DEFAULTED 0: SEC_DESC_GROUP_DEFAULTED 1: SEC_DESC_DACL_PRESENT 0: SEC_DESC_DACL_DEFAULTED 0: SEC_DESC_SACL_PRESENT 0: SEC_DESC_SACL_DEFAULTED 0: SEC_DESC_DACL_TRUSTED 0: SEC_DESC_SERVER_SECURITY 0: SEC_DESC_DACL_AUTO_INHERIT_REQ 0: SEC_DESC_SACL_AUTO_INHERIT_REQ 0: SEC_DESC_DACL_AUTO_INHERITED 0: SEC_DESC_SACL_AUTO_INHERITED 0: SEC_DESC_DACL_PROTECTED 0: SEC_DESC_SACL_PROTECTED 0: SEC_DESC_RM_CONTROL_VALID 1: SEC_DESC_SELF_RELATIVE owner_sid : * owner_sid : S-1-5-32-544 group_sid : * group_sid : S-1-5-32-544 sacl : NULL dacl : * dacl: struct security_acl revision : SECURITY_ACL_REVISION_NT4 (2) size : 0x00c4 (196) num_aces : 0x00000007 (7) aces: ARRAY(7) aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0014 (20) access_mask : 0x20020008 (537001992) object : union security_ace_object_ctr(case 0) trustee : S-1-1-0 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x09 (9) 1: SEC_ACE_FLAG_OBJECT_INHERIT 0: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 1: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0024 (36) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-21-1094127309-486540266-3527182606-512 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0024 (36) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-21-1094127309-486540266-3527182606-512 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x09 (9) 1: SEC_ACE_FLAG_OBJECT_INHERIT 0: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 1: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-544 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-544 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x09 (9) 1: SEC_ACE_FLAG_OBJECT_INHERIT 0: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 1: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-550 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-550 attributes : 0x00001048 (4168) 0: PRINTER_ATTRIBUTE_QUEUED 0: PRINTER_ATTRIBUTE_DIRECT 0: PRINTER_ATTRIBUTE_DEFAULT 1: PRINTER_ATTRIBUTE_SHARED 0: PRINTER_ATTRIBUTE_NETWORK 0: PRINTER_ATTRIBUTE_HIDDEN 1: PRINTER_ATTRIBUTE_LOCAL 0: PRINTER_ATTRIBUTE_ENABLE_DEVQ 0: PRINTER_ATTRIBUTE_KEEPPRINTEDJOBS 0: PRINTER_ATTRIBUTE_DO_COMPLETE_FIRST 0: PRINTER_ATTRIBUTE_WORK_OFFLINE 0: PRINTER_ATTRIBUTE_ENABLE_BIDI 1: PRINTER_ATTRIBUTE_RAW_ONLY 0: PRINTER_ATTRIBUTE_PUBLISHED 0: PRINTER_ATTRIBUTE_FAX 0: PRINTER_ATTRIBUTE_TS priority : 0x00000001 (1) defaultpriority : 0x00000001 (1) starttime : 0x00000000 (0) untiltime : 0x00000000 (0) status : 0x00000000 (0) 0: PRINTER_STATUS_PAUSED 0: PRINTER_STATUS_ERROR 0: PRINTER_STATUS_PENDING_DELETION 0: PRINTER_STATUS_PAPER_JAM 0: PRINTER_STATUS_PAPER_OUT 0: PRINTER_STATUS_MANUAL_FEED 0: PRINTER_STATUS_PAPER_PROBLEM 0: PRINTER_STATUS_OFFLINE 0: PRINTER_STATUS_IO_ACTIVE 0: PRINTER_STATUS_BUSY 0: PRINTER_STATUS_PRINTING 0: PRINTER_STATUS_OUTPUT_BIN_FULL 0: PRINTER_STATUS_NOT_AVAILABLE 0: PRINTER_STATUS_WAITING 0: PRINTER_STATUS_PROCESSING 0: PRINTER_STATUS_INITIALIZING 0: PRINTER_STATUS_WARMING_UP 0: PRINTER_STATUS_TONER_LOW 0: PRINTER_STATUS_NO_TONER 0: PRINTER_STATUS_PAGE_PUNT 0: PRINTER_STATUS_USER_INTERVENTION 0: PRINTER_STATUS_OUT_OF_MEMORY 0: PRINTER_STATUS_DOOR_OPEN 0: PRINTER_STATUS_SERVER_UNKNOWN 0: PRINTER_STATUS_POWER_SAVE cjobs : 0x00000000 (0) averageppm : 0x00000000 (0) needed : * needed : 0x000002f0 (752) result : WERR_OK [2013/11/07 14:25:02.908336, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1417(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2013/11/07 14:25:02.908518, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (2016, 5001) - sec_ctx_stack_ndx = 0 [2013/11/07 14:25:02.908608, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 4140 smbd_smb2_request_pending_queue: req->current_idx = 1 req->in.vector[0].iov_len = 0 req->in.vector[1].iov_len = 0 req->in.vector[2].iov_len = 64 req->in.vector[3].iov_len = 56 req->in.vector[4].iov_len = 4156 req->out.vector[0].iov_len = 4 req->out.vector[1].iov_len = 0 req->out.vector[2].iov_len = 64 req->out.vector[3].iov_len = 8 req->out.vector[4].iov_len = 0 [2013/11/07 14:25:02.909122, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:128(smbd_smb2_ioctl_pipe_write_done) smbd_smb2_ioctl_pipe_write_done: received 4156 [2013/11/07 14:25:02.909207, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:149(smbd_smb2_ioctl_pipe_write_done) smbd_smb2_ioctl_pipe_write_done: issuing np_read_send of size 4136 [2013/11/07 14:25:02.909313, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) name: \spoolss len: 4136 [2013/11/07 14:25:02.909420, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:347(read_from_internal_pipe) read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 4112. [2013/11/07 14:25:02.909522, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x1028 (4136) auth_length : 0x0000 (0) call_id : 0x00000010 (16) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00001010 (4112) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=4112 [0000] 04 00 02 00 00 10 00 00 EE 0F 00 00 C8 0F 00 00 ........ ........ [0010] B4 0F 00 00 8E 0F 00 00 8C 0F 00 00 8A 0F 00 00 ........ ........ [0020] 88 0F 00 00 8C 0E 00 00 86 0F 00 00 74 0F 00 00 ........ ....t... [0030] 6C 0F 00 00 6A 0F 00 00 94 0D 00 00 48 10 00 00 l...j... ....H... [0040] 01 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 01 00 04 80 ........ ........ [0DA0] D8 00 00 00 E8 00 00 00 00 00 00 00 14 00 00 00 ........ ........ [0DB0] 02 00 C4 00 07 00 00 00 00 02 14 00 08 00 02 20 ........ ....... [0DC0] 01 01 00 00 00 00 00 01 00 00 00 00 00 09 24 00 ........ ......$. [0DD0] 0C 00 0F 10 01 05 00 00 00 00 00 05 15 00 00 00 ........ ........ [0DE0] CD 0E 37 41 EA 03 00 1D 0E 89 3C D2 00 02 00 00 ..7A.... ..<..... [0DF0] 00 02 24 00 0C 00 0F 10 01 05 00 00 00 00 00 05 ..$..... ........ [0E00] 15 00 00 00 CD 0E 37 41 EA 03 00 1D 0E 89 3C D2 ......7A ......<. [0E10] 00 02 00 00 00 09 18 00 0C 00 0F 10 01 02 00 00 ........ ........ [0E20] 00 00 00 05 20 00 00 00 20 02 00 00 00 02 18 00 .... ... ....... [0E30] 0C 00 0F 10 01 02 00 00 00 00 00 05 20 00 00 00 ........ .... ... [0E40] 20 02 00 00 00 09 18 00 0C 00 0F 10 01 02 00 00 ....... ........ [0E50] 00 00 00 05 20 00 00 00 26 02 00 00 00 02 18 00 .... ... &....... [0E60] 0C 00 0F 10 01 02 00 00 00 00 00 05 20 00 00 00 ........ .... ... [0E70] 26 02 00 00 01 02 00 00 00 00 00 05 20 00 00 00 &....... .... ... [0E80] 20 02 00 00 01 02 00 00 00 00 00 05 20 00 00 00 ....... .... ... [0E90] 20 02 00 00 5C 00 5C 00 53 00 4C 00 41 00 56 00 ...\.\. S.L.A.V. [0EA0] 45 00 52 00 5C 00 73 00 70 00 72 00 69 00 6E 00 E.R.\.s. p.r.i.n. [0EB0] 74 00 65 00 72 00 31 00 00 00 00 00 00 00 00 00 t.e.r.1. ........ [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0ED0] 00 00 00 00 01 04 00 04 DC 00 00 00 13 47 01 00 ........ .....G.. [0EE0] 01 00 01 00 00 00 00 00 64 00 01 00 0F 00 FC FF ........ d....... [0EF0] 01 00 01 00 00 00 03 00 00 00 4C 00 65 00 74 00 ........ ..L.e.t. [0F00] 74 00 65 00 72 00 00 00 00 00 00 00 00 00 00 00 t.e.r... ........ [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F70] 00 00 00 00 52 00 41 00 57 00 00 00 77 00 69 00 ....R.A. W...w.i. [0F80] 6E 00 70 00 72 00 69 00 6E 00 74 00 00 00 00 00 n.p.r.i. n.t..... [0F90] 00 00 00 00 00 00 53 00 61 00 6D 00 62 00 61 00 ......S. a.m.b.a. [0FA0] 20 00 50 00 72 00 69 00 6E 00 74 00 65 00 72 00 .P.r.i. n.t.e.r. [0FB0] 20 00 50 00 6F 00 72 00 74 00 00 00 73 00 70 00 .P.o.r. t...s.p. [0FC0] 72 00 69 00 6E 00 74 00 65 00 72 00 31 00 00 00 r.i.n.t. e.r.1... [0FD0] 5C 00 5C 00 53 00 4C 00 41 00 56 00 45 00 52 00 \.\.S.L. A.V.E.R. [0FE0] 5C 00 73 00 70 00 72 00 69 00 6E 00 74 00 65 00 \.s.p.r. i.n.t.e. [0FF0] 72 00 31 00 00 00 5C 00 5C 00 53 00 4C 00 41 00 r.1...\. \.S.L.A. [1000] 56 00 45 00 52 00 00 00 F0 02 00 00 00 00 00 00 V.E.R... ........ [2013/11/07 14:25:02.948611, 3, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) free_pipe_context: destroying talloc pool of size 1258 [2013/11/07 14:25:02.948783, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 4136 bytes. There is no more data outstanding [2013/11/07 14:25:02.948866, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:178(smbd_smb2_ioctl_pipe_read_done) smbd_smb2_ioctl_pipe_read_done: np_read_recv nread = 4136 is_data_outstanding = 0, status = NT_STATUS_OK [2013/11/07 14:25:02.948961, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl.c:291(smbd_smb2_request_ioctl_done) smbd_smb2_request_ioctl_done: smbd_smb2_ioctl_recv returned 4136 status NT_STATUS_OK [2013/11/07 14:25:02.949045, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[48] dyn[yes:4136] at ../source3/smbd/smb2_ioctl.c:358 [2013/11/07 14:25:02.949133, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/261/127 [2013/11/07 14:25:02.949456, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) smbd_smb2_request_incoming: idx[1] of 5 vectors [2013/11/07 14:25:02.949567, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) smb2_validate_sequence_number: clearing id 261 (position 261) from bitmap [2013/11/07 14:25:02.949652, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) smbd_smb2_request_dispatch: opcode[SMB2_OP_IOCTL] mid = 261 [2013/11/07 14:25:02.949761, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2013/11/07 14:25:02.949856, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) mid 261, CreditCharge: 1, NeededCharge: 1 [2013/11/07 14:25:02.949939, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl.c:394(smbd_smb2_ioctl_send) smbd_smb2_ioctl: ctl_code[0x0011c017] spoolss, fnum 736039724 [2013/11/07 14:25:02.950030, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:59(smb2_ioctl_named_pipe) smbd_smb2_ioctl_send: np_write_send of size 4156 [2013/11/07 14:25:02.950111, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 4156 [2013/11/07 14:25:02.950213, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 4156 [2013/11/07 14:25:02.950295, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 4156 [2013/11/07 14:25:02.950377, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) fill_rpc_header: data_to_copy = 4156, len_needed_to_complete_hdr = 16, receive_len = 0 [2013/11/07 14:25:02.950460, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 16 [2013/11/07 14:25:02.950539, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 4140 [2013/11/07 14:25:02.950682, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 4140 [2013/11/07 14:25:02.950769, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 0 [2013/11/07 14:25:02.950848, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 4140 [2013/11/07 14:25:02.950927, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 4140, incoming data = 4140 [2013/11/07 14:25:02.951012, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) PDU is in Little Endian format! [2013/11/07 14:25:02.951109, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x103c (4156) auth_length : 0x0000 (0) call_id : 0x00000006 (6) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x00001024 (4132) context_id : 0x0000 (0) opnum : 0x0008 (8) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=4132 [0000] 00 00 00 00 AF 01 00 00 00 00 00 00 7B 52 AB 94 ........ ....{R.. [0010] 7F 2C 00 00 02 00 00 00 00 00 02 00 00 10 00 00 .,...... ........ [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1020] 00 10 00 00 .... [2013/11/07 14:25:02.992957, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) Processing packet type 0 [2013/11/07 14:25:02.993064, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1472(dcesrv_auth_request) Checking request auth. [2013/11/07 14:25:02.993166, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(2016, 5001) : sec_ctx_stack_ndx = 1 [2013/11/07 14:25:02.993260, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (2016, 5001) - sec_ctx_stack_ndx = 1 [2013/11/07 14:25:02.993385, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (7): SID[ 0]: S-1-5-21-1094127309-486540266-3527182606-1118 SID[ 1]: S-1-5-21-1094127309-486540266-3527182606-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-32-545 SID[ 6]: S-1-5-32-554 Privileges (0x 800000): Privilege[ 0]: SeChangeNotifyPrivilege Rights (0x 400): Right[ 0]: SeRemoteInteractiveLogonRight [2013/11/07 14:25:02.993874, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 2016 Primary group is 5001 and contains 6 supplementary groups Group[ 0]: 5001 Group[ 1]: 5012 Group[ 2]: 5032 Group[ 3]: 5010 Group[ 4]: 5067 Group[ 5]: 5052 [2013/11/07 14:25:02.994226, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1324(api_pipe_request) Requested \spoolss rpc service [2013/11/07 14:25:02.994315, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1356(api_rpcTNP) api_rpcTNP: \spoolss op 0x8 - api_rpcTNP: rpc command: SPOOLSS_GETPRINTER [2013/11/07 14:25:02.994402, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1390(api_rpcTNP) api_rpc_cmds[8].fn == 0xb766e000 [2013/11/07 14:25:02.994494, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) spoolss_GetPrinter: struct spoolss_GetPrinter in: struct spoolss_GetPrinter handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001af-0000-0000-7b52-ab947f2c0000 level : 0x00000002 (2) buffer : * buffer : DATA_BLOB length=4096 [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ offered : 0x00001000 (4096) [2013/11/07 14:25:03.026529, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[1] [0000] 00 00 00 00 AF 01 00 00 00 00 00 00 7B 52 AB 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:03.026702, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[1] [0000] 00 00 00 00 AF 01 00 00 00 00 00 00 7B 52 AB 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:03.026852, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:489(get_printer_snum) short name:sprinter1 [2013/11/07 14:25:03.027045, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) Create pipe requested \winreg [2013/11/07 14:25:03.027144, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:221(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \winreg [2013/11/07 14:25:03.027228, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg [2013/11/07 14:25:03.027381, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) Created internal pipe \winreg [2013/11/07 14:25:03.027501, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:25:03.028035, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2013/11/07 14:25:03.028123, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(2016, 5001) : sec_ctx_stack_ndx = 2 [2013/11/07 14:25:03.028212, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:485(push_conn_ctx) push_conn_ctx(2620291195) : conn_ctx_stack_ndx = 0 [2013/11/07 14:25:03.028296, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/11/07 14:25:03.028376, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/11/07 14:25:03.036549, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/11/07 14:25:03.036831, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (2016, 5001) - sec_ctx_stack_ndx = 1 [2013/11/07 14:25:03.036921, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:866(regdb_open) regdb_open: registry db opened. refcount reset (1) [2013/11/07 14:25:03.037032, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2013/11/07 14:25:03.037113, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2013/11/07 14:25:03.037197, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:03.037303, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM] [2013/11/07 14:25:03.037441, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2013/11/07 14:25:03.037547, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:25:03.037637, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 E5 01 00 00 00 00 00 00 7B 52 AF 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:03.037794, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001e5-0000-0000-7b52-af947f2c0000 result : WERR_OK [2013/11/07 14:25:03.038180, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001e5-0000-0000-7b52-af947f2c0000 keyname: struct winreg_String name_len : 0x008c (140) name_size : 0x008c (140) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:25:03.039212, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 E5 01 00 00 00 00 00 00 7B 52 AF 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:03.039367, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2013/11/07 14:25:03.039449, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (1->2) [2013/11/07 14:25:03.039532, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2013/11/07 14:25:03.039611, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2013/11/07 14:25:03.039695, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:03.039774, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE] [2013/11/07 14:25:03.039886, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2013/11/07 14:25:03.039986, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2013/11/07 14:25:03.040068, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (2->3) [2013/11/07 14:25:03.040151, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:25:03.040230, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:25:03.040313, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:03.044442, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:25:03.044614, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2013/11/07 14:25:03.044723, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2013/11/07 14:25:03.044806, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (3->4) [2013/11/07 14:25:03.044891, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:25:03.044971, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:25:03.045057, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:03.045136, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:25:03.045239, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:25:03.045369, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2013/11/07 14:25:03.045450, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (4->5) [2013/11/07 14:25:03.045536, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:25:03.045615, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:25:03.045701, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:03.045779, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:25:03.045903, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2013/11/07 14:25:03.045985, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (5->6) [2013/11/07 14:25:03.046070, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:25:03.046150, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:25:03.046238, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:03.046316, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:25:03.046437, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2013/11/07 14:25:03.046519, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (6->7) [2013/11/07 14:25:03.046603, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:25:03.046683, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:25:03.046772, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:03.046851, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:25:03.046953, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:25:03.047056, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [sprinter1] [2013/11/07 14:25:03.047138, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (7->8) [2013/11/07 14:25:03.047225, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:03.047305, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:03.047392, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:03.047470, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:03.047599, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:03.047702, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:25:03.047787, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (8->7) [2013/11/07 14:25:03.047870, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (7->6) [2013/11/07 14:25:03.047953, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (6->5) [2013/11/07 14:25:03.048049, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (5->4) [2013/11/07 14:25:03.048131, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (4->3) [2013/11/07 14:25:03.048215, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (3->2) [2013/11/07 14:25:03.048301, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 E6 01 00 00 00 00 00 00 7B 52 AF 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:03.052532, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001e6-0000-0000-7b52-af947f2c0000 result : WERR_OK [2013/11/07 14:25:03.052929, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey in: struct winreg_QueryInfoKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001e6-0000-0000-7b52-af947f2c0000 classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL [2013/11/07 14:25:03.053428, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 E6 01 00 00 00 00 00 00 7B 52 AF 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:03.053590, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' (ops 0xb6d86bc0) [2013/11/07 14:25:03.053675, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:03.053803, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[0]: name[Attributes] len[4] [2013/11/07 14:25:03.053889, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[1]: name[Description] len[2] [2013/11/07 14:25:03.053973, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[2]: name[Datatype] len[8] [2013/11/07 14:25:03.054056, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[3]: name[Default Priority] len[4] [2013/11/07 14:25:03.054141, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[4]: name[Port] len[38] [2013/11/07 14:25:03.054248, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[5]: name[Name] len[20] [2013/11/07 14:25:03.054332, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[6]: name[Print Processor] len[18] [2013/11/07 14:25:03.054417, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[7]: name[Priority] len[4] [2013/11/07 14:25:03.054502, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[8]: name[Security] len[248] [2013/11/07 14:25:03.054586, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[9]: name[Share Name] len[20] [2013/11/07 14:25:03.054671, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[10]: name[StartTime] len[4] [2013/11/07 14:25:03.054755, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[11]: name[UntilTime] len[4] [2013/11/07 14:25:03.054840, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[12]: name[ChangeID] len[4] [2013/11/07 14:25:03.054925, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:03.055033, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey out: struct winreg_QueryInfoKey classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL num_subkeys : * num_subkeys : 0x00000003 (3) max_subkeylen : * max_subkeylen : 0x00000022 (34) max_classlen : * max_classlen : 0x00000000 (0) num_values : * num_values : 0x0000000d (13) max_valnamelen : * max_valnamelen : 0x00000022 (34) max_valbufsize : * max_valbufsize : 0x000000f8 (248) secdescsize : * secdescsize : 0x00000078 (120) last_changed_time : * last_changed_time : NTTIME(0) result : WERR_OK [2013/11/07 14:25:03.056021, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001e6-0000-0000-7b52-af947f2c0000 enum_index : 0x00000000 (0) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:25:03.057098, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 E6 01 00 00 00 00 00 00 7B 52 AF 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:03.057255, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:03.060476, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0016 (22) size : 0x0024 (36) name : * name : 'Attributes' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x48 (72) [1] : 0x10 (16) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:25:03.061452, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001e6-0000-0000-7b52-af947f2c0000 enum_index : 0x00000001 (1) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:25:03.062301, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 E6 01 00 00 00 00 00 00 7B 52 AF 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:03.062453, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:03.062562, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0018 (24) size : 0x0024 (36) name : * name : 'Description' type : * type : REG_SZ (1) value : * value: ARRAY(2) [0] : 0x00 (0) [1] : 0x00 (0) size : * size : 0x00000002 (2) length : * length : 0x00000002 (2) result : WERR_OK [2013/11/07 14:25:03.063356, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001e6-0000-0000-7b52-af947f2c0000 enum_index : 0x00000002 (2) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:25:03.064199, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 E6 01 00 00 00 00 00 00 7B 52 AF 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:03.064349, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:03.068599, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Datatype' type : * type : REG_SZ (1) value : * value: ARRAY(8) [0] : 0x52 (82) [1] : 0x00 (0) [2] : 0x41 (65) [3] : 0x00 (0) [4] : 0x57 (87) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) size : * size : 0x00000008 (8) length : * length : 0x00000008 (8) result : WERR_OK [2013/11/07 14:25:03.069746, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001e6-0000-0000-7b52-af947f2c0000 enum_index : 0x00000003 (3) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:25:03.070599, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 E6 01 00 00 00 00 00 00 7B 52 AF 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:03.070752, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:03.070839, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0022 (34) size : 0x0024 (36) name : * name : 'Default Priority' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:25:03.071700, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001e6-0000-0000-7b52-af947f2c0000 enum_index : 0x00000004 (4) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:25:03.075626, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 E6 01 00 00 00 00 00 00 7B 52 AF 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:03.075783, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:03.075877, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x000a (10) size : 0x0024 (36) name : * name : 'Port' type : * type : REG_SZ (1) value : * value: ARRAY(38) [0] : 0x53 (83) [1] : 0x00 (0) [2] : 0x61 (97) [3] : 0x00 (0) [4] : 0x6d (109) [5] : 0x00 (0) [6] : 0x62 (98) [7] : 0x00 (0) [8] : 0x61 (97) [9] : 0x00 (0) [10] : 0x20 (32) [11] : 0x00 (0) [12] : 0x50 (80) [13] : 0x00 (0) [14] : 0x72 (114) [15] : 0x00 (0) [16] : 0x69 (105) [17] : 0x00 (0) [18] : 0x6e (110) [19] : 0x00 (0) [20] : 0x74 (116) [21] : 0x00 (0) [22] : 0x65 (101) [23] : 0x00 (0) [24] : 0x72 (114) [25] : 0x00 (0) [26] : 0x20 (32) [27] : 0x00 (0) [28] : 0x50 (80) [29] : 0x00 (0) [30] : 0x6f (111) [31] : 0x00 (0) [32] : 0x72 (114) [33] : 0x00 (0) [34] : 0x74 (116) [35] : 0x00 (0) [36] : 0x00 (0) [37] : 0x00 (0) size : * size : 0x00000026 (38) length : * length : 0x00000026 (38) result : WERR_OK [2013/11/07 14:25:03.078242, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001e6-0000-0000-7b52-af947f2c0000 enum_index : 0x00000005 (5) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:25:03.079099, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 E6 01 00 00 00 00 00 00 7B 52 AF 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:03.079253, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:03.079342, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x000a (10) size : 0x0024 (36) name : * name : 'Name' type : * type : REG_SZ (1) value : * value: ARRAY(20) [0] : 0x73 (115) [1] : 0x00 (0) [2] : 0x70 (112) [3] : 0x00 (0) [4] : 0x72 (114) [5] : 0x00 (0) [6] : 0x69 (105) [7] : 0x00 (0) [8] : 0x6e (110) [9] : 0x00 (0) [10] : 0x74 (116) [11] : 0x00 (0) [12] : 0x65 (101) [13] : 0x00 (0) [14] : 0x72 (114) [15] : 0x00 (0) [16] : 0x31 (49) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) size : * size : 0x00000014 (20) length : * length : 0x00000014 (20) result : WERR_OK [2013/11/07 14:25:03.080883, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001e6-0000-0000-7b52-af947f2c0000 enum_index : 0x00000006 (6) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:25:03.081756, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 E6 01 00 00 00 00 00 00 7B 52 AF 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:03.081906, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:03.081994, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0020 (32) size : 0x0024 (36) name : * name : 'Print Processor' type : * type : REG_SZ (1) value : * value: ARRAY(18) [0] : 0x77 (119) [1] : 0x00 (0) [2] : 0x69 (105) [3] : 0x00 (0) [4] : 0x6e (110) [5] : 0x00 (0) [6] : 0x70 (112) [7] : 0x00 (0) [8] : 0x72 (114) [9] : 0x00 (0) [10] : 0x69 (105) [11] : 0x00 (0) [12] : 0x6e (110) [13] : 0x00 (0) [14] : 0x74 (116) [15] : 0x00 (0) [16] : 0x00 (0) [17] : 0x00 (0) size : * size : 0x00000012 (18) length : * length : 0x00000012 (18) result : WERR_OK [2013/11/07 14:25:03.083430, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001e6-0000-0000-7b52-af947f2c0000 enum_index : 0x00000007 (7) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:25:03.084286, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 E6 01 00 00 00 00 00 00 7B 52 AF 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:03.084530, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:03.084621, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Priority' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:25:03.085536, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001e6-0000-0000-7b52-af947f2c0000 enum_index : 0x00000008 (8) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:25:03.086412, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 E6 01 00 00 00 00 00 00 7B 52 AF 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:03.086561, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:03.086649, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Security' type : * type : REG_BINARY (3) value : * value: ARRAY(248) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0xc4 (196) [55] : 0x00 (0) [56] : 0x07 (7) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x24 (36) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x05 (5) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x15 (21) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0xcd (205) [101] : 0x0e (14) [102] : 0x37 (55) [103] : 0x41 (65) [104] : 0xea (234) [105] : 0x03 (3) [106] : 0x00 (0) [107] : 0x1d (29) [108] : 0x0e (14) [109] : 0x89 (137) [110] : 0x3c (60) [111] : 0xd2 (210) [112] : 0x00 (0) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x02 (2) [118] : 0x24 (36) [119] : 0x00 (0) [120] : 0x0c (12) [121] : 0x00 (0) [122] : 0x0f (15) [123] : 0x10 (16) [124] : 0x01 (1) [125] : 0x05 (5) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x05 (5) [132] : 0x15 (21) [133] : 0x00 (0) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0xcd (205) [137] : 0x0e (14) [138] : 0x37 (55) [139] : 0x41 (65) [140] : 0xea (234) [141] : 0x03 (3) [142] : 0x00 (0) [143] : 0x1d (29) [144] : 0x0e (14) [145] : 0x89 (137) [146] : 0x3c (60) [147] : 0xd2 (210) [148] : 0x00 (0) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x09 (9) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x20 (32) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x02 (2) [178] : 0x18 (24) [179] : 0x00 (0) [180] : 0x0c (12) [181] : 0x00 (0) [182] : 0x0f (15) [183] : 0x10 (16) [184] : 0x01 (1) [185] : 0x02 (2) [186] : 0x00 (0) [187] : 0x00 (0) [188] : 0x00 (0) [189] : 0x00 (0) [190] : 0x00 (0) [191] : 0x05 (5) [192] : 0x20 (32) [193] : 0x00 (0) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x20 (32) [197] : 0x02 (2) [198] : 0x00 (0) [199] : 0x00 (0) [200] : 0x00 (0) [201] : 0x09 (9) [202] : 0x18 (24) [203] : 0x00 (0) [204] : 0x0c (12) [205] : 0x00 (0) [206] : 0x0f (15) [207] : 0x10 (16) [208] : 0x01 (1) [209] : 0x02 (2) [210] : 0x00 (0) [211] : 0x00 (0) [212] : 0x00 (0) [213] : 0x00 (0) [214] : 0x00 (0) [215] : 0x05 (5) [216] : 0x20 (32) [217] : 0x00 (0) [218] : 0x00 (0) [219] : 0x00 (0) [220] : 0x26 (38) [221] : 0x02 (2) [222] : 0x00 (0) [223] : 0x00 (0) [224] : 0x00 (0) [225] : 0x02 (2) [226] : 0x18 (24) [227] : 0x00 (0) [228] : 0x0c (12) [229] : 0x00 (0) [230] : 0x0f (15) [231] : 0x10 (16) [232] : 0x01 (1) [233] : 0x02 (2) [234] : 0x00 (0) [235] : 0x00 (0) [236] : 0x00 (0) [237] : 0x00 (0) [238] : 0x00 (0) [239] : 0x05 (5) [240] : 0x20 (32) [241] : 0x00 (0) [242] : 0x00 (0) [243] : 0x00 (0) [244] : 0x26 (38) [245] : 0x02 (2) [246] : 0x00 (0) [247] : 0x00 (0) size : * size : 0x000000f8 (248) length : * length : 0x000000f8 (248) result : WERR_OK [2013/11/07 14:25:03.097401, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001e6-0000-0000-7b52-af947f2c0000 enum_index : 0x00000009 (9) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:25:03.098270, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 E6 01 00 00 00 00 00 00 7B 52 AF 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:03.098420, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:03.098510, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0016 (22) size : 0x0024 (36) name : * name : 'Share Name' type : * type : REG_SZ (1) value : * value: ARRAY(20) [0] : 0x73 (115) [1] : 0x00 (0) [2] : 0x70 (112) [3] : 0x00 (0) [4] : 0x72 (114) [5] : 0x00 (0) [6] : 0x69 (105) [7] : 0x00 (0) [8] : 0x6e (110) [9] : 0x00 (0) [10] : 0x74 (116) [11] : 0x00 (0) [12] : 0x65 (101) [13] : 0x00 (0) [14] : 0x72 (114) [15] : 0x00 (0) [16] : 0x31 (49) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) size : * size : 0x00000014 (20) length : * length : 0x00000014 (20) result : WERR_OK [2013/11/07 14:25:03.100018, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001e6-0000-0000-7b52-af947f2c0000 enum_index : 0x0000000a (10) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:25:03.100918, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 E6 01 00 00 00 00 00 00 7B 52 AF 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:03.101068, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:03.101155, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0014 (20) size : 0x0024 (36) name : * name : 'StartTime' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:25:03.102085, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001e6-0000-0000-7b52-af947f2c0000 enum_index : 0x0000000b (11) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:25:03.103011, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 E6 01 00 00 00 00 00 00 7B 52 AF 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:03.103164, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:03.103255, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0014 (20) size : 0x0024 (36) name : * name : 'UntilTime' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:25:03.104220, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001e6-0000-0000-7b52-af947f2c0000 enum_index : 0x0000000c (12) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:25:03.105172, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 E6 01 00 00 00 00 00 00 7B 52 AF 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:03.105341, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:03.105432, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'ChangeID' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x33 (51) [1] : 0xac (172) [2] : 0x0e (14) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:25:03.106376, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001e6-0000-0000-7b52-af947f2c0000 value_name : * value_name: struct winreg_String name_len : 0x0020 (32) name_size : 0x0020 (32) name : * name : 'Default DevMode' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2013/11/07 14:25:03.107153, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 E6 01 00 00 00 00 00 00 7B 52 AF 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:03.107303, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:03.107386, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2013/11/07 14:25:03.107564, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:316(_winreg_QueryValue) _winreg_QueryValue: reg_queryvalue failed with: WERR_BADFILE [2013/11/07 14:25:03.107650, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) result : WERR_BADFILE [2013/11/07 14:25:03.108117, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:25:03.108668, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2013/11/07 14:25:03.108752, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (2->3) [2013/11/07 14:25:03.108838, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2013/11/07 14:25:03.108919, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2013/11/07 14:25:03.109004, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:03.109083, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM] [2013/11/07 14:25:03.109211, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2013/11/07 14:25:03.109350, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:25:03.109440, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[3] [0000] 00 00 00 00 E7 01 00 00 00 00 00 00 7B 52 AF 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:03.109594, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001e7-0000-0000-7b52-af947f2c0000 result : WERR_OK [2013/11/07 14:25:03.109943, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001e7-0000-0000-7b52-af947f2c0000 keyname: struct winreg_String name_len : 0x008c (140) name_size : 0x008c (140) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:25:03.110963, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 E7 01 00 00 00 00 00 00 7B 52 AF 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:03.111118, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2013/11/07 14:25:03.111200, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (3->4) [2013/11/07 14:25:03.111284, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2013/11/07 14:25:03.111364, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2013/11/07 14:25:03.111449, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:03.111529, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE] [2013/11/07 14:25:03.111639, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2013/11/07 14:25:03.111740, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2013/11/07 14:25:03.111822, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (4->5) [2013/11/07 14:25:03.111907, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:25:03.111986, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:25:03.112071, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:03.112150, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:25:03.112255, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2013/11/07 14:25:03.112356, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2013/11/07 14:25:03.112470, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (5->6) [2013/11/07 14:25:03.112556, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:25:03.112636, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:25:03.112734, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:03.112814, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:25:03.112918, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:25:03.113019, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2013/11/07 14:25:03.113101, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (6->7) [2013/11/07 14:25:03.113187, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:25:03.113283, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:25:03.113371, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:03.113450, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:25:03.113574, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2013/11/07 14:25:03.113658, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (7->8) [2013/11/07 14:25:03.113743, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:25:03.113825, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:25:03.113913, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:03.113992, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:25:03.114101, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2013/11/07 14:25:03.114184, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (8->9) [2013/11/07 14:25:03.114269, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:25:03.114350, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:25:03.114439, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:03.114532, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:25:03.114637, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:25:03.114740, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [sprinter1] [2013/11/07 14:25:03.114822, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (9->10) [2013/11/07 14:25:03.114908, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:03.114989, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:03.115077, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:03.115156, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:03.115270, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:03.115373, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:25:03.115458, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (10->9) [2013/11/07 14:25:03.115542, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (9->8) [2013/11/07 14:25:03.115626, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (8->7) [2013/11/07 14:25:03.115710, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (7->6) [2013/11/07 14:25:03.115793, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (6->5) [2013/11/07 14:25:03.115876, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (5->4) [2013/11/07 14:25:03.115962, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[4] [0000] 00 00 00 00 E8 01 00 00 00 00 00 00 7B 52 AF 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:03.116166, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001e8-0000-0000-7b52-af947f2c0000 result : WERR_OK [2013/11/07 14:25:03.116563, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001e8-0000-0000-7b52-af947f2c0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2013/11/07 14:25:03.117350, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 E8 01 00 00 00 00 00 00 7B 52 AF 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:03.117500, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:03.117582, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2013/11/07 14:25:03.117665, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' (ops 0xb6d86bc0) [2013/11/07 14:25:03.117748, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:03.117858, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[0]: name[Attributes] len[4] [2013/11/07 14:25:03.117943, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[1]: name[Description] len[2] [2013/11/07 14:25:03.118027, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[2]: name[Datatype] len[8] [2013/11/07 14:25:03.118111, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[3]: name[Default Priority] len[4] [2013/11/07 14:25:03.118196, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[4]: name[Port] len[38] [2013/11/07 14:25:03.118281, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[5]: name[Name] len[20] [2013/11/07 14:25:03.118380, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[6]: name[Print Processor] len[18] [2013/11/07 14:25:03.118465, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[7]: name[Priority] len[4] [2013/11/07 14:25:03.118550, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[8]: name[Security] len[248] [2013/11/07 14:25:03.118635, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[9]: name[Share Name] len[20] [2013/11/07 14:25:03.118720, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[10]: name[StartTime] len[4] [2013/11/07 14:25:03.118806, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[11]: name[UntilTime] len[4] [2013/11/07 14:25:03.118891, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[12]: name[ChangeID] len[4] [2013/11/07 14:25:03.118979, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : NULL data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x00000000 (0) result : WERR_OK [2013/11/07 14:25:03.119436, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001e8-0000-0000-7b52-af947f2c0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_BINARY (3) data : * data: ARRAY(0) data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x00000000 (0) [2013/11/07 14:25:03.120251, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 E8 01 00 00 00 00 00 00 7B 52 AF 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:03.120425, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:03.120525, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2013/11/07 14:25:03.120613, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : * data: ARRAY(248) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0xc4 (196) [55] : 0x00 (0) [56] : 0x07 (7) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x24 (36) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x05 (5) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x15 (21) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0xcd (205) [101] : 0x0e (14) [102] : 0x37 (55) [103] : 0x41 (65) [104] : 0xea (234) [105] : 0x03 (3) [106] : 0x00 (0) [107] : 0x1d (29) [108] : 0x0e (14) [109] : 0x89 (137) [110] : 0x3c (60) [111] : 0xd2 (210) [112] : 0x00 (0) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x02 (2) [118] : 0x24 (36) [119] : 0x00 (0) [120] : 0x0c (12) [121] : 0x00 (0) [122] : 0x0f (15) [123] : 0x10 (16) [124] : 0x01 (1) [125] : 0x05 (5) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x05 (5) [132] : 0x15 (21) [133] : 0x00 (0) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0xcd (205) [137] : 0x0e (14) [138] : 0x37 (55) [139] : 0x41 (65) [140] : 0xea (234) [141] : 0x03 (3) [142] : 0x00 (0) [143] : 0x1d (29) [144] : 0x0e (14) [145] : 0x89 (137) [146] : 0x3c (60) [147] : 0xd2 (210) [148] : 0x00 (0) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x09 (9) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x20 (32) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x02 (2) [178] : 0x18 (24) [179] : 0x00 (0) [180] : 0x0c (12) [181] : 0x00 (0) [182] : 0x0f (15) [183] : 0x10 (16) [184] : 0x01 (1) [185] : 0x02 (2) [186] : 0x00 (0) [187] : 0x00 (0) [188] : 0x00 (0) [189] : 0x00 (0) [190] : 0x00 (0) [191] : 0x05 (5) [192] : 0x20 (32) [193] : 0x00 (0) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x20 (32) [197] : 0x02 (2) [198] : 0x00 (0) [199] : 0x00 (0) [200] : 0x00 (0) [201] : 0x09 (9) [202] : 0x18 (24) [203] : 0x00 (0) [204] : 0x0c (12) [205] : 0x00 (0) [206] : 0x0f (15) [207] : 0x10 (16) [208] : 0x01 (1) [209] : 0x02 (2) [210] : 0x00 (0) [211] : 0x00 (0) [212] : 0x00 (0) [213] : 0x00 (0) [214] : 0x00 (0) [215] : 0x05 (5) [216] : 0x20 (32) [217] : 0x00 (0) [218] : 0x00 (0) [219] : 0x00 (0) [220] : 0x26 (38) [221] : 0x02 (2) [222] : 0x00 (0) [223] : 0x00 (0) [224] : 0x00 (0) [225] : 0x02 (2) [226] : 0x18 (24) [227] : 0x00 (0) [228] : 0x0c (12) [229] : 0x00 (0) [230] : 0x0f (15) [231] : 0x10 (16) [232] : 0x01 (1) [233] : 0x02 (2) [234] : 0x00 (0) [235] : 0x00 (0) [236] : 0x00 (0) [237] : 0x00 (0) [238] : 0x00 (0) [239] : 0x05 (5) [240] : 0x20 (32) [241] : 0x00 (0) [242] : 0x00 (0) [243] : 0x00 (0) [244] : 0x26 (38) [245] : 0x02 (2) [246] : 0x00 (0) [247] : 0x00 (0) data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x000000f8 (248) result : WERR_OK [2013/11/07 14:25:03.131455, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001e8-0000-0000-7b52-af947f2c0000 [2013/11/07 14:25:03.131750, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 E8 01 00 00 00 00 00 00 7B 52 AF 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:03.131902, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 E8 01 00 00 00 00 00 00 7B 52 AF 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:03.132065, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:25:03.132154, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (4->3) [2013/11/07 14:25:03.132238, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:25:03.132607, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001e7-0000-0000-7b52-af947f2c0000 [2013/11/07 14:25:03.132888, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 E7 01 00 00 00 00 00 00 7B 52 AF 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:03.133041, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 E7 01 00 00 00 00 00 00 7B 52 AF 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:03.133192, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:25:03.133302, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (3->2) [2013/11/07 14:25:03.133387, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:25:03.133728, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001e6-0000-0000-7b52-af947f2c0000 [2013/11/07 14:25:03.134007, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 E6 01 00 00 00 00 00 00 7B 52 AF 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:03.134155, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 E6 01 00 00 00 00 00 00 7B 52 AF 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:03.134302, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:25:03.134407, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (2->1) [2013/11/07 14:25:03.134517, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:25:03.134857, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001e5-0000-0000-7b52-af947f2c0000 [2013/11/07 14:25:03.135138, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 E5 01 00 00 00 00 00 00 7B 52 AF 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:03.135309, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 E5 01 00 00 00 00 00 00 7B 52 AF 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:03.135458, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:25:03.135550, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (1->0) [2013/11/07 14:25:03.135656, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:25:03.135999, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:416(close_policy_by_pipe) Deleted handle list for RPC connection \winreg [2013/11/07 14:25:03.136224, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) spoolss_GetPrinter: struct spoolss_GetPrinter out: struct spoolss_GetPrinter info : * info : union spoolss_PrinterInfo(case 2) info2: struct spoolss_PrinterInfo2 servername : * servername : '\\SLAVER' printername : * printername : '\\SLAVER\sprinter1' sharename : * sharename : 'sprinter1' portname : * portname : 'Samba Printer Port' drivername : * drivername : '' comment : * comment : '' location : * location : '' devmode : * devmode: struct spoolss_DeviceMode devicename : '\\SLAVER\sprinter1' specversion : DMSPEC_NT4_AND_ABOVE (1025) driverversion : 0x0400 (1024) size : 0x00dc (220) __driverextra_length : 0x0000 (0) fields : 0x00014713 (83731) 1: DEVMODE_ORIENTATION 1: DEVMODE_PAPERSIZE 0: DEVMODE_PAPERLENGTH 0: DEVMODE_PAPERWIDTH 1: DEVMODE_SCALE 0: DEVMODE_POSITION 0: DEVMODE_NUP 1: DEVMODE_COPIES 1: DEVMODE_DEFAULTSOURCE 1: DEVMODE_PRINTQUALITY 0: DEVMODE_COLOR 0: DEVMODE_DUPLEX 0: DEVMODE_YRESOLUTION 1: DEVMODE_TTOPTION 0: DEVMODE_COLLATE 1: DEVMODE_FORMNAME 0: DEVMODE_LOGPIXELS 0: DEVMODE_BITSPERPEL 0: DEVMODE_PELSWIDTH 0: DEVMODE_PELSHEIGHT 0: DEVMODE_DISPLAYFLAGS 0: DEVMODE_DISPLAYFREQUENCY 0: DEVMODE_ICMMETHOD 0: DEVMODE_ICMINTENT 0: DEVMODE_MEDIATYPE 0: DEVMODE_DITHERTYPE 0: DEVMODE_PANNINGWIDTH 0: DEVMODE_PANNINGHEIGHT orientation : DMORIENT_PORTRAIT (1) papersize : DMPAPER_LETTER (1) paperlength : 0x0000 (0) paperwidth : 0x0000 (0) scale : 0x0064 (100) copies : 0x0001 (1) defaultsource : DMBIN_FORMSOURCE (15) printquality : DMRES_HIGH (65532) color : DMRES_MONOCHROME (1) duplex : DMDUP_SIMPLEX (1) yresolution : 0x0000 (0) ttoption : DMTT_SUBDEV (3) collate : DMCOLLATE_FALSE (0) formname : 'Letter' logpixels : 0x0000 (0) bitsperpel : 0x00000000 (0) pelswidth : 0x00000000 (0) pelsheight : 0x00000000 (0) displayflags : UNKNOWN_ENUM_VALUE (0) displayfrequency : 0x00000000 (0) icmmethod : UNKNOWN_ENUM_VALUE (0) icmintent : UNKNOWN_ENUM_VALUE (0) mediatype : UNKNOWN_ENUM_VALUE (0) dithertype : UNKNOWN_ENUM_VALUE (0) reserved1 : 0x00000000 (0) reserved2 : 0x00000000 (0) panningwidth : 0x00000000 (0) panningheight : 0x00000000 (0) driverextra_data : DATA_BLOB length=0 sepfile : * sepfile : '' printprocessor : * printprocessor : 'winprint' datatype : * datatype : 'RAW' parameters : * parameters : '' secdesc : * secdesc: struct security_descriptor revision : SECURITY_DESCRIPTOR_REVISION_1 (1) type : 0x8004 (32772) 0: SEC_DESC_OWNER_DEFAULTED 0: SEC_DESC_GROUP_DEFAULTED 1: SEC_DESC_DACL_PRESENT 0: SEC_DESC_DACL_DEFAULTED 0: SEC_DESC_SACL_PRESENT 0: SEC_DESC_SACL_DEFAULTED 0: SEC_DESC_DACL_TRUSTED 0: SEC_DESC_SERVER_SECURITY 0: SEC_DESC_DACL_AUTO_INHERIT_REQ 0: SEC_DESC_SACL_AUTO_INHERIT_REQ 0: SEC_DESC_DACL_AUTO_INHERITED 0: SEC_DESC_SACL_AUTO_INHERITED 0: SEC_DESC_DACL_PROTECTED 0: SEC_DESC_SACL_PROTECTED 0: SEC_DESC_RM_CONTROL_VALID 1: SEC_DESC_SELF_RELATIVE owner_sid : * owner_sid : S-1-5-32-544 group_sid : * group_sid : S-1-5-32-544 sacl : NULL dacl : * dacl: struct security_acl revision : SECURITY_ACL_REVISION_NT4 (2) size : 0x00c4 (196) num_aces : 0x00000007 (7) aces: ARRAY(7) aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0014 (20) access_mask : 0x20020008 (537001992) object : union security_ace_object_ctr(case 0) trustee : S-1-1-0 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x09 (9) 1: SEC_ACE_FLAG_OBJECT_INHERIT 0: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 1: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0024 (36) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-21-1094127309-486540266-3527182606-512 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0024 (36) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-21-1094127309-486540266-3527182606-512 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x09 (9) 1: SEC_ACE_FLAG_OBJECT_INHERIT 0: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 1: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-544 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-544 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x09 (9) 1: SEC_ACE_FLAG_OBJECT_INHERIT 0: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 1: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-550 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-550 attributes : 0x00001048 (4168) 0: PRINTER_ATTRIBUTE_QUEUED 0: PRINTER_ATTRIBUTE_DIRECT 0: PRINTER_ATTRIBUTE_DEFAULT 1: PRINTER_ATTRIBUTE_SHARED 0: PRINTER_ATTRIBUTE_NETWORK 0: PRINTER_ATTRIBUTE_HIDDEN 1: PRINTER_ATTRIBUTE_LOCAL 0: PRINTER_ATTRIBUTE_ENABLE_DEVQ 0: PRINTER_ATTRIBUTE_KEEPPRINTEDJOBS 0: PRINTER_ATTRIBUTE_DO_COMPLETE_FIRST 0: PRINTER_ATTRIBUTE_WORK_OFFLINE 0: PRINTER_ATTRIBUTE_ENABLE_BIDI 1: PRINTER_ATTRIBUTE_RAW_ONLY 0: PRINTER_ATTRIBUTE_PUBLISHED 0: PRINTER_ATTRIBUTE_FAX 0: PRINTER_ATTRIBUTE_TS priority : 0x00000001 (1) defaultpriority : 0x00000001 (1) starttime : 0x00000000 (0) untiltime : 0x00000000 (0) status : 0x00000000 (0) 0: PRINTER_STATUS_PAUSED 0: PRINTER_STATUS_ERROR 0: PRINTER_STATUS_PENDING_DELETION 0: PRINTER_STATUS_PAPER_JAM 0: PRINTER_STATUS_PAPER_OUT 0: PRINTER_STATUS_MANUAL_FEED 0: PRINTER_STATUS_PAPER_PROBLEM 0: PRINTER_STATUS_OFFLINE 0: PRINTER_STATUS_IO_ACTIVE 0: PRINTER_STATUS_BUSY 0: PRINTER_STATUS_PRINTING 0: PRINTER_STATUS_OUTPUT_BIN_FULL 0: PRINTER_STATUS_NOT_AVAILABLE 0: PRINTER_STATUS_WAITING 0: PRINTER_STATUS_PROCESSING 0: PRINTER_STATUS_INITIALIZING 0: PRINTER_STATUS_WARMING_UP 0: PRINTER_STATUS_TONER_LOW 0: PRINTER_STATUS_NO_TONER 0: PRINTER_STATUS_PAGE_PUNT 0: PRINTER_STATUS_USER_INTERVENTION 0: PRINTER_STATUS_OUT_OF_MEMORY 0: PRINTER_STATUS_DOOR_OPEN 0: PRINTER_STATUS_SERVER_UNKNOWN 0: PRINTER_STATUS_POWER_SAVE cjobs : 0x00000000 (0) averageppm : 0x00000000 (0) needed : * needed : 0x000002f0 (752) result : WERR_OK [2013/11/07 14:25:03.147717, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1417(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2013/11/07 14:25:03.147840, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (2016, 5001) - sec_ctx_stack_ndx = 0 [2013/11/07 14:25:03.147930, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 4140 smbd_smb2_request_pending_queue: req->current_idx = 1 req->in.vector[0].iov_len = 0 req->in.vector[1].iov_len = 0 req->in.vector[2].iov_len = 64 req->in.vector[3].iov_len = 56 req->in.vector[4].iov_len = 4156 req->out.vector[0].iov_len = 4 req->out.vector[1].iov_len = 0 req->out.vector[2].iov_len = 64 req->out.vector[3].iov_len = 8 req->out.vector[4].iov_len = 0 [2013/11/07 14:25:03.148499, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:128(smbd_smb2_ioctl_pipe_write_done) smbd_smb2_ioctl_pipe_write_done: received 4156 [2013/11/07 14:25:03.148584, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:149(smbd_smb2_ioctl_pipe_write_done) smbd_smb2_ioctl_pipe_write_done: issuing np_read_send of size 4136 [2013/11/07 14:25:03.148670, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) name: \spoolss len: 4136 [2013/11/07 14:25:03.148754, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:347(read_from_internal_pipe) read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 4112. [2013/11/07 14:25:03.148852, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x1028 (4136) auth_length : 0x0000 (0) call_id : 0x00000006 (6) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00001010 (4112) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=4112 [0000] 04 00 02 00 00 10 00 00 EE 0F 00 00 C8 0F 00 00 ........ ........ [0010] B4 0F 00 00 8E 0F 00 00 8C 0F 00 00 8A 0F 00 00 ........ ........ [0020] 88 0F 00 00 8C 0E 00 00 86 0F 00 00 74 0F 00 00 ........ ....t... [0030] 6C 0F 00 00 6A 0F 00 00 94 0D 00 00 48 10 00 00 l...j... ....H... [0040] 01 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 01 00 04 80 ........ ........ [0DA0] D8 00 00 00 E8 00 00 00 00 00 00 00 14 00 00 00 ........ ........ [0DB0] 02 00 C4 00 07 00 00 00 00 02 14 00 08 00 02 20 ........ ....... [0DC0] 01 01 00 00 00 00 00 01 00 00 00 00 00 09 24 00 ........ ......$. [0DD0] 0C 00 0F 10 01 05 00 00 00 00 00 05 15 00 00 00 ........ ........ [0DE0] CD 0E 37 41 EA 03 00 1D 0E 89 3C D2 00 02 00 00 ..7A.... ..<..... [0DF0] 00 02 24 00 0C 00 0F 10 01 05 00 00 00 00 00 05 ..$..... ........ [0E00] 15 00 00 00 CD 0E 37 41 EA 03 00 1D 0E 89 3C D2 ......7A ......<. [0E10] 00 02 00 00 00 09 18 00 0C 00 0F 10 01 02 00 00 ........ ........ [0E20] 00 00 00 05 20 00 00 00 20 02 00 00 00 02 18 00 .... ... ....... [0E30] 0C 00 0F 10 01 02 00 00 00 00 00 05 20 00 00 00 ........ .... ... [0E40] 20 02 00 00 00 09 18 00 0C 00 0F 10 01 02 00 00 ....... ........ [0E50] 00 00 00 05 20 00 00 00 26 02 00 00 00 02 18 00 .... ... &....... [0E60] 0C 00 0F 10 01 02 00 00 00 00 00 05 20 00 00 00 ........ .... ... [0E70] 26 02 00 00 01 02 00 00 00 00 00 05 20 00 00 00 &....... .... ... [0E80] 20 02 00 00 01 02 00 00 00 00 00 05 20 00 00 00 ....... .... ... [0E90] 20 02 00 00 5C 00 5C 00 53 00 4C 00 41 00 56 00 ...\.\. S.L.A.V. [0EA0] 45 00 52 00 5C 00 73 00 70 00 72 00 69 00 6E 00 E.R.\.s. p.r.i.n. [0EB0] 74 00 65 00 72 00 31 00 00 00 00 00 00 00 00 00 t.e.r.1. ........ [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0ED0] 00 00 00 00 01 04 00 04 DC 00 00 00 13 47 01 00 ........ .....G.. [0EE0] 01 00 01 00 00 00 00 00 64 00 01 00 0F 00 FC FF ........ d....... [0EF0] 01 00 01 00 00 00 03 00 00 00 4C 00 65 00 74 00 ........ ..L.e.t. [0F00] 74 00 65 00 72 00 00 00 00 00 00 00 00 00 00 00 t.e.r... ........ [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F70] 00 00 00 00 52 00 41 00 57 00 00 00 77 00 69 00 ....R.A. W...w.i. [0F80] 6E 00 70 00 72 00 69 00 6E 00 74 00 00 00 00 00 n.p.r.i. n.t..... [0F90] 00 00 00 00 00 00 53 00 61 00 6D 00 62 00 61 00 ......S. a.m.b.a. [0FA0] 20 00 50 00 72 00 69 00 6E 00 74 00 65 00 72 00 .P.r.i. n.t.e.r. [0FB0] 20 00 50 00 6F 00 72 00 74 00 00 00 73 00 70 00 .P.o.r. t...s.p. [0FC0] 72 00 69 00 6E 00 74 00 65 00 72 00 31 00 00 00 r.i.n.t. e.r.1... [0FD0] 5C 00 5C 00 53 00 4C 00 41 00 56 00 45 00 52 00 \.\.S.L. A.V.E.R. [0FE0] 5C 00 73 00 70 00 72 00 69 00 6E 00 74 00 65 00 \.s.p.r. i.n.t.e. [0FF0] 72 00 31 00 00 00 5C 00 5C 00 53 00 4C 00 41 00 r.1...\. \.S.L.A. [1000] 56 00 45 00 52 00 00 00 F0 02 00 00 00 00 00 00 V.E.R... ........ [2013/11/07 14:25:03.167428, 3, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) free_pipe_context: destroying talloc pool of size 1258 [2013/11/07 14:25:03.167551, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 4136 bytes. There is no more data outstanding [2013/11/07 14:25:03.167635, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:178(smbd_smb2_ioctl_pipe_read_done) smbd_smb2_ioctl_pipe_read_done: np_read_recv nread = 4136 is_data_outstanding = 0, status = NT_STATUS_OK [2013/11/07 14:25:03.167725, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl.c:291(smbd_smb2_request_ioctl_done) smbd_smb2_request_ioctl_done: smbd_smb2_ioctl_recv returned 4136 status NT_STATUS_OK [2013/11/07 14:25:03.167810, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[48] dyn[yes:4136] at ../source3/smbd/smb2_ioctl.c:358 [2013/11/07 14:25:03.167897, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/262/127 [2013/11/07 14:25:03.168145, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) smbd_smb2_request_incoming: idx[1] of 5 vectors [2013/11/07 14:25:03.168236, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) smb2_validate_sequence_number: clearing id 262 (position 262) from bitmap [2013/11/07 14:25:03.168322, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) smbd_smb2_request_dispatch: opcode[SMB2_OP_IOCTL] mid = 262 [2013/11/07 14:25:03.168462, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2013/11/07 14:25:03.168574, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) mid 262, CreditCharge: 1, NeededCharge: 1 [2013/11/07 14:25:03.168658, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl.c:394(smbd_smb2_ioctl_send) smbd_smb2_ioctl: ctl_code[0x0011c017] spoolss, fnum 3764318751 [2013/11/07 14:25:03.168792, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:59(smb2_ioctl_named_pipe) smbd_smb2_ioctl_send: np_write_send of size 44 [2013/11/07 14:25:03.168875, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 44 [2013/11/07 14:25:03.168958, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 44 [2013/11/07 14:25:03.169040, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 44 [2013/11/07 14:25:03.169122, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 [2013/11/07 14:25:03.169205, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 16 [2013/11/07 14:25:03.169303, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 28 [2013/11/07 14:25:03.169384, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 28 [2013/11/07 14:25:03.169468, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 0 [2013/11/07 14:25:03.169548, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 28 [2013/11/07 14:25:03.169628, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 28, incoming data = 28 [2013/11/07 14:25:03.169713, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) PDU is in Little Endian format! [2013/11/07 14:25:03.169804, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x002c (44) auth_length : 0x0000 (0) call_id : 0x00000011 (17) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x00000014 (20) context_id : 0x0000 (0) opnum : 0x001d (29) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=20 [0000] 00 00 00 00 7E 01 00 00 00 00 00 00 7B 52 AA 94 ....~... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:03.170823, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) Processing packet type 0 [2013/11/07 14:25:03.170905, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1472(dcesrv_auth_request) Checking request auth. [2013/11/07 14:25:03.170990, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(2016, 5001) : sec_ctx_stack_ndx = 1 [2013/11/07 14:25:03.171083, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (2016, 5001) - sec_ctx_stack_ndx = 1 [2013/11/07 14:25:03.171167, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (7): SID[ 0]: S-1-5-21-1094127309-486540266-3527182606-1118 SID[ 1]: S-1-5-21-1094127309-486540266-3527182606-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-32-545 SID[ 6]: S-1-5-32-554 Privileges (0x 800000): Privilege[ 0]: SeChangeNotifyPrivilege Rights (0x 400): Right[ 0]: SeRemoteInteractiveLogonRight [2013/11/07 14:25:03.171698, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 2016 Primary group is 5001 and contains 6 supplementary groups Group[ 0]: 5001 Group[ 1]: 5012 Group[ 2]: 5032 Group[ 3]: 5010 Group[ 4]: 5067 Group[ 5]: 5052 [2013/11/07 14:25:03.172040, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1324(api_pipe_request) Requested \spoolss rpc service [2013/11/07 14:25:03.172126, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1356(api_rpcTNP) api_rpcTNP: \spoolss op 0x1d - api_rpcTNP: rpc command: SPOOLSS_CLOSEPRINTER [2013/11/07 14:25:03.172212, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1390(api_rpcTNP) api_rpc_cmds[29].fn == 0xb766a170 [2013/11/07 14:25:03.172298, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) spoolss_ClosePrinter: struct spoolss_ClosePrinter in: struct spoolss_ClosePrinter handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000017e-0000-0000-7b52-aa947f2c0000 [2013/11/07 14:25:03.172640, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[5] [0000] 00 00 00 00 7E 01 00 00 00 00 00 00 7B 52 AA 94 ....~... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:03.172792, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[5] [0000] 00 00 00 00 7E 01 00 00 00 00 00 00 7B 52 AA 94 ....~... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:03.172941, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[5] [0000] 00 00 00 00 7E 01 00 00 00 00 00 00 7B 52 AA 94 ....~... ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:03.173089, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:25:03.173189, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) spoolss_ClosePrinter: struct spoolss_ClosePrinter out: struct spoolss_ClosePrinter handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:25:03.173533, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1417(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2013/11/07 14:25:03.173627, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (2016, 5001) - sec_ctx_stack_ndx = 0 [2013/11/07 14:25:03.173712, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 28 smbd_smb2_request_pending_queue: req->current_idx = 1 req->in.vector[0].iov_len = 0 req->in.vector[1].iov_len = 0 req->in.vector[2].iov_len = 64 req->in.vector[3].iov_len = 56 req->in.vector[4].iov_len = 44 req->out.vector[0].iov_len = 4 req->out.vector[1].iov_len = 0 req->out.vector[2].iov_len = 64 req->out.vector[3].iov_len = 8 req->out.vector[4].iov_len = 0 [2013/11/07 14:25:03.174199, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:128(smbd_smb2_ioctl_pipe_write_done) smbd_smb2_ioctl_pipe_write_done: received 44 [2013/11/07 14:25:03.174282, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:149(smbd_smb2_ioctl_pipe_write_done) smbd_smb2_ioctl_pipe_write_done: issuing np_read_send of size 4136 [2013/11/07 14:25:03.174367, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) name: \spoolss len: 4136 [2013/11/07 14:25:03.174450, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:347(read_from_internal_pipe) read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 24. [2013/11/07 14:25:03.174544, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0030 (48) auth_length : 0x0000 (0) call_id : 0x00000011 (17) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00000018 (24) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=24 [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0010] 00 00 00 00 00 00 00 00 ........ [2013/11/07 14:25:03.175482, 3, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) free_pipe_context: destroying talloc pool of size 25 [2013/11/07 14:25:03.175584, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 48 bytes. There is no more data outstanding [2013/11/07 14:25:03.175678, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:178(smbd_smb2_ioctl_pipe_read_done) smbd_smb2_ioctl_pipe_read_done: np_read_recv nread = 48 is_data_outstanding = 0, status = NT_STATUS_OK [2013/11/07 14:25:03.175765, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl.c:291(smbd_smb2_request_ioctl_done) smbd_smb2_request_ioctl_done: smbd_smb2_ioctl_recv returned 48 status NT_STATUS_OK [2013/11/07 14:25:03.175848, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[48] dyn[yes:48] at ../source3/smbd/smb2_ioctl.c:358 [2013/11/07 14:25:03.175934, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/263/127 [2013/11/07 14:25:03.302339, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) smbd_smb2_request_incoming: idx[1] of 5 vectors [2013/11/07 14:25:03.302763, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) smb2_validate_sequence_number: clearing id 263 (position 263) from bitmap [2013/11/07 14:25:03.302985, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) smbd_smb2_request_dispatch: opcode[SMB2_OP_CLOSE] mid = 263 [2013/11/07 14:25:03.303229, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2013/11/07 14:25:03.303458, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_close.c:185(smbd_smb2_close) smbd_smb2_close: spoolss - fnum 3764318751 [2013/11/07 14:25:03.303689, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap.c:187(dbwrap_check_lock_order) check lock order 1 for /var/run/samba/smbXsrv_open_global.tdb [2013/11/07 14:25:03.303894, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) lock order: 1:/var/run/samba/smbXsrv_open_global.tdb 2: 3: [2013/11/07 14:25:03.304112, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) Locking key 1F280C1F [2013/11/07 14:25:03.304345, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap_tdb.c:143(db_tdb_fetch_locked_internal) Allocated locked data 0x0xb84643c8 [2013/11/07 14:25:03.304673, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) Unlocking key 1F280C1F [2013/11/07 14:25:03.304882, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor) release lock order 1 for /var/run/samba/smbXsrv_open_global.tdb [2013/11/07 14:25:03.305082, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) lock order: 1: 2: 3: [2013/11/07 14:25:03.305362, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/files.c:525(file_free) freed files structure 3764318751 (5 used) [2013/11/07 14:25:03.305631, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[60] dyn[no:0] at ../source3/smbd/smb2_close.c:139 [2013/11/07 14:25:03.305849, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/264/127 [2013/11/07 14:25:03.322406, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) smbd_smb2_request_incoming: idx[1] of 5 vectors [2013/11/07 14:25:03.322835, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) smb2_validate_sequence_number: clearing id 264 (position 264) from bitmap [2013/11/07 14:25:03.323074, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) smbd_smb2_request_dispatch: opcode[SMB2_OP_CREATE] mid = 264 [2013/11/07 14:25:03.323323, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2013/11/07 14:25:03.323553, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_create.c:451(smbd_smb2_create_send) smbd_smb2_create: name[spoolss] [2013/11/07 14:25:03.323785, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap.c:187(dbwrap_check_lock_order) check lock order 1 for /var/run/samba/smbXsrv_open_global.tdb [2013/11/07 14:25:03.323988, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) lock order: 1:/var/run/samba/smbXsrv_open_global.tdb 2: 3: [2013/11/07 14:25:03.324204, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) Locking key B6BCAC32 [2013/11/07 14:25:03.324509, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap_tdb.c:143(db_tdb_fetch_locked_internal) Allocated locked data 0x0xb80a6720 [2013/11/07 14:25:03.324811, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smbXsrv_open.c:695(smbXsrv_open_global_store) [2013/11/07 14:25:03.324927, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smbXsrv_open.c:697(smbXsrv_open_global_store) smbXsrv_open_global_store: key 'B6BCAC32' stored [2013/11/07 14:25:03.325134, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) &global_blob: struct smbXsrv_open_globalB version : SMBXSRV_VERSION_0 (0) seqnum : 0x00000001 (1) info : union smbXsrv_open_globalU(case 0) info0 : * info0: struct smbXsrv_open_global0 db_rec : * server_id: struct server_id pid : 0x0000000000002c7f (11391) task_id : 0x00000000 (0) vnn : 0xffffffff (4294967295) unique_id : 0xf0a57ba60aba1420 (-1106342180374834144) open_global_id : 0xb6bcac32 (3065818162) open_persistent_id : 0x00000000b6bcac32 (3065818162) open_volatile_id : 0x000000000fea8bed (267029485) open_owner : S-1-5-21-1094127309-486540266-3527182606-1118 open_time : Do Nov 7 14:25:03 2013 CET create_guid : 00000000-0000-0000-0000-000000000000 client_guid : 4a76dfb5-4795-11e3-be7a-5254003f141e app_instance_id : 00000000-0000-0000-0000-000000000000 disconnect_time : NTTIME(0) durable_timeout_msec : 0x00000000 (0) durable : 0x00 (0) backend_cookie : DATA_BLOB length=0 [2013/11/07 14:25:03.327783, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) Unlocking key B6BCAC32 [2013/11/07 14:25:03.327999, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor) release lock order 1 for /var/run/samba/smbXsrv_open_global.tdb [2013/11/07 14:25:03.328202, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) lock order: 1: 2: 3: [2013/11/07 14:25:03.328516, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smbXsrv_open.c:862(smbXsrv_open_create) [2013/11/07 14:25:03.328629, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smbXsrv_open.c:870(smbXsrv_open_create) smbXsrv_open_create: global_id (0xb6bcac32) stored [2013/11/07 14:25:03.328830, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) &open_blob: struct smbXsrv_openB version : SMBXSRV_VERSION_0 (0) reserved : 0x00000000 (0) info : union smbXsrv_openU(case 0) info0 : * info0: struct smbXsrv_open table : * db_rec : NULL local_id : 0x0fea8bed (267029485) global : * global: struct smbXsrv_open_global0 db_rec : NULL server_id: struct server_id pid : 0x0000000000002c7f (11391) task_id : 0x00000000 (0) vnn : 0xffffffff (4294967295) unique_id : 0xf0a57ba60aba1420 (-1106342180374834144) open_global_id : 0xb6bcac32 (3065818162) open_persistent_id : 0x00000000b6bcac32 (3065818162) open_volatile_id : 0x000000000fea8bed (267029485) open_owner : S-1-5-21-1094127309-486540266-3527182606-1118 open_time : Do Nov 7 14:25:03 2013 CET create_guid : 00000000-0000-0000-0000-000000000000 client_guid : 4a76dfb5-4795-11e3-be7a-5254003f141e app_instance_id : 00000000-0000-0000-0000-000000000000 disconnect_time : NTTIME(0) durable_timeout_msec : 0x00000000 (0) durable : 0x00 (0) backend_cookie : DATA_BLOB length=0 status : NT_STATUS_OK idle_time : Do Nov 7 14:25:03 2013 CET compat : NULL [2013/11/07 14:25:03.332857, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/files.c:125(file_new) allocated file structure fnum 267029485 (6 used) [2013/11/07 14:25:03.333086, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/files.c:713(file_name_hash) file_name_hash: /tmp/spoolss hash 0x7d4e46e5 [2013/11/07 14:25:03.333398, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) Create pipe requested \spoolss [2013/11/07 14:25:03.333493, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 24 for pipe \spoolss [2013/11/07 14:25:03.333660, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) Created internal pipe \spoolss [2013/11/07 14:25:03.333747, 8, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/dosmode.c:631(dos_mode) dos_mode: spoolss [2013/11/07 14:25:03.333851, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_create.c:1053(smbd_smb2_create_send) smbd_smb2_create_send: spoolss - fnum 267029485 [2013/11/07 14:25:03.333966, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[88] dyn[yes:0] at ../source3/smbd/smb2_create.c:369 [2013/11/07 14:25:03.334074, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/265/127 [2013/11/07 14:25:03.355881, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) smbd_smb2_request_incoming: idx[1] of 5 vectors [2013/11/07 14:25:03.356073, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) smb2_validate_sequence_number: clearing id 265 (position 265) from bitmap [2013/11/07 14:25:03.356161, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) smbd_smb2_request_dispatch: opcode[SMB2_OP_WRITE] mid = 265 [2013/11/07 14:25:03.356265, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2013/11/07 14:25:03.356358, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) mid 265, CreditCharge: 1, NeededCharge: 1 [2013/11/07 14:25:03.356533, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_write.c:271(smbd_smb2_write_send) smbd_smb2_write: spoolss - fnum 267029485 [2013/11/07 14:25:03.356626, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 160 [2013/11/07 14:25:03.356743, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 160 [2013/11/07 14:25:03.356831, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 160 [2013/11/07 14:25:03.356914, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) fill_rpc_header: data_to_copy = 160, len_needed_to_complete_hdr = 16, receive_len = 0 [2013/11/07 14:25:03.357012, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 16 [2013/11/07 14:25:03.357091, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 144 [2013/11/07 14:25:03.357170, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 144 [2013/11/07 14:25:03.357254, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 0 [2013/11/07 14:25:03.357528, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 144 [2013/11/07 14:25:03.357760, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 144, incoming data = 144 [2013/11/07 14:25:03.357954, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) PDU is in Little Endian format! [2013/11/07 14:25:03.358478, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_BIND (11) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x00a0 (160) auth_length : 0x0000 (0) call_id : 0x00000002 (2) u : union dcerpc_payload(case 11) bind: struct dcerpc_bind max_xmit_frag : 0x10b8 (4280) max_recv_frag : 0x10b8 (4280) assoc_group_id : 0x00000000 (0) num_contexts : 0x03 (3) ctx_list: ARRAY(3) ctx_list: struct dcerpc_ctx_list context_id : 0x0000 (0) num_transfer_syntaxes : 0x01 (1) abstract_syntax: struct ndr_syntax_id uuid : 12345678-1234-abcd-ef00-0123456789ab if_version : 0x00000001 (1) transfer_syntaxes: ARRAY(1) transfer_syntaxes: struct ndr_syntax_id uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 if_version : 0x00000002 (2) ctx_list: struct dcerpc_ctx_list context_id : 0x0001 (1) num_transfer_syntaxes : 0x01 (1) abstract_syntax: struct ndr_syntax_id uuid : 12345678-1234-abcd-ef00-0123456789ab if_version : 0x00000001 (1) transfer_syntaxes: ARRAY(1) transfer_syntaxes: struct ndr_syntax_id uuid : 71710533-beba-4937-8319-b5dbef9ccc36 if_version : 0x00000001 (1) ctx_list: struct dcerpc_ctx_list context_id : 0x0002 (2) num_transfer_syntaxes : 0x01 (1) abstract_syntax: struct ndr_syntax_id uuid : 12345678-1234-abcd-ef00-0123456789ab if_version : 0x00000001 (1) transfer_syntaxes: ARRAY(1) transfer_syntaxes: struct ndr_syntax_id uuid : 6cb71c2c-9812-4540-0300-000000000000 if_version : 0x00000001 (1) auth_info : DATA_BLOB length=0 [2013/11/07 14:25:03.363497, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) Processing packet type 11 [2013/11/07 14:25:03.363673, 3, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:693(api_pipe_bind_req) api_pipe_bind_req: spoolss -> spoolss rpc service [2013/11/07 14:25:03.363842, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:724(api_pipe_bind_req) api_pipe_bind_req: make response. 724 [2013/11/07 14:25:03.364030, 3, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:342(check_bind_req) check_bind_req for \spoolss [2013/11/07 14:25:03.364202, 3, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:349(check_bind_req) check_bind_req: spoolss -> spoolss rpc service [2013/11/07 14:25:03.364368, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 25 for pipe \spoolss [2013/11/07 14:25:03.364672, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_BIND_ACK (12) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0044 (68) auth_length : 0x0000 (0) call_id : 0x00000002 (2) u : union dcerpc_payload(case 12) bind_ack: struct dcerpc_bind_ack max_xmit_frag : 0x10b8 (4280) max_recv_frag : 0x10b8 (4280) assoc_group_id : 0x000053f0 (21488) secondary_address_size : 0x000e (14) secondary_address : '\PIPE\spoolss' _pad1 : DATA_BLOB length=0 num_results : 0x01 (1) ctx_list: ARRAY(1) ctx_list: struct dcerpc_ack_ctx result : 0x0000 (0) reason : 0x0000 (0) syntax: struct ndr_syntax_id uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 if_version : 0x00000002 (2) auth_info : DATA_BLOB length=0 [2013/11/07 14:25:03.367659, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 144 smbd_smb2_request_pending_queue: req->current_idx = 1 req->in.vector[0].iov_len = 0 req->in.vector[1].iov_len = 0 req->in.vector[2].iov_len = 64 req->in.vector[3].iov_len = 48 req->in.vector[4].iov_len = 160 req->out.vector[0].iov_len = 4 req->out.vector[1].iov_len = 0 req->out.vector[2].iov_len = 64 req->out.vector[3].iov_len = 8 req->out.vector[4].iov_len = 0 [2013/11/07 14:25:03.368843, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[16] dyn[yes:0] at ../source3/smbd/smb2_write.c:150 [2013/11/07 14:25:03.369046, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/266/127 [2013/11/07 14:25:03.455202, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) smbd_smb2_request_incoming: idx[1] of 5 vectors [2013/11/07 14:25:03.455609, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) smb2_validate_sequence_number: clearing id 266 (position 266) from bitmap [2013/11/07 14:25:03.455829, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) smbd_smb2_request_dispatch: opcode[SMB2_OP_READ] mid = 266 [2013/11/07 14:25:03.456074, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2013/11/07 14:25:03.456298, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) mid 266, CreditCharge: 1, NeededCharge: 1 [2013/11/07 14:25:03.456588, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_read.c:400(smbd_smb2_read_send) smbd_smb2_read: spoolss - fnum 267029485 [2013/11/07 14:25:03.456814, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) name: \spoolss len: 1024 [2013/11/07 14:25:03.457089, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:326(read_from_internal_pipe) read_from_pipe: \spoolss: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. [2013/11/07 14:25:03.457358, 3, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) free_pipe_context: destroying talloc pool of size 25 smbd_smb2_request_pending_queue: req->current_idx = 1 req->in.vector[0].iov_len = 0 req->in.vector[1].iov_len = 0 req->in.vector[2].iov_len = 64 req->in.vector[3].iov_len = 48 req->in.vector[4].iov_len = 1 req->out.vector[0].iov_len = 4 req->out.vector[1].iov_len = 0 req->out.vector[2].iov_len = 64 req->out.vector[3].iov_len = 8 req->out.vector[4].iov_len = 0 [2013/11/07 14:25:03.458890, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 68 bytes. There is no more data outstanding [2013/11/07 14:25:03.459106, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[16] dyn[yes:68] at ../source3/smbd/smb2_read.c:154 [2013/11/07 14:25:03.459438, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/267/127 [2013/11/07 14:25:03.461511, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) smbd_smb2_request_incoming: idx[1] of 5 vectors [2013/11/07 14:25:03.461838, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) smb2_validate_sequence_number: clearing id 267 (position 267) from bitmap [2013/11/07 14:25:03.462052, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) smbd_smb2_request_dispatch: opcode[SMB2_OP_IOCTL] mid = 267 [2013/11/07 14:25:03.462309, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2013/11/07 14:25:03.462528, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) mid 267, CreditCharge: 1, NeededCharge: 1 [2013/11/07 14:25:03.462734, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl.c:394(smbd_smb2_ioctl_send) smbd_smb2_ioctl: ctl_code[0x0011c017] spoolss, fnum 267029485 [2013/11/07 14:25:03.462951, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:59(smb2_ioctl_named_pipe) smbd_smb2_ioctl_send: np_write_send of size 192 [2013/11/07 14:25:03.463154, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 192 [2013/11/07 14:25:03.463359, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 192 [2013/11/07 14:25:03.463560, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 192 [2013/11/07 14:25:03.463761, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) fill_rpc_header: data_to_copy = 192, len_needed_to_complete_hdr = 16, receive_len = 0 [2013/11/07 14:25:03.463967, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 16 [2013/11/07 14:25:03.464210, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 176 [2013/11/07 14:25:03.464474, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 176 [2013/11/07 14:25:03.464691, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 0 [2013/11/07 14:25:03.464889, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 176 [2013/11/07 14:25:03.465088, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 176, incoming data = 176 [2013/11/07 14:25:03.465431, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) PDU is in Little Endian format! [2013/11/07 14:25:03.465531, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x00c0 (192) auth_length : 0x0000 (0) call_id : 0x00000002 (2) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x000000a8 (168) context_id : 0x0000 (0) opnum : 0x0045 (69) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=168 [0000] 00 00 02 00 13 00 00 00 00 00 00 00 13 00 00 00 ........ ........ [0010] 5C 00 5C 00 53 00 4C 00 41 00 56 00 45 00 52 00 \.\.S.L. A.V.E.R. [0020] 5C 00 73 00 70 00 72 00 69 00 6E 00 74 00 65 00 \.s.p.r. i.n.t.e. [0030] 72 00 31 00 00 00 00 00 00 00 00 00 00 00 00 00 r.1..... ........ [0040] 00 00 00 00 00 00 00 00 01 00 00 00 01 00 00 00 ........ ........ [0050] 04 00 02 00 28 00 00 00 08 00 02 00 0C 00 02 00 ....(... ........ [0060] 80 25 00 00 03 00 00 00 00 00 00 00 09 00 00 00 .%...... ........ [0070] 05 00 00 00 00 00 00 00 05 00 00 00 57 00 49 00 ........ ....W.I. [0080] 4E 00 38 00 00 00 00 00 0A 00 00 00 00 00 00 00 N.8..... ........ [0090] 0A 00 00 00 46 00 46 00 46 00 5C 00 74 00 65 00 ....F.F. F.\.t.e. [00A0] 73 00 74 00 38 00 00 00 s.t.8... [2013/11/07 14:25:03.467165, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) Processing packet type 0 [2013/11/07 14:25:03.467247, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1472(dcesrv_auth_request) Checking request auth. [2013/11/07 14:25:03.467334, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(2016, 5001) : sec_ctx_stack_ndx = 1 [2013/11/07 14:25:03.467426, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (2016, 5001) - sec_ctx_stack_ndx = 1 [2013/11/07 14:25:03.467526, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (7): SID[ 0]: S-1-5-21-1094127309-486540266-3527182606-1118 SID[ 1]: S-1-5-21-1094127309-486540266-3527182606-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-32-545 SID[ 6]: S-1-5-32-554 Privileges (0x 800000): Privilege[ 0]: SeChangeNotifyPrivilege Rights (0x 400): Right[ 0]: SeRemoteInteractiveLogonRight [2013/11/07 14:25:03.468010, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 2016 Primary group is 5001 and contains 6 supplementary groups Group[ 0]: 5001 Group[ 1]: 5012 Group[ 2]: 5032 Group[ 3]: 5010 Group[ 4]: 5067 Group[ 5]: 5052 [2013/11/07 14:25:03.468382, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1324(api_pipe_request) Requested \spoolss rpc service [2013/11/07 14:25:03.468537, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1356(api_rpcTNP) api_rpcTNP: \spoolss op 0x45 - api_rpcTNP: rpc command: SPOOLSS_OPENPRINTEREX [2013/11/07 14:25:03.468624, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1390(api_rpcTNP) api_rpc_cmds[69].fn == 0xb7662e70 [2013/11/07 14:25:03.468721, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) spoolss_OpenPrinterEx: struct spoolss_OpenPrinterEx in: struct spoolss_OpenPrinterEx printername : * printername : '\\SLAVER\sprinter1' datatype : NULL devmode_ctr: struct spoolss_DevmodeContainer _ndr_size : 0x00000000 (0) devmode : NULL access_mask : 0x00000000 (0) 0: SERVER_ACCESS_ADMINISTER 0: SERVER_ACCESS_ENUMERATE 0: PRINTER_ACCESS_ADMINISTER 0: PRINTER_ACCESS_USE 0: JOB_ACCESS_ADMINISTER 0: JOB_ACCESS_READ userlevel_ctr: struct spoolss_UserLevelCtr level : 0x00000001 (1) user_info : union spoolss_UserLevel(case 1) level1 : * level1: struct spoolss_UserLevel1 size : 0x00000028 (40) client : * client : 'WIN8' user : * user : 'FFF\test8' build : 0x00002580 (9600) major : UNKNOWN_ENUM_VALUE (3) minor : SPOOLSS_MINOR_VERSION_0 (0) processor : PROCESSOR_ARCHITECTURE_AMD64 (9) checking name: \\SLAVER\sprinter1 [2013/11/07 14:25:03.469942, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:737(open_printer_hnd) open_printer_hnd: name [\\SLAVER\sprinter1] [2013/11/07 14:25:03.470033, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[6] [0000] 00 00 00 00 E9 01 00 00 00 00 00 00 7B 52 AF 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:03.470185, 3, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:506(set_printer_hnd_printertype) Setting printer type=\\SLAVER\sprinter1 Printer is a printer [2013/11/07 14:25:03.470318, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:566(set_printer_hnd_name) Setting printer name=\\SLAVER\sprinter1 (len=18) searching for [sprinter1] [2013/11/07 14:25:03.470483, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=tdb] ../source3/lib/gencache.c:296(gencache_set_data_blob) Adding cache entry with key=[PRINTERNAME/sprinter1] and timeout=[Do Nov 7 14:30:03 2013 CET] (300 seconds ahead) set_printer_hnd_name: Printer found: sprinter1 -> sprinter1 [2013/11/07 14:25:03.470664, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:773(open_printer_hnd) 6 printer handles active [2013/11/07 14:25:03.470747, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 E9 01 00 00 00 00 00 00 7B 52 AF 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:03.470896, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 E9 01 00 00 00 00 00 00 7B 52 AF 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:03.471042, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:489(get_printer_snum) short name:sprinter1 [2013/11/07 14:25:03.471145, 3, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/access.c:338(allow_access) Allowed connection from 10.200.7.61 (10.200.7.61) [2013/11/07 14:25:03.471364, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/share_access.c:237(user_ok_token) user_ok_token: share sprinter1 is ok for unix user test8 [2013/11/07 14:25:03.471523, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) Create pipe requested \winreg [2013/11/07 14:25:03.471618, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:221(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \winreg [2013/11/07 14:25:03.471701, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg [2013/11/07 14:25:03.471839, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) Created internal pipe \winreg [2013/11/07 14:25:03.471950, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:25:03.472509, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2013/11/07 14:25:03.472595, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(2016, 5001) : sec_ctx_stack_ndx = 2 [2013/11/07 14:25:03.472683, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:485(push_conn_ctx) push_conn_ctx(2620291195) : conn_ctx_stack_ndx = 0 [2013/11/07 14:25:03.472781, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/11/07 14:25:03.472861, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/11/07 14:25:03.472941, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/11/07 14:25:03.473182, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (2016, 5001) - sec_ctx_stack_ndx = 1 [2013/11/07 14:25:03.473268, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:866(regdb_open) regdb_open: registry db opened. refcount reset (1) [2013/11/07 14:25:03.473392, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2013/11/07 14:25:03.473472, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2013/11/07 14:25:03.473557, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:03.473636, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM] [2013/11/07 14:25:03.473766, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2013/11/07 14:25:03.473870, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:25:03.473957, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 EA 01 00 00 00 00 00 00 7B 52 AF 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:03.474110, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001ea-0000-0000-7b52-af947f2c0000 result : WERR_OK [2013/11/07 14:25:03.474472, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001ea-0000-0000-7b52-af947f2c0000 keyname: struct winreg_String name_len : 0x008c (140) name_size : 0x008c (140) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:25:03.475487, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 EA 01 00 00 00 00 00 00 7B 52 AF 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:03.475642, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2013/11/07 14:25:03.475724, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (1->2) [2013/11/07 14:25:03.475808, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2013/11/07 14:25:03.475887, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2013/11/07 14:25:03.475973, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:03.476054, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE] [2013/11/07 14:25:03.476168, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2013/11/07 14:25:03.476268, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2013/11/07 14:25:03.476351, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (2->3) [2013/11/07 14:25:03.476481, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:25:03.476561, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:25:03.476645, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:03.476725, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:25:03.476833, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2013/11/07 14:25:03.476934, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2013/11/07 14:25:03.477017, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (3->4) [2013/11/07 14:25:03.477101, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:25:03.477194, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:25:03.477323, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:03.477405, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:25:03.477513, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:25:03.477615, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2013/11/07 14:25:03.477697, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (4->5) [2013/11/07 14:25:03.477783, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:25:03.477862, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:25:03.477962, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:03.478042, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:25:03.478170, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2013/11/07 14:25:03.478253, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (5->6) [2013/11/07 14:25:03.478338, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:25:03.478419, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:25:03.478507, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:03.478586, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:25:03.478694, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2013/11/07 14:25:03.478786, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (6->7) [2013/11/07 14:25:03.478872, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:25:03.478976, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:25:03.479067, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:03.479146, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:25:03.479255, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:25:03.479359, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [sprinter1] [2013/11/07 14:25:03.479440, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (7->8) [2013/11/07 14:25:03.479527, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:03.479608, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:03.479695, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:03.479773, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:03.479902, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:03.480007, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:25:03.480092, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (8->7) [2013/11/07 14:25:03.480176, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (7->6) [2013/11/07 14:25:03.480259, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (6->5) [2013/11/07 14:25:03.480342, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (5->4) [2013/11/07 14:25:03.480462, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (4->3) [2013/11/07 14:25:03.480546, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (3->2) [2013/11/07 14:25:03.480631, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 EB 01 00 00 00 00 00 00 7B 52 AF 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:03.480796, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001eb-0000-0000-7b52-af947f2c0000 result : WERR_OK [2013/11/07 14:25:03.481155, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001eb-0000-0000-7b52-af947f2c0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2013/11/07 14:25:03.481953, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 EB 01 00 00 00 00 00 00 7B 52 AF 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:03.482102, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:03.482184, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2013/11/07 14:25:03.482267, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' (ops 0xb6d86bc0) [2013/11/07 14:25:03.482351, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:03.482471, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[0]: name[Attributes] len[4] [2013/11/07 14:25:03.482557, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[1]: name[Description] len[2] [2013/11/07 14:25:03.482641, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[2]: name[Datatype] len[8] [2013/11/07 14:25:03.482726, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[3]: name[Default Priority] len[4] [2013/11/07 14:25:03.482825, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[4]: name[Port] len[38] [2013/11/07 14:25:03.482909, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[5]: name[Name] len[20] [2013/11/07 14:25:03.482994, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[6]: name[Print Processor] len[18] [2013/11/07 14:25:03.483079, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[7]: name[Priority] len[4] [2013/11/07 14:25:03.483164, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[8]: name[Security] len[248] [2013/11/07 14:25:03.483249, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[9]: name[Share Name] len[20] [2013/11/07 14:25:03.483334, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[10]: name[StartTime] len[4] [2013/11/07 14:25:03.483419, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[11]: name[UntilTime] len[4] [2013/11/07 14:25:03.483504, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[12]: name[ChangeID] len[4] [2013/11/07 14:25:03.483592, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : NULL data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x00000000 (0) result : WERR_OK [2013/11/07 14:25:03.484045, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001eb-0000-0000-7b52-af947f2c0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_BINARY (3) data : * data: ARRAY(0) data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x00000000 (0) [2013/11/07 14:25:03.484898, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 EB 01 00 00 00 00 00 00 7B 52 AF 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:03.485066, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:03.485147, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2013/11/07 14:25:03.485236, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : * data: ARRAY(248) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0xc4 (196) [55] : 0x00 (0) [56] : 0x07 (7) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x24 (36) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x05 (5) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x15 (21) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0xcd (205) [101] : 0x0e (14) [102] : 0x37 (55) [103] : 0x41 (65) [104] : 0xea (234) [105] : 0x03 (3) [106] : 0x00 (0) [107] : 0x1d (29) [108] : 0x0e (14) [109] : 0x89 (137) [110] : 0x3c (60) [111] : 0xd2 (210) [112] : 0x00 (0) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x02 (2) [118] : 0x24 (36) [119] : 0x00 (0) [120] : 0x0c (12) [121] : 0x00 (0) [122] : 0x0f (15) [123] : 0x10 (16) [124] : 0x01 (1) [125] : 0x05 (5) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x05 (5) [132] : 0x15 (21) [133] : 0x00 (0) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0xcd (205) [137] : 0x0e (14) [138] : 0x37 (55) [139] : 0x41 (65) [140] : 0xea (234) [141] : 0x03 (3) [142] : 0x00 (0) [143] : 0x1d (29) [144] : 0x0e (14) [145] : 0x89 (137) [146] : 0x3c (60) [147] : 0xd2 (210) [148] : 0x00 (0) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x09 (9) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x20 (32) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x02 (2) [178] : 0x18 (24) [179] : 0x00 (0) [180] : 0x0c (12) [181] : 0x00 (0) [182] : 0x0f (15) [183] : 0x10 (16) [184] : 0x01 (1) [185] : 0x02 (2) [186] : 0x00 (0) [187] : 0x00 (0) [188] : 0x00 (0) [189] : 0x00 (0) [190] : 0x00 (0) [191] : 0x05 (5) [192] : 0x20 (32) [193] : 0x00 (0) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x20 (32) [197] : 0x02 (2) [198] : 0x00 (0) [199] : 0x00 (0) [200] : 0x00 (0) [201] : 0x09 (9) [202] : 0x18 (24) [203] : 0x00 (0) [204] : 0x0c (12) [205] : 0x00 (0) [206] : 0x0f (15) [207] : 0x10 (16) [208] : 0x01 (1) [209] : 0x02 (2) [210] : 0x00 (0) [211] : 0x00 (0) [212] : 0x00 (0) [213] : 0x00 (0) [214] : 0x00 (0) [215] : 0x05 (5) [216] : 0x20 (32) [217] : 0x00 (0) [218] : 0x00 (0) [219] : 0x00 (0) [220] : 0x26 (38) [221] : 0x02 (2) [222] : 0x00 (0) [223] : 0x00 (0) [224] : 0x00 (0) [225] : 0x02 (2) [226] : 0x18 (24) [227] : 0x00 (0) [228] : 0x0c (12) [229] : 0x00 (0) [230] : 0x0f (15) [231] : 0x10 (16) [232] : 0x01 (1) [233] : 0x02 (2) [234] : 0x00 (0) [235] : 0x00 (0) [236] : 0x00 (0) [237] : 0x00 (0) [238] : 0x00 (0) [239] : 0x05 (5) [240] : 0x20 (32) [241] : 0x00 (0) [242] : 0x00 (0) [243] : 0x00 (0) [244] : 0x26 (38) [245] : 0x02 (2) [246] : 0x00 (0) [247] : 0x00 (0) data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x000000f8 (248) result : WERR_OK [2013/11/07 14:25:03.495453, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001eb-0000-0000-7b52-af947f2c0000 [2013/11/07 14:25:03.495739, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 EB 01 00 00 00 00 00 00 7B 52 AF 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:03.495903, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 EB 01 00 00 00 00 00 00 7B 52 AF 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:03.496049, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:25:03.496136, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (2->1) [2013/11/07 14:25:03.496218, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:25:03.496614, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001ea-0000-0000-7b52-af947f2c0000 [2013/11/07 14:25:03.496896, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 EA 01 00 00 00 00 00 00 7B 52 AF 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:03.497047, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 EA 01 00 00 00 00 00 00 7B 52 AF 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:03.497196, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:25:03.497312, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (1->0) [2013/11/07 14:25:03.497414, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:25:03.497748, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:416(close_policy_by_pipe) Deleted handle list for RPC connection \winreg [2013/11/07 14:25:03.497840, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x20020008 to 0x00020008 [2013/11/07 14:25:03.497922, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2013/11/07 14:25:03.498002, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2013/11/07 14:25:03.498082, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2013/11/07 14:25:03.498176, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2013/11/07 14:25:03.498266, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2013/11/07 14:25:03.498346, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2013/11/07 14:25:03.498428, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/printing/nt_printing.c:1844(print_access_check) access check was SUCCESS [2013/11/07 14:25:03.498512, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:1921(_spoolss_OpenPrinterEx) Setting printer access = PRINTER_ACCESS_USE [2013/11/07 14:25:03.498665, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) Create pipe requested \winreg [2013/11/07 14:25:03.498760, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:221(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \winreg [2013/11/07 14:25:03.498843, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg [2013/11/07 14:25:03.498975, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) Created internal pipe \winreg [2013/11/07 14:25:03.499078, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:25:03.499580, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2013/11/07 14:25:03.499665, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(2016, 5001) : sec_ctx_stack_ndx = 2 [2013/11/07 14:25:03.499753, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:485(push_conn_ctx) push_conn_ctx(2620291195) : conn_ctx_stack_ndx = 0 [2013/11/07 14:25:03.499835, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/11/07 14:25:03.499915, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/11/07 14:25:03.499995, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/11/07 14:25:03.500228, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (2016, 5001) - sec_ctx_stack_ndx = 1 [2013/11/07 14:25:03.500313, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:866(regdb_open) regdb_open: registry db opened. refcount reset (1) [2013/11/07 14:25:03.500559, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2013/11/07 14:25:03.500642, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2013/11/07 14:25:03.500725, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:03.500804, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM] [2013/11/07 14:25:03.500930, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2013/11/07 14:25:03.501031, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:25:03.501119, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 EC 01 00 00 00 00 00 00 7B 52 AF 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:03.501275, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001ec-0000-0000-7b52-af947f2c0000 result : WERR_OK [2013/11/07 14:25:03.501673, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001ec-0000-0000-7b52-af947f2c0000 keyname: struct winreg_String name_len : 0x008c (140) name_size : 0x008c (140) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:25:03.502672, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 EC 01 00 00 00 00 00 00 7B 52 AF 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:03.502826, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2013/11/07 14:25:03.502924, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (1->2) [2013/11/07 14:25:03.503009, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2013/11/07 14:25:03.503088, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2013/11/07 14:25:03.503171, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:03.503250, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE] [2013/11/07 14:25:03.503361, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2013/11/07 14:25:03.503461, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2013/11/07 14:25:03.503544, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (2->3) [2013/11/07 14:25:03.503628, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:25:03.503707, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:25:03.503791, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:03.503869, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:25:03.503974, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2013/11/07 14:25:03.504073, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2013/11/07 14:25:03.504155, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (3->4) [2013/11/07 14:25:03.504241, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:25:03.504320, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:25:03.504441, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:03.504524, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:25:03.504628, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:25:03.504728, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2013/11/07 14:25:03.504825, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (4->5) [2013/11/07 14:25:03.504909, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:25:03.504989, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:25:03.505073, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:03.505152, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:25:03.505275, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2013/11/07 14:25:03.505383, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (5->6) [2013/11/07 14:25:03.505467, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:25:03.505548, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:25:03.505635, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:03.505714, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:25:03.505822, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2013/11/07 14:25:03.505904, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (6->7) [2013/11/07 14:25:03.505989, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:25:03.506070, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:25:03.506157, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:03.506236, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:25:03.506339, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:25:03.506442, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [sprinter1] [2013/11/07 14:25:03.506539, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (7->8) [2013/11/07 14:25:03.506626, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:03.506706, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:03.506793, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:03.506872, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:03.506998, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:03.507100, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:25:03.507185, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (8->7) [2013/11/07 14:25:03.507268, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (7->6) [2013/11/07 14:25:03.507352, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (6->5) [2013/11/07 14:25:03.507435, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (5->4) [2013/11/07 14:25:03.507517, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (4->3) [2013/11/07 14:25:03.507600, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (3->2) [2013/11/07 14:25:03.507685, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 ED 01 00 00 00 00 00 00 7B 52 AF 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:03.507833, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001ed-0000-0000-7b52-af947f2c0000 result : WERR_OK [2013/11/07 14:25:03.508170, 2, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/rpc_client/cli_winreg_spoolss.c:626(winreg_create_printer) winreg_create_printer: Skipping, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1 already exists [2013/11/07 14:25:03.508267, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001ed-0000-0000-7b52-af947f2c0000 [2013/11/07 14:25:03.508597, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 ED 01 00 00 00 00 00 00 7B 52 AF 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:03.508748, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 ED 01 00 00 00 00 00 00 7B 52 AF 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:03.508898, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:25:03.508980, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (2->1) [2013/11/07 14:25:03.509062, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:25:03.509503, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001ec-0000-0000-7b52-af947f2c0000 [2013/11/07 14:25:03.509787, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 EC 01 00 00 00 00 00 00 7B 52 AF 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:03.509935, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 EC 01 00 00 00 00 00 00 7B 52 AF 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:03.510082, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:25:03.510165, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (1->0) [2013/11/07 14:25:03.510262, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:25:03.510595, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:416(close_policy_by_pipe) Deleted handle list for RPC connection \winreg [2013/11/07 14:25:03.510701, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) spoolss_OpenPrinterEx: struct spoolss_OpenPrinterEx out: struct spoolss_OpenPrinterEx handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001e9-0000-0000-7b52-af947f2c0000 result : WERR_OK [2013/11/07 14:25:03.511031, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1417(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2013/11/07 14:25:03.511131, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (2016, 5001) - sec_ctx_stack_ndx = 0 [2013/11/07 14:25:03.511217, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 176 smbd_smb2_request_pending_queue: req->current_idx = 1 req->in.vector[0].iov_len = 0 req->in.vector[1].iov_len = 0 req->in.vector[2].iov_len = 64 req->in.vector[3].iov_len = 56 req->in.vector[4].iov_len = 192 req->out.vector[0].iov_len = 4 req->out.vector[1].iov_len = 0 req->out.vector[2].iov_len = 64 req->out.vector[3].iov_len = 8 req->out.vector[4].iov_len = 0 [2013/11/07 14:25:03.511714, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:128(smbd_smb2_ioctl_pipe_write_done) smbd_smb2_ioctl_pipe_write_done: received 192 [2013/11/07 14:25:03.511797, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:149(smbd_smb2_ioctl_pipe_write_done) smbd_smb2_ioctl_pipe_write_done: issuing np_read_send of size 1024 [2013/11/07 14:25:03.511882, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) name: \spoolss len: 1024 [2013/11/07 14:25:03.511967, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:347(read_from_internal_pipe) read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 24. [2013/11/07 14:25:03.512062, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0030 (48) auth_length : 0x0000 (0) call_id : 0x00000002 (2) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00000018 (24) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=24 [0000] 00 00 00 00 E9 01 00 00 00 00 00 00 7B 52 AF 94 ........ ....{R.. [0010] 7F 2C 00 00 00 00 00 00 .,...... [2013/11/07 14:25:03.513048, 3, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) free_pipe_context: destroying talloc pool of size 61 [2013/11/07 14:25:03.513142, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 48 bytes. There is no more data outstanding [2013/11/07 14:25:03.513237, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:178(smbd_smb2_ioctl_pipe_read_done) smbd_smb2_ioctl_pipe_read_done: np_read_recv nread = 48 is_data_outstanding = 0, status = NT_STATUS_OK [2013/11/07 14:25:03.513366, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl.c:291(smbd_smb2_request_ioctl_done) smbd_smb2_request_ioctl_done: smbd_smb2_ioctl_recv returned 48 status NT_STATUS_OK [2013/11/07 14:25:03.513450, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[48] dyn[yes:48] at ../source3/smbd/smb2_ioctl.c:358 [2013/11/07 14:25:03.513537, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/268/127 [2013/11/07 14:25:03.531965, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) smbd_smb2_request_incoming: idx[1] of 5 vectors [2013/11/07 14:25:03.532330, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) smb2_validate_sequence_number: clearing id 268 (position 268) from bitmap [2013/11/07 14:25:03.532760, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) smbd_smb2_request_dispatch: opcode[SMB2_OP_IOCTL] mid = 268 [2013/11/07 14:25:03.533006, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2013/11/07 14:25:03.533359, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) mid 268, CreditCharge: 1, NeededCharge: 1 [2013/11/07 14:25:03.533575, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl.c:394(smbd_smb2_ioctl_send) smbd_smb2_ioctl: ctl_code[0x0011c017] spoolss, fnum 267029485 [2013/11/07 14:25:03.533804, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:59(smb2_ioctl_named_pipe) smbd_smb2_ioctl_send: np_write_send of size 4156 [2013/11/07 14:25:03.534007, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 4156 [2013/11/07 14:25:03.534212, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 4156 [2013/11/07 14:25:03.534460, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 4156 [2013/11/07 14:25:03.534667, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) fill_rpc_header: data_to_copy = 4156, len_needed_to_complete_hdr = 16, receive_len = 0 [2013/11/07 14:25:03.534875, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 16 [2013/11/07 14:25:03.535073, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 4140 [2013/11/07 14:25:03.535318, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 4140 [2013/11/07 14:25:03.535535, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 0 [2013/11/07 14:25:03.535831, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 4140 [2013/11/07 14:25:03.536034, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 4140, incoming data = 4140 [2013/11/07 14:25:03.536246, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) PDU is in Little Endian format! [2013/11/07 14:25:03.536605, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x103c (4156) auth_length : 0x0000 (0) call_id : 0x00000003 (3) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x00001024 (4132) context_id : 0x0000 (0) opnum : 0x0008 (8) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=4132 [0000] 00 00 00 00 E9 01 00 00 00 00 00 00 7B 52 AF 94 ........ ....{R.. [0010] 7F 2C 00 00 02 00 00 00 00 00 02 00 00 10 00 00 .,...... ........ [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1020] 00 10 00 00 .... [2013/11/07 14:25:03.564564, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) Processing packet type 0 [2013/11/07 14:25:03.564662, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1472(dcesrv_auth_request) Checking request auth. [2013/11/07 14:25:03.564782, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(2016, 5001) : sec_ctx_stack_ndx = 1 [2013/11/07 14:25:03.564877, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (2016, 5001) - sec_ctx_stack_ndx = 1 [2013/11/07 14:25:03.564962, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (7): SID[ 0]: S-1-5-21-1094127309-486540266-3527182606-1118 SID[ 1]: S-1-5-21-1094127309-486540266-3527182606-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-32-545 SID[ 6]: S-1-5-32-554 Privileges (0x 800000): Privilege[ 0]: SeChangeNotifyPrivilege Rights (0x 400): Right[ 0]: SeRemoteInteractiveLogonRight [2013/11/07 14:25:03.565489, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 2016 Primary group is 5001 and contains 6 supplementary groups Group[ 0]: 5001 Group[ 1]: 5012 Group[ 2]: 5032 Group[ 3]: 5010 Group[ 4]: 5067 Group[ 5]: 5052 [2013/11/07 14:25:03.565842, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1324(api_pipe_request) Requested \spoolss rpc service [2013/11/07 14:25:03.565931, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1356(api_rpcTNP) api_rpcTNP: \spoolss op 0x8 - api_rpcTNP: rpc command: SPOOLSS_GETPRINTER [2013/11/07 14:25:03.566017, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1390(api_rpcTNP) api_rpc_cmds[8].fn == 0xb766e000 [2013/11/07 14:25:03.566123, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) spoolss_GetPrinter: struct spoolss_GetPrinter in: struct spoolss_GetPrinter handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001e9-0000-0000-7b52-af947f2c0000 level : 0x00000002 (2) buffer : * buffer : DATA_BLOB length=4096 [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ offered : 0x00001000 (4096) [2013/11/07 14:25:03.584935, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 E9 01 00 00 00 00 00 00 7B 52 AF 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:03.585098, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 E9 01 00 00 00 00 00 00 7B 52 AF 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:03.585334, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:489(get_printer_snum) short name:sprinter1 [2013/11/07 14:25:03.585527, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) Create pipe requested \winreg [2013/11/07 14:25:03.585668, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:221(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \winreg [2013/11/07 14:25:03.585818, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg [2013/11/07 14:25:03.585976, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) Created internal pipe \winreg [2013/11/07 14:25:03.586098, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:25:03.586639, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2013/11/07 14:25:03.586724, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(2016, 5001) : sec_ctx_stack_ndx = 2 [2013/11/07 14:25:03.586813, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:485(push_conn_ctx) push_conn_ctx(2620291195) : conn_ctx_stack_ndx = 0 [2013/11/07 14:25:03.586896, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/11/07 14:25:03.587042, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/11/07 14:25:03.587123, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/11/07 14:25:03.587383, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (2016, 5001) - sec_ctx_stack_ndx = 1 [2013/11/07 14:25:03.587488, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:866(regdb_open) regdb_open: registry db opened. refcount reset (1) [2013/11/07 14:25:03.587575, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2013/11/07 14:25:03.587655, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2013/11/07 14:25:03.587740, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:03.587819, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM] [2013/11/07 14:25:03.587948, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2013/11/07 14:25:03.588052, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:25:03.588141, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 EE 01 00 00 00 00 00 00 7B 52 AF 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:03.588295, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001ee-0000-0000-7b52-af947f2c0000 result : WERR_OK [2013/11/07 14:25:03.588731, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001ee-0000-0000-7b52-af947f2c0000 keyname: struct winreg_String name_len : 0x008c (140) name_size : 0x008c (140) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:25:03.589757, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 EE 01 00 00 00 00 00 00 7B 52 AF 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:03.589914, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2013/11/07 14:25:03.590006, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (1->2) [2013/11/07 14:25:03.590090, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2013/11/07 14:25:03.590169, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2013/11/07 14:25:03.590253, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:03.590332, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE] [2013/11/07 14:25:03.590446, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2013/11/07 14:25:03.590586, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2013/11/07 14:25:03.590669, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (2->3) [2013/11/07 14:25:03.590753, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:25:03.590832, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:25:03.590916, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:03.590996, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:25:03.591103, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2013/11/07 14:25:03.591203, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2013/11/07 14:25:03.591286, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (3->4) [2013/11/07 14:25:03.591369, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:25:03.591449, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:25:03.591533, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:03.591636, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:25:03.591743, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:25:03.591858, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2013/11/07 14:25:03.591940, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (4->5) [2013/11/07 14:25:03.592024, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:25:03.592103, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:25:03.592189, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:03.592268, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:25:03.592448, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2013/11/07 14:25:03.592536, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (5->6) [2013/11/07 14:25:03.592621, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:25:03.592701, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:25:03.592790, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:03.592869, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:25:03.592980, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2013/11/07 14:25:03.593062, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (6->7) [2013/11/07 14:25:03.593148, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:25:03.593228, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:25:03.593333, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:03.593434, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:25:03.593542, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:25:03.593660, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [sprinter1] [2013/11/07 14:25:03.593744, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (7->8) [2013/11/07 14:25:03.593829, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:03.593911, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:03.594001, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:03.594081, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:03.594235, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:03.594341, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:25:03.594426, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (8->7) [2013/11/07 14:25:03.594509, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (7->6) [2013/11/07 14:25:03.594592, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (6->5) [2013/11/07 14:25:03.594675, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (5->4) [2013/11/07 14:25:03.594757, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (4->3) [2013/11/07 14:25:03.594839, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (3->2) [2013/11/07 14:25:03.594923, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 EF 01 00 00 00 00 00 00 7B 52 AF 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:03.595074, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001ef-0000-0000-7b52-af947f2c0000 result : WERR_OK [2013/11/07 14:25:03.595449, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey in: struct winreg_QueryInfoKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001ef-0000-0000-7b52-af947f2c0000 classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL [2013/11/07 14:25:03.595938, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 EF 01 00 00 00 00 00 00 7B 52 AF 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:03.596120, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' (ops 0xb6d86bc0) [2013/11/07 14:25:03.596204, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:03.596349, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[0]: name[Attributes] len[4] [2013/11/07 14:25:03.596472, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[1]: name[Description] len[2] [2013/11/07 14:25:03.596556, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[2]: name[Datatype] len[8] [2013/11/07 14:25:03.596640, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[3]: name[Default Priority] len[4] [2013/11/07 14:25:03.596725, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[4]: name[Port] len[38] [2013/11/07 14:25:03.596809, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[5]: name[Name] len[20] [2013/11/07 14:25:03.596893, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[6]: name[Print Processor] len[18] [2013/11/07 14:25:03.596978, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[7]: name[Priority] len[4] [2013/11/07 14:25:03.597062, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[8]: name[Security] len[248] [2013/11/07 14:25:03.597147, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[9]: name[Share Name] len[20] [2013/11/07 14:25:03.597232, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[10]: name[StartTime] len[4] [2013/11/07 14:25:03.597347, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[11]: name[UntilTime] len[4] [2013/11/07 14:25:03.597473, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[12]: name[ChangeID] len[4] [2013/11/07 14:25:03.597562, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:03.597669, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey out: struct winreg_QueryInfoKey classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL num_subkeys : * num_subkeys : 0x00000003 (3) max_subkeylen : * max_subkeylen : 0x00000022 (34) max_classlen : * max_classlen : 0x00000000 (0) num_values : * num_values : 0x0000000d (13) max_valnamelen : * max_valnamelen : 0x00000022 (34) max_valbufsize : * max_valbufsize : 0x000000f8 (248) secdescsize : * secdescsize : 0x00000078 (120) last_changed_time : * last_changed_time : NTTIME(0) result : WERR_OK [2013/11/07 14:25:03.598686, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001ef-0000-0000-7b52-af947f2c0000 enum_index : 0x00000000 (0) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:25:03.599562, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 EF 01 00 00 00 00 00 00 7B 52 AF 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:03.599712, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:03.599803, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0016 (22) size : 0x0024 (36) name : * name : 'Attributes' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x48 (72) [1] : 0x10 (16) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:25:03.600806, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001ef-0000-0000-7b52-af947f2c0000 enum_index : 0x00000001 (1) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:25:03.601716, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 EF 01 00 00 00 00 00 00 7B 52 AF 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:03.601865, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:03.601956, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0018 (24) size : 0x0024 (36) name : * name : 'Description' type : * type : REG_SZ (1) value : * value: ARRAY(2) [0] : 0x00 (0) [1] : 0x00 (0) size : * size : 0x00000002 (2) length : * length : 0x00000002 (2) result : WERR_OK [2013/11/07 14:25:03.602911, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001ef-0000-0000-7b52-af947f2c0000 enum_index : 0x00000002 (2) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:25:03.603839, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 EF 01 00 00 00 00 00 00 7B 52 AF 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:03.603988, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:03.604080, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Datatype' type : * type : REG_SZ (1) value : * value: ARRAY(8) [0] : 0x52 (82) [1] : 0x00 (0) [2] : 0x41 (65) [3] : 0x00 (0) [4] : 0x57 (87) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) size : * size : 0x00000008 (8) length : * length : 0x00000008 (8) result : WERR_OK [2013/11/07 14:25:03.605185, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001ef-0000-0000-7b52-af947f2c0000 enum_index : 0x00000003 (3) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:25:03.606142, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 EF 01 00 00 00 00 00 00 7B 52 AF 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:03.606292, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:03.606383, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0022 (34) size : 0x0024 (36) name : * name : 'Default Priority' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:25:03.607322, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001ef-0000-0000-7b52-af947f2c0000 enum_index : 0x00000004 (4) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:25:03.608221, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 EF 01 00 00 00 00 00 00 7B 52 AF 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:03.608369, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:03.608496, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x000a (10) size : 0x0024 (36) name : * name : 'Port' type : * type : REG_SZ (1) value : * value: ARRAY(38) [0] : 0x53 (83) [1] : 0x00 (0) [2] : 0x61 (97) [3] : 0x00 (0) [4] : 0x6d (109) [5] : 0x00 (0) [6] : 0x62 (98) [7] : 0x00 (0) [8] : 0x61 (97) [9] : 0x00 (0) [10] : 0x20 (32) [11] : 0x00 (0) [12] : 0x50 (80) [13] : 0x00 (0) [14] : 0x72 (114) [15] : 0x00 (0) [16] : 0x69 (105) [17] : 0x00 (0) [18] : 0x6e (110) [19] : 0x00 (0) [20] : 0x74 (116) [21] : 0x00 (0) [22] : 0x65 (101) [23] : 0x00 (0) [24] : 0x72 (114) [25] : 0x00 (0) [26] : 0x20 (32) [27] : 0x00 (0) [28] : 0x50 (80) [29] : 0x00 (0) [30] : 0x6f (111) [31] : 0x00 (0) [32] : 0x72 (114) [33] : 0x00 (0) [34] : 0x74 (116) [35] : 0x00 (0) [36] : 0x00 (0) [37] : 0x00 (0) size : * size : 0x00000026 (38) length : * length : 0x00000026 (38) result : WERR_OK [2013/11/07 14:25:03.610906, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001ef-0000-0000-7b52-af947f2c0000 enum_index : 0x00000005 (5) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:25:03.611817, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 EF 01 00 00 00 00 00 00 7B 52 AF 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:03.611970, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:03.612062, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x000a (10) size : 0x0024 (36) name : * name : 'Name' type : * type : REG_SZ (1) value : * value: ARRAY(20) [0] : 0x73 (115) [1] : 0x00 (0) [2] : 0x70 (112) [3] : 0x00 (0) [4] : 0x72 (114) [5] : 0x00 (0) [6] : 0x69 (105) [7] : 0x00 (0) [8] : 0x6e (110) [9] : 0x00 (0) [10] : 0x74 (116) [11] : 0x00 (0) [12] : 0x65 (101) [13] : 0x00 (0) [14] : 0x72 (114) [15] : 0x00 (0) [16] : 0x31 (49) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) size : * size : 0x00000014 (20) length : * length : 0x00000014 (20) result : WERR_OK [2013/11/07 14:25:03.613644, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001ef-0000-0000-7b52-af947f2c0000 enum_index : 0x00000006 (6) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:25:03.614488, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 EF 01 00 00 00 00 00 00 7B 52 AF 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:03.614651, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:03.614738, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0020 (32) size : 0x0024 (36) name : * name : 'Print Processor' type : * type : REG_SZ (1) value : * value: ARRAY(18) [0] : 0x77 (119) [1] : 0x00 (0) [2] : 0x69 (105) [3] : 0x00 (0) [4] : 0x6e (110) [5] : 0x00 (0) [6] : 0x70 (112) [7] : 0x00 (0) [8] : 0x72 (114) [9] : 0x00 (0) [10] : 0x69 (105) [11] : 0x00 (0) [12] : 0x6e (110) [13] : 0x00 (0) [14] : 0x74 (116) [15] : 0x00 (0) [16] : 0x00 (0) [17] : 0x00 (0) size : * size : 0x00000012 (18) length : * length : 0x00000012 (18) result : WERR_OK [2013/11/07 14:25:03.616177, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001ef-0000-0000-7b52-af947f2c0000 enum_index : 0x00000007 (7) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:25:03.617140, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 EF 01 00 00 00 00 00 00 7B 52 AF 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:03.617319, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:03.617411, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Priority' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:25:03.618285, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001ef-0000-0000-7b52-af947f2c0000 enum_index : 0x00000008 (8) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:25:03.619131, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 EF 01 00 00 00 00 00 00 7B 52 AF 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:03.619306, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:03.619396, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Security' type : * type : REG_BINARY (3) value : * value: ARRAY(248) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0xc4 (196) [55] : 0x00 (0) [56] : 0x07 (7) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x24 (36) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x05 (5) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x15 (21) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0xcd (205) [101] : 0x0e (14) [102] : 0x37 (55) [103] : 0x41 (65) [104] : 0xea (234) [105] : 0x03 (3) [106] : 0x00 (0) [107] : 0x1d (29) [108] : 0x0e (14) [109] : 0x89 (137) [110] : 0x3c (60) [111] : 0xd2 (210) [112] : 0x00 (0) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x02 (2) [118] : 0x24 (36) [119] : 0x00 (0) [120] : 0x0c (12) [121] : 0x00 (0) [122] : 0x0f (15) [123] : 0x10 (16) [124] : 0x01 (1) [125] : 0x05 (5) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x05 (5) [132] : 0x15 (21) [133] : 0x00 (0) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0xcd (205) [137] : 0x0e (14) [138] : 0x37 (55) [139] : 0x41 (65) [140] : 0xea (234) [141] : 0x03 (3) [142] : 0x00 (0) [143] : 0x1d (29) [144] : 0x0e (14) [145] : 0x89 (137) [146] : 0x3c (60) [147] : 0xd2 (210) [148] : 0x00 (0) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x09 (9) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x20 (32) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x02 (2) [178] : 0x18 (24) [179] : 0x00 (0) [180] : 0x0c (12) [181] : 0x00 (0) [182] : 0x0f (15) [183] : 0x10 (16) [184] : 0x01 (1) [185] : 0x02 (2) [186] : 0x00 (0) [187] : 0x00 (0) [188] : 0x00 (0) [189] : 0x00 (0) [190] : 0x00 (0) [191] : 0x05 (5) [192] : 0x20 (32) [193] : 0x00 (0) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x20 (32) [197] : 0x02 (2) [198] : 0x00 (0) [199] : 0x00 (0) [200] : 0x00 (0) [201] : 0x09 (9) [202] : 0x18 (24) [203] : 0x00 (0) [204] : 0x0c (12) [205] : 0x00 (0) [206] : 0x0f (15) [207] : 0x10 (16) [208] : 0x01 (1) [209] : 0x02 (2) [210] : 0x00 (0) [211] : 0x00 (0) [212] : 0x00 (0) [213] : 0x00 (0) [214] : 0x00 (0) [215] : 0x05 (5) [216] : 0x20 (32) [217] : 0x00 (0) [218] : 0x00 (0) [219] : 0x00 (0) [220] : 0x26 (38) [221] : 0x02 (2) [222] : 0x00 (0) [223] : 0x00 (0) [224] : 0x00 (0) [225] : 0x02 (2) [226] : 0x18 (24) [227] : 0x00 (0) [228] : 0x0c (12) [229] : 0x00 (0) [230] : 0x0f (15) [231] : 0x10 (16) [232] : 0x01 (1) [233] : 0x02 (2) [234] : 0x00 (0) [235] : 0x00 (0) [236] : 0x00 (0) [237] : 0x00 (0) [238] : 0x00 (0) [239] : 0x05 (5) [240] : 0x20 (32) [241] : 0x00 (0) [242] : 0x00 (0) [243] : 0x00 (0) [244] : 0x26 (38) [245] : 0x02 (2) [246] : 0x00 (0) [247] : 0x00 (0) size : * size : 0x000000f8 (248) length : * length : 0x000000f8 (248) result : WERR_OK [2013/11/07 14:25:03.631115, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001ef-0000-0000-7b52-af947f2c0000 enum_index : 0x00000009 (9) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:25:03.632116, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 EF 01 00 00 00 00 00 00 7B 52 AF 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:03.632271, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:03.632380, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0016 (22) size : 0x0024 (36) name : * name : 'Share Name' type : * type : REG_SZ (1) value : * value: ARRAY(20) [0] : 0x73 (115) [1] : 0x00 (0) [2] : 0x70 (112) [3] : 0x00 (0) [4] : 0x72 (114) [5] : 0x00 (0) [6] : 0x69 (105) [7] : 0x00 (0) [8] : 0x6e (110) [9] : 0x00 (0) [10] : 0x74 (116) [11] : 0x00 (0) [12] : 0x65 (101) [13] : 0x00 (0) [14] : 0x72 (114) [15] : 0x00 (0) [16] : 0x31 (49) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) size : * size : 0x00000014 (20) length : * length : 0x00000014 (20) result : WERR_OK [2013/11/07 14:25:03.634112, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001ef-0000-0000-7b52-af947f2c0000 enum_index : 0x0000000a (10) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:25:03.634993, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 EF 01 00 00 00 00 00 00 7B 52 AF 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:03.635143, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:03.635250, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0014 (20) size : 0x0024 (36) name : * name : 'StartTime' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:25:03.636152, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001ef-0000-0000-7b52-af947f2c0000 enum_index : 0x0000000b (11) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:25:03.637031, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 EF 01 00 00 00 00 00 00 7B 52 AF 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:03.637180, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:03.637267, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0014 (20) size : 0x0024 (36) name : * name : 'UntilTime' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:25:03.638197, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001ef-0000-0000-7b52-af947f2c0000 enum_index : 0x0000000c (12) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:25:03.639105, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 EF 01 00 00 00 00 00 00 7B 52 AF 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:03.639254, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:03.639344, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'ChangeID' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x33 (51) [1] : 0xac (172) [2] : 0x0e (14) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:25:03.640318, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001ef-0000-0000-7b52-af947f2c0000 value_name : * value_name: struct winreg_String name_len : 0x0020 (32) name_size : 0x0020 (32) name : * name : 'Default DevMode' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2013/11/07 14:25:03.641165, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 EF 01 00 00 00 00 00 00 7B 52 AF 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:03.641331, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:03.641504, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2013/11/07 14:25:03.641596, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:316(_winreg_QueryValue) _winreg_QueryValue: reg_queryvalue failed with: WERR_BADFILE [2013/11/07 14:25:03.641678, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) result : WERR_BADFILE [2013/11/07 14:25:03.642150, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:25:03.642686, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2013/11/07 14:25:03.642769, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (2->3) [2013/11/07 14:25:03.642855, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2013/11/07 14:25:03.642936, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2013/11/07 14:25:03.643019, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:03.643099, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM] [2013/11/07 14:25:03.643227, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2013/11/07 14:25:03.643346, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:25:03.643460, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[3] [0000] 00 00 00 00 F0 01 00 00 00 00 00 00 7B 52 AF 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:03.643614, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001f0-0000-0000-7b52-af947f2c0000 result : WERR_OK [2013/11/07 14:25:03.643965, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001f0-0000-0000-7b52-af947f2c0000 keyname: struct winreg_String name_len : 0x008c (140) name_size : 0x008c (140) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:25:03.645030, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 F0 01 00 00 00 00 00 00 7B 52 AF 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:03.645189, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2013/11/07 14:25:03.645321, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (3->4) [2013/11/07 14:25:03.645406, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2013/11/07 14:25:03.645486, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2013/11/07 14:25:03.645570, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:03.645649, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE] [2013/11/07 14:25:03.645779, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2013/11/07 14:25:03.645880, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2013/11/07 14:25:03.645963, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (4->5) [2013/11/07 14:25:03.646048, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:25:03.646127, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:25:03.646211, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:03.646290, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:25:03.646396, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2013/11/07 14:25:03.646524, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2013/11/07 14:25:03.646608, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (5->6) [2013/11/07 14:25:03.646692, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:25:03.646771, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:25:03.646856, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:03.646958, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:25:03.647064, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:25:03.647189, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2013/11/07 14:25:03.647272, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (6->7) [2013/11/07 14:25:03.647357, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:25:03.647436, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:25:03.647522, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:03.647615, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:25:03.647738, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2013/11/07 14:25:03.647868, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (7->8) [2013/11/07 14:25:03.647956, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:25:03.648037, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:25:03.648125, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:03.648204, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:25:03.648317, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2013/11/07 14:25:03.648426, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (8->9) [2013/11/07 14:25:03.648515, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:25:03.648596, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:25:03.648709, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:03.648789, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:25:03.648897, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:25:03.649001, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [sprinter1] [2013/11/07 14:25:03.649083, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (9->10) [2013/11/07 14:25:03.649170, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:03.649251, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:03.649357, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:03.649476, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:03.649594, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:03.649696, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:25:03.649781, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (10->9) [2013/11/07 14:25:03.649864, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (9->8) [2013/11/07 14:25:03.649948, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (8->7) [2013/11/07 14:25:03.650031, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (7->6) [2013/11/07 14:25:03.650114, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (6->5) [2013/11/07 14:25:03.650197, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (5->4) [2013/11/07 14:25:03.650281, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[4] [0000] 00 00 00 00 F1 01 00 00 00 00 00 00 7B 52 AF 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:03.650456, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001f1-0000-0000-7b52-af947f2c0000 result : WERR_OK [2013/11/07 14:25:03.650814, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001f1-0000-0000-7b52-af947f2c0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2013/11/07 14:25:03.651619, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 F1 01 00 00 00 00 00 00 7B 52 AF 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:03.651787, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:03.651869, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2013/11/07 14:25:03.651951, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' (ops 0xb6d86bc0) [2013/11/07 14:25:03.652035, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:03.652146, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[0]: name[Attributes] len[4] [2013/11/07 14:25:03.652231, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[1]: name[Description] len[2] [2013/11/07 14:25:03.652315, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[2]: name[Datatype] len[8] [2013/11/07 14:25:03.652454, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[3]: name[Default Priority] len[4] [2013/11/07 14:25:03.652540, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[4]: name[Port] len[38] [2013/11/07 14:25:03.652625, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[5]: name[Name] len[20] [2013/11/07 14:25:03.652710, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[6]: name[Print Processor] len[18] [2013/11/07 14:25:03.652795, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[7]: name[Priority] len[4] [2013/11/07 14:25:03.652880, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[8]: name[Security] len[248] [2013/11/07 14:25:03.652965, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[9]: name[Share Name] len[20] [2013/11/07 14:25:03.653050, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[10]: name[StartTime] len[4] [2013/11/07 14:25:03.653160, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[11]: name[UntilTime] len[4] [2013/11/07 14:25:03.653246, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[12]: name[ChangeID] len[4] [2013/11/07 14:25:03.653365, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : NULL data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x00000000 (0) result : WERR_OK [2013/11/07 14:25:03.653824, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001f1-0000-0000-7b52-af947f2c0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_BINARY (3) data : * data: ARRAY(0) data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x00000000 (0) [2013/11/07 14:25:03.654665, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 F1 01 00 00 00 00 00 00 7B 52 AF 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:03.654817, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:03.654899, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2013/11/07 14:25:03.654987, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : * data: ARRAY(248) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0xc4 (196) [55] : 0x00 (0) [56] : 0x07 (7) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x24 (36) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x05 (5) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x15 (21) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0xcd (205) [101] : 0x0e (14) [102] : 0x37 (55) [103] : 0x41 (65) [104] : 0xea (234) [105] : 0x03 (3) [106] : 0x00 (0) [107] : 0x1d (29) [108] : 0x0e (14) [109] : 0x89 (137) [110] : 0x3c (60) [111] : 0xd2 (210) [112] : 0x00 (0) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x02 (2) [118] : 0x24 (36) [119] : 0x00 (0) [120] : 0x0c (12) [121] : 0x00 (0) [122] : 0x0f (15) [123] : 0x10 (16) [124] : 0x01 (1) [125] : 0x05 (5) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x05 (5) [132] : 0x15 (21) [133] : 0x00 (0) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0xcd (205) [137] : 0x0e (14) [138] : 0x37 (55) [139] : 0x41 (65) [140] : 0xea (234) [141] : 0x03 (3) [142] : 0x00 (0) [143] : 0x1d (29) [144] : 0x0e (14) [145] : 0x89 (137) [146] : 0x3c (60) [147] : 0xd2 (210) [148] : 0x00 (0) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x09 (9) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x20 (32) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x02 (2) [178] : 0x18 (24) [179] : 0x00 (0) [180] : 0x0c (12) [181] : 0x00 (0) [182] : 0x0f (15) [183] : 0x10 (16) [184] : 0x01 (1) [185] : 0x02 (2) [186] : 0x00 (0) [187] : 0x00 (0) [188] : 0x00 (0) [189] : 0x00 (0) [190] : 0x00 (0) [191] : 0x05 (5) [192] : 0x20 (32) [193] : 0x00 (0) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x20 (32) [197] : 0x02 (2) [198] : 0x00 (0) [199] : 0x00 (0) [200] : 0x00 (0) [201] : 0x09 (9) [202] : 0x18 (24) [203] : 0x00 (0) [204] : 0x0c (12) [205] : 0x00 (0) [206] : 0x0f (15) [207] : 0x10 (16) [208] : 0x01 (1) [209] : 0x02 (2) [210] : 0x00 (0) [211] : 0x00 (0) [212] : 0x00 (0) [213] : 0x00 (0) [214] : 0x00 (0) [215] : 0x05 (5) [216] : 0x20 (32) [217] : 0x00 (0) [218] : 0x00 (0) [219] : 0x00 (0) [220] : 0x26 (38) [221] : 0x02 (2) [222] : 0x00 (0) [223] : 0x00 (0) [224] : 0x00 (0) [225] : 0x02 (2) [226] : 0x18 (24) [227] : 0x00 (0) [228] : 0x0c (12) [229] : 0x00 (0) [230] : 0x0f (15) [231] : 0x10 (16) [232] : 0x01 (1) [233] : 0x02 (2) [234] : 0x00 (0) [235] : 0x00 (0) [236] : 0x00 (0) [237] : 0x00 (0) [238] : 0x00 (0) [239] : 0x05 (5) [240] : 0x20 (32) [241] : 0x00 (0) [242] : 0x00 (0) [243] : 0x00 (0) [244] : 0x26 (38) [245] : 0x02 (2) [246] : 0x00 (0) [247] : 0x00 (0) data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x000000f8 (248) result : WERR_OK [2013/11/07 14:25:03.665897, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001f1-0000-0000-7b52-af947f2c0000 [2013/11/07 14:25:03.666216, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 F1 01 00 00 00 00 00 00 7B 52 AF 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:03.666370, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 F1 01 00 00 00 00 00 00 7B 52 AF 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:03.666519, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:25:03.666608, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (4->3) [2013/11/07 14:25:03.666713, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:25:03.667076, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001f0-0000-0000-7b52-af947f2c0000 [2013/11/07 14:25:03.667368, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 F0 01 00 00 00 00 00 00 7B 52 AF 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:03.667535, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 F0 01 00 00 00 00 00 00 7B 52 AF 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:03.667704, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:25:03.667786, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (3->2) [2013/11/07 14:25:03.667877, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:25:03.668244, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001ef-0000-0000-7b52-af947f2c0000 [2013/11/07 14:25:03.669004, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 EF 01 00 00 00 00 00 00 7B 52 AF 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:03.669164, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 EF 01 00 00 00 00 00 00 7B 52 AF 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:03.669365, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:25:03.669496, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (2->1) [2013/11/07 14:25:03.669582, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:25:03.669964, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001ee-0000-0000-7b52-af947f2c0000 [2013/11/07 14:25:03.670247, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 EE 01 00 00 00 00 00 00 7B 52 AF 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:03.670417, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 EE 01 00 00 00 00 00 00 7B 52 AF 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:03.670594, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:25:03.670678, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (1->0) [2013/11/07 14:25:03.670787, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:25:03.671153, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:416(close_policy_by_pipe) Deleted handle list for RPC connection \winreg [2013/11/07 14:25:03.671400, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) spoolss_GetPrinter: struct spoolss_GetPrinter out: struct spoolss_GetPrinter info : * info : union spoolss_PrinterInfo(case 2) info2: struct spoolss_PrinterInfo2 servername : * servername : '\\SLAVER' printername : * printername : '\\SLAVER\sprinter1' sharename : * sharename : 'sprinter1' portname : * portname : 'Samba Printer Port' drivername : * drivername : '' comment : * comment : '' location : * location : '' devmode : * devmode: struct spoolss_DeviceMode devicename : '\\SLAVER\sprinter1' specversion : DMSPEC_NT4_AND_ABOVE (1025) driverversion : 0x0400 (1024) size : 0x00dc (220) __driverextra_length : 0x0000 (0) fields : 0x00014713 (83731) 1: DEVMODE_ORIENTATION 1: DEVMODE_PAPERSIZE 0: DEVMODE_PAPERLENGTH 0: DEVMODE_PAPERWIDTH 1: DEVMODE_SCALE 0: DEVMODE_POSITION 0: DEVMODE_NUP 1: DEVMODE_COPIES 1: DEVMODE_DEFAULTSOURCE 1: DEVMODE_PRINTQUALITY 0: DEVMODE_COLOR 0: DEVMODE_DUPLEX 0: DEVMODE_YRESOLUTION 1: DEVMODE_TTOPTION 0: DEVMODE_COLLATE 1: DEVMODE_FORMNAME 0: DEVMODE_LOGPIXELS 0: DEVMODE_BITSPERPEL 0: DEVMODE_PELSWIDTH 0: DEVMODE_PELSHEIGHT 0: DEVMODE_DISPLAYFLAGS 0: DEVMODE_DISPLAYFREQUENCY 0: DEVMODE_ICMMETHOD 0: DEVMODE_ICMINTENT 0: DEVMODE_MEDIATYPE 0: DEVMODE_DITHERTYPE 0: DEVMODE_PANNINGWIDTH 0: DEVMODE_PANNINGHEIGHT orientation : DMORIENT_PORTRAIT (1) papersize : DMPAPER_LETTER (1) paperlength : 0x0000 (0) paperwidth : 0x0000 (0) scale : 0x0064 (100) copies : 0x0001 (1) defaultsource : DMBIN_FORMSOURCE (15) printquality : DMRES_HIGH (65532) color : DMRES_MONOCHROME (1) duplex : DMDUP_SIMPLEX (1) yresolution : 0x0000 (0) ttoption : DMTT_SUBDEV (3) collate : DMCOLLATE_FALSE (0) formname : 'Letter' logpixels : 0x0000 (0) bitsperpel : 0x00000000 (0) pelswidth : 0x00000000 (0) pelsheight : 0x00000000 (0) displayflags : UNKNOWN_ENUM_VALUE (0) displayfrequency : 0x00000000 (0) icmmethod : UNKNOWN_ENUM_VALUE (0) icmintent : UNKNOWN_ENUM_VALUE (0) mediatype : UNKNOWN_ENUM_VALUE (0) dithertype : UNKNOWN_ENUM_VALUE (0) reserved1 : 0x00000000 (0) reserved2 : 0x00000000 (0) panningwidth : 0x00000000 (0) panningheight : 0x00000000 (0) driverextra_data : DATA_BLOB length=0 sepfile : * sepfile : '' printprocessor : * printprocessor : 'winprint' datatype : * datatype : 'RAW' parameters : * parameters : '' secdesc : * secdesc: struct security_descriptor revision : SECURITY_DESCRIPTOR_REVISION_1 (1) type : 0x8004 (32772) 0: SEC_DESC_OWNER_DEFAULTED 0: SEC_DESC_GROUP_DEFAULTED 1: SEC_DESC_DACL_PRESENT 0: SEC_DESC_DACL_DEFAULTED 0: SEC_DESC_SACL_PRESENT 0: SEC_DESC_SACL_DEFAULTED 0: SEC_DESC_DACL_TRUSTED 0: SEC_DESC_SERVER_SECURITY 0: SEC_DESC_DACL_AUTO_INHERIT_REQ 0: SEC_DESC_SACL_AUTO_INHERIT_REQ 0: SEC_DESC_DACL_AUTO_INHERITED 0: SEC_DESC_SACL_AUTO_INHERITED 0: SEC_DESC_DACL_PROTECTED 0: SEC_DESC_SACL_PROTECTED 0: SEC_DESC_RM_CONTROL_VALID 1: SEC_DESC_SELF_RELATIVE owner_sid : * owner_sid : S-1-5-32-544 group_sid : * group_sid : S-1-5-32-544 sacl : NULL dacl : * dacl: struct security_acl revision : SECURITY_ACL_REVISION_NT4 (2) size : 0x00c4 (196) num_aces : 0x00000007 (7) aces: ARRAY(7) aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0014 (20) access_mask : 0x20020008 (537001992) object : union security_ace_object_ctr(case 0) trustee : S-1-1-0 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x09 (9) 1: SEC_ACE_FLAG_OBJECT_INHERIT 0: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 1: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0024 (36) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-21-1094127309-486540266-3527182606-512 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0024 (36) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-21-1094127309-486540266-3527182606-512 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x09 (9) 1: SEC_ACE_FLAG_OBJECT_INHERIT 0: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 1: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-544 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-544 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x09 (9) 1: SEC_ACE_FLAG_OBJECT_INHERIT 0: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 1: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-550 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-550 attributes : 0x00001048 (4168) 0: PRINTER_ATTRIBUTE_QUEUED 0: PRINTER_ATTRIBUTE_DIRECT 0: PRINTER_ATTRIBUTE_DEFAULT 1: PRINTER_ATTRIBUTE_SHARED 0: PRINTER_ATTRIBUTE_NETWORK 0: PRINTER_ATTRIBUTE_HIDDEN 1: PRINTER_ATTRIBUTE_LOCAL 0: PRINTER_ATTRIBUTE_ENABLE_DEVQ 0: PRINTER_ATTRIBUTE_KEEPPRINTEDJOBS 0: PRINTER_ATTRIBUTE_DO_COMPLETE_FIRST 0: PRINTER_ATTRIBUTE_WORK_OFFLINE 0: PRINTER_ATTRIBUTE_ENABLE_BIDI 1: PRINTER_ATTRIBUTE_RAW_ONLY 0: PRINTER_ATTRIBUTE_PUBLISHED 0: PRINTER_ATTRIBUTE_FAX 0: PRINTER_ATTRIBUTE_TS priority : 0x00000001 (1) defaultpriority : 0x00000001 (1) starttime : 0x00000000 (0) untiltime : 0x00000000 (0) status : 0x00000000 (0) 0: PRINTER_STATUS_PAUSED 0: PRINTER_STATUS_ERROR 0: PRINTER_STATUS_PENDING_DELETION 0: PRINTER_STATUS_PAPER_JAM 0: PRINTER_STATUS_PAPER_OUT 0: PRINTER_STATUS_MANUAL_FEED 0: PRINTER_STATUS_PAPER_PROBLEM 0: PRINTER_STATUS_OFFLINE 0: PRINTER_STATUS_IO_ACTIVE 0: PRINTER_STATUS_BUSY 0: PRINTER_STATUS_PRINTING 0: PRINTER_STATUS_OUTPUT_BIN_FULL 0: PRINTER_STATUS_NOT_AVAILABLE 0: PRINTER_STATUS_WAITING 0: PRINTER_STATUS_PROCESSING 0: PRINTER_STATUS_INITIALIZING 0: PRINTER_STATUS_WARMING_UP 0: PRINTER_STATUS_TONER_LOW 0: PRINTER_STATUS_NO_TONER 0: PRINTER_STATUS_PAGE_PUNT 0: PRINTER_STATUS_USER_INTERVENTION 0: PRINTER_STATUS_OUT_OF_MEMORY 0: PRINTER_STATUS_DOOR_OPEN 0: PRINTER_STATUS_SERVER_UNKNOWN 0: PRINTER_STATUS_POWER_SAVE cjobs : 0x00000000 (0) averageppm : 0x00000000 (0) needed : * needed : 0x000002f0 (752) result : WERR_OK [2013/11/07 14:25:03.683546, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1417(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2013/11/07 14:25:03.683701, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (2016, 5001) - sec_ctx_stack_ndx = 0 [2013/11/07 14:25:03.683795, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 4140 smbd_smb2_request_pending_queue: req->current_idx = 1 req->in.vector[0].iov_len = 0 req->in.vector[1].iov_len = 0 req->in.vector[2].iov_len = 64 req->in.vector[3].iov_len = 56 req->in.vector[4].iov_len = 4156 req->out.vector[0].iov_len = 4 req->out.vector[1].iov_len = 0 req->out.vector[2].iov_len = 64 req->out.vector[3].iov_len = 8 req->out.vector[4].iov_len = 0 [2013/11/07 14:25:03.684320, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:128(smbd_smb2_ioctl_pipe_write_done) smbd_smb2_ioctl_pipe_write_done: received 4156 [2013/11/07 14:25:03.684473, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:149(smbd_smb2_ioctl_pipe_write_done) smbd_smb2_ioctl_pipe_write_done: issuing np_read_send of size 1024 [2013/11/07 14:25:03.684573, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) name: \spoolss len: 1024 [2013/11/07 14:25:03.684658, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:347(read_from_internal_pipe) read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 4112. [2013/11/07 14:25:03.684758, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x1028 (4136) auth_length : 0x0000 (0) call_id : 0x00000003 (3) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00001010 (4112) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=4112 [0000] 04 00 02 00 00 10 00 00 EE 0F 00 00 C8 0F 00 00 ........ ........ [0010] B4 0F 00 00 8E 0F 00 00 8C 0F 00 00 8A 0F 00 00 ........ ........ [0020] 88 0F 00 00 8C 0E 00 00 86 0F 00 00 74 0F 00 00 ........ ....t... [0030] 6C 0F 00 00 6A 0F 00 00 94 0D 00 00 48 10 00 00 l...j... ....H... [0040] 01 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 01 00 04 80 ........ ........ [0DA0] D8 00 00 00 E8 00 00 00 00 00 00 00 14 00 00 00 ........ ........ [0DB0] 02 00 C4 00 07 00 00 00 00 02 14 00 08 00 02 20 ........ ....... [0DC0] 01 01 00 00 00 00 00 01 00 00 00 00 00 09 24 00 ........ ......$. [0DD0] 0C 00 0F 10 01 05 00 00 00 00 00 05 15 00 00 00 ........ ........ [0DE0] CD 0E 37 41 EA 03 00 1D 0E 89 3C D2 00 02 00 00 ..7A.... ..<..... [0DF0] 00 02 24 00 0C 00 0F 10 01 05 00 00 00 00 00 05 ..$..... ........ [0E00] 15 00 00 00 CD 0E 37 41 EA 03 00 1D 0E 89 3C D2 ......7A ......<. [0E10] 00 02 00 00 00 09 18 00 0C 00 0F 10 01 02 00 00 ........ ........ [0E20] 00 00 00 05 20 00 00 00 20 02 00 00 00 02 18 00 .... ... ....... [0E30] 0C 00 0F 10 01 02 00 00 00 00 00 05 20 00 00 00 ........ .... ... [0E40] 20 02 00 00 00 09 18 00 0C 00 0F 10 01 02 00 00 ....... ........ [0E50] 00 00 00 05 20 00 00 00 26 02 00 00 00 02 18 00 .... ... &....... [0E60] 0C 00 0F 10 01 02 00 00 00 00 00 05 20 00 00 00 ........ .... ... [0E70] 26 02 00 00 01 02 00 00 00 00 00 05 20 00 00 00 &....... .... ... [0E80] 20 02 00 00 01 02 00 00 00 00 00 05 20 00 00 00 ....... .... ... [0E90] 20 02 00 00 5C 00 5C 00 53 00 4C 00 41 00 56 00 ...\.\. S.L.A.V. [0EA0] 45 00 52 00 5C 00 73 00 70 00 72 00 69 00 6E 00 E.R.\.s. p.r.i.n. [0EB0] 74 00 65 00 72 00 31 00 00 00 00 00 00 00 00 00 t.e.r.1. ........ [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0ED0] 00 00 00 00 01 04 00 04 DC 00 00 00 13 47 01 00 ........ .....G.. [0EE0] 01 00 01 00 00 00 00 00 64 00 01 00 0F 00 FC FF ........ d....... [0EF0] 01 00 01 00 00 00 03 00 00 00 4C 00 65 00 74 00 ........ ..L.e.t. [0F00] 74 00 65 00 72 00 00 00 00 00 00 00 00 00 00 00 t.e.r... ........ [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F70] 00 00 00 00 52 00 41 00 57 00 00 00 77 00 69 00 ....R.A. W...w.i. [0F80] 6E 00 70 00 72 00 69 00 6E 00 74 00 00 00 00 00 n.p.r.i. n.t..... [0F90] 00 00 00 00 00 00 53 00 61 00 6D 00 62 00 61 00 ......S. a.m.b.a. [0FA0] 20 00 50 00 72 00 69 00 6E 00 74 00 65 00 72 00 .P.r.i. n.t.e.r. [0FB0] 20 00 50 00 6F 00 72 00 74 00 00 00 73 00 70 00 .P.o.r. t...s.p. [0FC0] 72 00 69 00 6E 00 74 00 65 00 72 00 31 00 00 00 r.i.n.t. e.r.1... [0FD0] 5C 00 5C 00 53 00 4C 00 41 00 56 00 45 00 52 00 \.\.S.L. A.V.E.R. [0FE0] 5C 00 73 00 70 00 72 00 69 00 6E 00 74 00 65 00 \.s.p.r. i.n.t.e. [0FF0] 72 00 31 00 00 00 5C 00 5C 00 53 00 4C 00 41 00 r.1...\. \.S.L.A. [1000] 56 00 45 00 52 00 00 00 F0 02 00 00 00 00 00 00 V.E.R... ........ [2013/11/07 14:25:03.703493, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 1024 bytes. There is more data outstanding [2013/11/07 14:25:03.703583, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:178(smbd_smb2_ioctl_pipe_read_done) smbd_smb2_ioctl_pipe_read_done: np_read_recv nread = 1024 is_data_outstanding = 1, status = NT_STATUS_OK [2013/11/07 14:25:03.703688, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl.c:291(smbd_smb2_request_ioctl_done) smbd_smb2_request_ioctl_done: smbd_smb2_ioctl_recv returned 1024 status STATUS_BUFFER_OVERFLOW [2013/11/07 14:25:03.703783, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) smbd_smb2_request_done_ex: idx[1] status[STATUS_BUFFER_OVERFLOW] body[48] dyn[yes:1024] at ../source3/smbd/smb2_ioctl.c:358 [2013/11/07 14:25:03.703880, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/269/127 [2013/11/07 14:25:03.708937, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) smbd_smb2_request_incoming: idx[1] of 5 vectors [2013/11/07 14:25:03.709336, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) smb2_validate_sequence_number: clearing id 269 (position 269) from bitmap [2013/11/07 14:25:03.709728, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) smbd_smb2_request_dispatch: opcode[SMB2_OP_READ] mid = 269 [2013/11/07 14:25:03.710242, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2013/11/07 14:25:03.716543, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) mid 269, CreditCharge: 1, NeededCharge: 1 [2013/11/07 14:25:03.716852, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_read.c:400(smbd_smb2_read_send) smbd_smb2_read: spoolss - fnum 267029485 [2013/11/07 14:25:03.717433, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) name: \spoolss len: 3112 [2013/11/07 14:25:03.718072, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:326(read_from_internal_pipe) read_from_pipe: \spoolss: current_pdu_len = 4136, current_pdu_sent = 1024 returning 3112 bytes. [2013/11/07 14:25:03.718351, 3, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) free_pipe_context: destroying talloc pool of size 1258 smbd_smb2_request_pending_queue: req->current_idx = 1 req->in.vector[0].iov_len = 0 req->in.vector[1].iov_len = 0 req->in.vector[2].iov_len = 64 req->in.vector[3].iov_len = 48 req->in.vector[4].iov_len = 1 req->out.vector[0].iov_len = 4 req->out.vector[1].iov_len = 0 req->out.vector[2].iov_len = 64 req->out.vector[3].iov_len = 8 req->out.vector[4].iov_len = 0 [2013/11/07 14:25:03.719647, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 3112 bytes. There is more data outstanding [2013/11/07 14:25:03.719860, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[16] dyn[yes:3112] at ../source3/smbd/smb2_read.c:154 [2013/11/07 14:25:03.720124, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/270/127 [2013/11/07 14:25:03.725506, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) smbd_smb2_request_incoming: idx[1] of 5 vectors [2013/11/07 14:25:03.725786, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) smb2_validate_sequence_number: clearing id 270 (position 270) from bitmap [2013/11/07 14:25:03.726001, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) smbd_smb2_request_dispatch: opcode[SMB2_OP_IOCTL] mid = 270 [2013/11/07 14:25:03.726238, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2013/11/07 14:25:03.726460, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) mid 270, CreditCharge: 1, NeededCharge: 1 [2013/11/07 14:25:03.726666, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl.c:394(smbd_smb2_ioctl_send) smbd_smb2_ioctl: ctl_code[0x0011c017] spoolss, fnum 267029485 [2013/11/07 14:25:03.726884, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:59(smb2_ioctl_named_pipe) smbd_smb2_ioctl_send: np_write_send of size 4156 [2013/11/07 14:25:03.727087, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 4156 [2013/11/07 14:25:03.727292, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 4156 [2013/11/07 14:25:03.727494, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 4156 [2013/11/07 14:25:03.727697, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) fill_rpc_header: data_to_copy = 4156, len_needed_to_complete_hdr = 16, receive_len = 0 [2013/11/07 14:25:03.727903, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 16 [2013/11/07 14:25:03.728101, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 4140 [2013/11/07 14:25:03.728299, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 4140 [2013/11/07 14:25:03.730273, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 0 [2013/11/07 14:25:03.730362, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 4140 [2013/11/07 14:25:03.730443, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 4140, incoming data = 4140 [2013/11/07 14:25:03.730530, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) PDU is in Little Endian format! [2013/11/07 14:25:03.730755, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x103c (4156) auth_length : 0x0000 (0) call_id : 0x00000004 (4) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x00001024 (4132) context_id : 0x0000 (0) opnum : 0x0008 (8) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=4132 [0000] 00 00 00 00 E9 01 00 00 00 00 00 00 7B 52 AF 94 ........ ....{R.. [0010] 7F 2C 00 00 02 00 00 00 00 00 02 00 00 10 00 00 .,...... ........ [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [1020] 00 10 00 00 .... [2013/11/07 14:25:03.760851, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) Processing packet type 0 [2013/11/07 14:25:03.760949, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1472(dcesrv_auth_request) Checking request auth. [2013/11/07 14:25:03.761049, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(2016, 5001) : sec_ctx_stack_ndx = 1 [2013/11/07 14:25:03.761142, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (2016, 5001) - sec_ctx_stack_ndx = 1 [2013/11/07 14:25:03.761226, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (7): SID[ 0]: S-1-5-21-1094127309-486540266-3527182606-1118 SID[ 1]: S-1-5-21-1094127309-486540266-3527182606-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-32-545 SID[ 6]: S-1-5-32-554 Privileges (0x 800000): Privilege[ 0]: SeChangeNotifyPrivilege Rights (0x 400): Right[ 0]: SeRemoteInteractiveLogonRight [2013/11/07 14:25:03.761726, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 2016 Primary group is 5001 and contains 6 supplementary groups Group[ 0]: 5001 Group[ 1]: 5012 Group[ 2]: 5032 Group[ 3]: 5010 Group[ 4]: 5067 Group[ 5]: 5052 [2013/11/07 14:25:03.762078, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1324(api_pipe_request) Requested \spoolss rpc service [2013/11/07 14:25:03.762166, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1356(api_rpcTNP) api_rpcTNP: \spoolss op 0x8 - api_rpcTNP: rpc command: SPOOLSS_GETPRINTER [2013/11/07 14:25:03.762252, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1390(api_rpcTNP) api_rpc_cmds[8].fn == 0xb766e000 [2013/11/07 14:25:03.762344, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) spoolss_GetPrinter: struct spoolss_GetPrinter in: struct spoolss_GetPrinter handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001e9-0000-0000-7b52-af947f2c0000 level : 0x00000002 (2) buffer : * buffer : DATA_BLOB length=4096 [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0DF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0E90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0FF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ offered : 0x00001000 (4096) [2013/11/07 14:25:03.780374, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 E9 01 00 00 00 00 00 00 7B 52 AF 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:03.780575, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 E9 01 00 00 00 00 00 00 7B 52 AF 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:03.780723, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:489(get_printer_snum) short name:sprinter1 [2013/11/07 14:25:03.780908, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) Create pipe requested \winreg [2013/11/07 14:25:03.781005, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:221(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \winreg [2013/11/07 14:25:03.781088, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg [2013/11/07 14:25:03.781233, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) Created internal pipe \winreg [2013/11/07 14:25:03.781382, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:25:03.781890, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2013/11/07 14:25:03.781975, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(2016, 5001) : sec_ctx_stack_ndx = 2 [2013/11/07 14:25:03.782063, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:485(push_conn_ctx) push_conn_ctx(2620291195) : conn_ctx_stack_ndx = 0 [2013/11/07 14:25:03.782145, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/11/07 14:25:03.782226, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/11/07 14:25:03.782306, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/11/07 14:25:03.782561, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (2016, 5001) - sec_ctx_stack_ndx = 1 [2013/11/07 14:25:03.782647, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:866(regdb_open) regdb_open: registry db opened. refcount reset (1) [2013/11/07 14:25:03.782734, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2013/11/07 14:25:03.782814, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2013/11/07 14:25:03.782915, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:03.782994, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM] [2013/11/07 14:25:03.783123, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2013/11/07 14:25:03.783227, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:25:03.783317, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 F2 01 00 00 00 00 00 00 7B 52 AF 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:03.783471, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001f2-0000-0000-7b52-af947f2c0000 result : WERR_OK [2013/11/07 14:25:03.783834, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001f2-0000-0000-7b52-af947f2c0000 keyname: struct winreg_String name_len : 0x008c (140) name_size : 0x008c (140) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:25:03.784933, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 F2 01 00 00 00 00 00 00 7B 52 AF 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:03.785090, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2013/11/07 14:25:03.785173, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (1->2) [2013/11/07 14:25:03.785257, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2013/11/07 14:25:03.785378, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2013/11/07 14:25:03.785463, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:03.785542, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE] [2013/11/07 14:25:03.785657, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2013/11/07 14:25:03.785759, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2013/11/07 14:25:03.785842, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (2->3) [2013/11/07 14:25:03.785926, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:25:03.786005, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:25:03.786089, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:03.786169, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:25:03.786276, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2013/11/07 14:25:03.786376, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2013/11/07 14:25:03.786459, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (3->4) [2013/11/07 14:25:03.786543, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:25:03.786623, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:25:03.786707, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:03.786786, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:25:03.786888, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:25:03.786989, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2013/11/07 14:25:03.787071, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (4->5) [2013/11/07 14:25:03.787155, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:25:03.787248, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:25:03.787333, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:03.787412, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:25:03.787537, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2013/11/07 14:25:03.787620, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (5->6) [2013/11/07 14:25:03.787704, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:25:03.787785, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:25:03.787873, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:03.787952, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:25:03.788059, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2013/11/07 14:25:03.788141, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (6->7) [2013/11/07 14:25:03.788227, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:25:03.788307, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:25:03.788424, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:03.788507, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:25:03.788611, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:25:03.788715, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [sprinter1] [2013/11/07 14:25:03.788798, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (7->8) [2013/11/07 14:25:03.788884, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:03.788979, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:03.789069, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:03.789149, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:03.789312, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:03.789424, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:25:03.789510, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (8->7) [2013/11/07 14:25:03.789594, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (7->6) [2013/11/07 14:25:03.789677, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (6->5) [2013/11/07 14:25:03.789760, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (5->4) [2013/11/07 14:25:03.789843, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (4->3) [2013/11/07 14:25:03.789926, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (3->2) [2013/11/07 14:25:03.790011, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 F3 01 00 00 00 00 00 00 7B 52 AF 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:03.790162, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001f3-0000-0000-7b52-af947f2c0000 result : WERR_OK [2013/11/07 14:25:03.790514, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey in: struct winreg_QueryInfoKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001f3-0000-0000-7b52-af947f2c0000 classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL [2013/11/07 14:25:03.791003, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 F3 01 00 00 00 00 00 00 7B 52 AF 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:03.791159, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' (ops 0xb6d86bc0) [2013/11/07 14:25:03.791243, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:03.791362, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[0]: name[Attributes] len[4] [2013/11/07 14:25:03.791448, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[1]: name[Description] len[2] [2013/11/07 14:25:03.791531, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[2]: name[Datatype] len[8] [2013/11/07 14:25:03.791615, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[3]: name[Default Priority] len[4] [2013/11/07 14:25:03.791699, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[4]: name[Port] len[38] [2013/11/07 14:25:03.791784, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[5]: name[Name] len[20] [2013/11/07 14:25:03.791868, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[6]: name[Print Processor] len[18] [2013/11/07 14:25:03.791953, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[7]: name[Priority] len[4] [2013/11/07 14:25:03.792038, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[8]: name[Security] len[248] [2013/11/07 14:25:03.792123, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[9]: name[Share Name] len[20] [2013/11/07 14:25:03.792208, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[10]: name[StartTime] len[4] [2013/11/07 14:25:03.792294, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[11]: name[UntilTime] len[4] [2013/11/07 14:25:03.792379, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[12]: name[ChangeID] len[4] [2013/11/07 14:25:03.792499, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:03.792606, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey out: struct winreg_QueryInfoKey classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL num_subkeys : * num_subkeys : 0x00000003 (3) max_subkeylen : * max_subkeylen : 0x00000022 (34) max_classlen : * max_classlen : 0x00000000 (0) num_values : * num_values : 0x0000000d (13) max_valnamelen : * max_valnamelen : 0x00000022 (34) max_valbufsize : * max_valbufsize : 0x000000f8 (248) secdescsize : * secdescsize : 0x00000078 (120) last_changed_time : * last_changed_time : NTTIME(0) result : WERR_OK [2013/11/07 14:25:03.793634, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001f3-0000-0000-7b52-af947f2c0000 enum_index : 0x00000000 (0) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:25:03.794488, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 F3 01 00 00 00 00 00 00 7B 52 AF 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:03.794638, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:03.794726, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0016 (22) size : 0x0024 (36) name : * name : 'Attributes' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x48 (72) [1] : 0x10 (16) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:25:03.795617, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001f3-0000-0000-7b52-af947f2c0000 enum_index : 0x00000001 (1) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:25:03.796518, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 F3 01 00 00 00 00 00 00 7B 52 AF 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:03.796668, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:03.796755, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0018 (24) size : 0x0024 (36) name : * name : 'Description' type : * type : REG_SZ (1) value : * value: ARRAY(2) [0] : 0x00 (0) [1] : 0x00 (0) size : * size : 0x00000002 (2) length : * length : 0x00000002 (2) result : WERR_OK [2013/11/07 14:25:03.797581, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001f3-0000-0000-7b52-af947f2c0000 enum_index : 0x00000002 (2) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:25:03.798441, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 F3 01 00 00 00 00 00 00 7B 52 AF 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:03.798590, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:03.798676, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Datatype' type : * type : REG_SZ (1) value : * value: ARRAY(8) [0] : 0x52 (82) [1] : 0x00 (0) [2] : 0x41 (65) [3] : 0x00 (0) [4] : 0x57 (87) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) size : * size : 0x00000008 (8) length : * length : 0x00000008 (8) result : WERR_OK [2013/11/07 14:25:03.799704, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001f3-0000-0000-7b52-af947f2c0000 enum_index : 0x00000003 (3) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:25:03.800581, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 F3 01 00 00 00 00 00 00 7B 52 AF 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:03.800730, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:03.800830, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0022 (34) size : 0x0024 (36) name : * name : 'Default Priority' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:25:03.801742, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001f3-0000-0000-7b52-af947f2c0000 enum_index : 0x00000004 (4) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:25:03.802593, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 F3 01 00 00 00 00 00 00 7B 52 AF 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:03.802742, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:03.802828, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x000a (10) size : 0x0024 (36) name : * name : 'Port' type : * type : REG_SZ (1) value : * value: ARRAY(38) [0] : 0x53 (83) [1] : 0x00 (0) [2] : 0x61 (97) [3] : 0x00 (0) [4] : 0x6d (109) [5] : 0x00 (0) [6] : 0x62 (98) [7] : 0x00 (0) [8] : 0x61 (97) [9] : 0x00 (0) [10] : 0x20 (32) [11] : 0x00 (0) [12] : 0x50 (80) [13] : 0x00 (0) [14] : 0x72 (114) [15] : 0x00 (0) [16] : 0x69 (105) [17] : 0x00 (0) [18] : 0x6e (110) [19] : 0x00 (0) [20] : 0x74 (116) [21] : 0x00 (0) [22] : 0x65 (101) [23] : 0x00 (0) [24] : 0x72 (114) [25] : 0x00 (0) [26] : 0x20 (32) [27] : 0x00 (0) [28] : 0x50 (80) [29] : 0x00 (0) [30] : 0x6f (111) [31] : 0x00 (0) [32] : 0x72 (114) [33] : 0x00 (0) [34] : 0x74 (116) [35] : 0x00 (0) [36] : 0x00 (0) [37] : 0x00 (0) size : * size : 0x00000026 (38) length : * length : 0x00000026 (38) result : WERR_OK [2013/11/07 14:25:03.805066, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001f3-0000-0000-7b52-af947f2c0000 enum_index : 0x00000005 (5) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:25:03.805947, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 F3 01 00 00 00 00 00 00 7B 52 AF 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:03.806100, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:03.806200, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x000a (10) size : 0x0024 (36) name : * name : 'Name' type : * type : REG_SZ (1) value : * value: ARRAY(20) [0] : 0x73 (115) [1] : 0x00 (0) [2] : 0x70 (112) [3] : 0x00 (0) [4] : 0x72 (114) [5] : 0x00 (0) [6] : 0x69 (105) [7] : 0x00 (0) [8] : 0x6e (110) [9] : 0x00 (0) [10] : 0x74 (116) [11] : 0x00 (0) [12] : 0x65 (101) [13] : 0x00 (0) [14] : 0x72 (114) [15] : 0x00 (0) [16] : 0x31 (49) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) size : * size : 0x00000014 (20) length : * length : 0x00000014 (20) result : WERR_OK [2013/11/07 14:25:03.807724, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001f3-0000-0000-7b52-af947f2c0000 enum_index : 0x00000006 (6) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:25:03.808597, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 F3 01 00 00 00 00 00 00 7B 52 AF 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:03.808747, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:03.808846, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0020 (32) size : 0x0024 (36) name : * name : 'Print Processor' type : * type : REG_SZ (1) value : * value: ARRAY(18) [0] : 0x77 (119) [1] : 0x00 (0) [2] : 0x69 (105) [3] : 0x00 (0) [4] : 0x6e (110) [5] : 0x00 (0) [6] : 0x70 (112) [7] : 0x00 (0) [8] : 0x72 (114) [9] : 0x00 (0) [10] : 0x69 (105) [11] : 0x00 (0) [12] : 0x6e (110) [13] : 0x00 (0) [14] : 0x74 (116) [15] : 0x00 (0) [16] : 0x00 (0) [17] : 0x00 (0) size : * size : 0x00000012 (18) length : * length : 0x00000012 (18) result : WERR_OK [2013/11/07 14:25:03.810357, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001f3-0000-0000-7b52-af947f2c0000 enum_index : 0x00000007 (7) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:25:03.811207, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 F3 01 00 00 00 00 00 00 7B 52 AF 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:03.811355, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:03.811442, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Priority' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:25:03.812327, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001f3-0000-0000-7b52-af947f2c0000 enum_index : 0x00000008 (8) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:25:03.813201, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 F3 01 00 00 00 00 00 00 7B 52 AF 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:03.813382, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:03.813473, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Security' type : * type : REG_BINARY (3) value : * value: ARRAY(248) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0xc4 (196) [55] : 0x00 (0) [56] : 0x07 (7) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x24 (36) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x05 (5) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x15 (21) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0xcd (205) [101] : 0x0e (14) [102] : 0x37 (55) [103] : 0x41 (65) [104] : 0xea (234) [105] : 0x03 (3) [106] : 0x00 (0) [107] : 0x1d (29) [108] : 0x0e (14) [109] : 0x89 (137) [110] : 0x3c (60) [111] : 0xd2 (210) [112] : 0x00 (0) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x02 (2) [118] : 0x24 (36) [119] : 0x00 (0) [120] : 0x0c (12) [121] : 0x00 (0) [122] : 0x0f (15) [123] : 0x10 (16) [124] : 0x01 (1) [125] : 0x05 (5) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x05 (5) [132] : 0x15 (21) [133] : 0x00 (0) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0xcd (205) [137] : 0x0e (14) [138] : 0x37 (55) [139] : 0x41 (65) [140] : 0xea (234) [141] : 0x03 (3) [142] : 0x00 (0) [143] : 0x1d (29) [144] : 0x0e (14) [145] : 0x89 (137) [146] : 0x3c (60) [147] : 0xd2 (210) [148] : 0x00 (0) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x09 (9) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x20 (32) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x02 (2) [178] : 0x18 (24) [179] : 0x00 (0) [180] : 0x0c (12) [181] : 0x00 (0) [182] : 0x0f (15) [183] : 0x10 (16) [184] : 0x01 (1) [185] : 0x02 (2) [186] : 0x00 (0) [187] : 0x00 (0) [188] : 0x00 (0) [189] : 0x00 (0) [190] : 0x00 (0) [191] : 0x05 (5) [192] : 0x20 (32) [193] : 0x00 (0) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x20 (32) [197] : 0x02 (2) [198] : 0x00 (0) [199] : 0x00 (0) [200] : 0x00 (0) [201] : 0x09 (9) [202] : 0x18 (24) [203] : 0x00 (0) [204] : 0x0c (12) [205] : 0x00 (0) [206] : 0x0f (15) [207] : 0x10 (16) [208] : 0x01 (1) [209] : 0x02 (2) [210] : 0x00 (0) [211] : 0x00 (0) [212] : 0x00 (0) [213] : 0x00 (0) [214] : 0x00 (0) [215] : 0x05 (5) [216] : 0x20 (32) [217] : 0x00 (0) [218] : 0x00 (0) [219] : 0x00 (0) [220] : 0x26 (38) [221] : 0x02 (2) [222] : 0x00 (0) [223] : 0x00 (0) [224] : 0x00 (0) [225] : 0x02 (2) [226] : 0x18 (24) [227] : 0x00 (0) [228] : 0x0c (12) [229] : 0x00 (0) [230] : 0x0f (15) [231] : 0x10 (16) [232] : 0x01 (1) [233] : 0x02 (2) [234] : 0x00 (0) [235] : 0x00 (0) [236] : 0x00 (0) [237] : 0x00 (0) [238] : 0x00 (0) [239] : 0x05 (5) [240] : 0x20 (32) [241] : 0x00 (0) [242] : 0x00 (0) [243] : 0x00 (0) [244] : 0x26 (38) [245] : 0x02 (2) [246] : 0x00 (0) [247] : 0x00 (0) size : * size : 0x000000f8 (248) length : * length : 0x000000f8 (248) result : WERR_OK [2013/11/07 14:25:03.823950, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001f3-0000-0000-7b52-af947f2c0000 enum_index : 0x00000009 (9) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:25:03.824825, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 F3 01 00 00 00 00 00 00 7B 52 AF 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:03.824973, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:03.825061, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0016 (22) size : 0x0024 (36) name : * name : 'Share Name' type : * type : REG_SZ (1) value : * value: ARRAY(20) [0] : 0x73 (115) [1] : 0x00 (0) [2] : 0x70 (112) [3] : 0x00 (0) [4] : 0x72 (114) [5] : 0x00 (0) [6] : 0x69 (105) [7] : 0x00 (0) [8] : 0x6e (110) [9] : 0x00 (0) [10] : 0x74 (116) [11] : 0x00 (0) [12] : 0x65 (101) [13] : 0x00 (0) [14] : 0x72 (114) [15] : 0x00 (0) [16] : 0x31 (49) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) size : * size : 0x00000014 (20) length : * length : 0x00000014 (20) result : WERR_OK [2013/11/07 14:25:03.826649, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001f3-0000-0000-7b52-af947f2c0000 enum_index : 0x0000000a (10) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:25:03.827498, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 F3 01 00 00 00 00 00 00 7B 52 AF 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:03.827646, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:03.827732, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0014 (20) size : 0x0024 (36) name : * name : 'StartTime' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:25:03.828645, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001f3-0000-0000-7b52-af947f2c0000 enum_index : 0x0000000b (11) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:25:03.829506, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 F3 01 00 00 00 00 00 00 7B 52 AF 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:03.829655, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:03.829741, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0014 (20) size : 0x0024 (36) name : * name : 'UntilTime' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:25:03.830610, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001f3-0000-0000-7b52-af947f2c0000 enum_index : 0x0000000c (12) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2013/11/07 14:25:03.831479, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 F3 01 00 00 00 00 00 00 7B 52 AF 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:03.831627, 8, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:453(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:03.831713, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'ChangeID' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x33 (51) [1] : 0xac (172) [2] : 0x0e (14) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2013/11/07 14:25:03.832708, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001f3-0000-0000-7b52-af947f2c0000 value_name : * value_name: struct winreg_String name_len : 0x0020 (32) name_size : 0x0020 (32) name : * name : 'Default DevMode' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2013/11/07 14:25:03.833590, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 F3 01 00 00 00 00 00 00 7B 52 AF 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:03.833756, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:03.833838, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2013/11/07 14:25:03.833927, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:316(_winreg_QueryValue) _winreg_QueryValue: reg_queryvalue failed with: WERR_BADFILE [2013/11/07 14:25:03.834008, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) result : WERR_BADFILE [2013/11/07 14:25:03.834471, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:25:03.834979, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2013/11/07 14:25:03.835062, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (2->3) [2013/11/07 14:25:03.835148, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2013/11/07 14:25:03.835228, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2013/11/07 14:25:03.835312, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:03.835391, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM] [2013/11/07 14:25:03.835513, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2013/11/07 14:25:03.835616, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:25:03.835704, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[3] [0000] 00 00 00 00 F4 01 00 00 00 00 00 00 7B 52 AF 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:03.835870, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001f4-0000-0000-7b52-af947f2c0000 result : WERR_OK [2013/11/07 14:25:03.836214, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001f4-0000-0000-7b52-af947f2c0000 keyname: struct winreg_String name_len : 0x008c (140) name_size : 0x008c (140) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:25:03.837255, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 F4 01 00 00 00 00 00 00 7B 52 AF 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:03.837444, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2013/11/07 14:25:03.837527, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (3->4) [2013/11/07 14:25:03.837610, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2013/11/07 14:25:03.837690, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2013/11/07 14:25:03.837773, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:03.837852, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE] [2013/11/07 14:25:03.837962, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2013/11/07 14:25:03.838063, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2013/11/07 14:25:03.838145, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (4->5) [2013/11/07 14:25:03.838245, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:25:03.838325, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:25:03.838408, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:03.838487, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:25:03.838592, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2013/11/07 14:25:03.838691, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2013/11/07 14:25:03.838773, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (5->6) [2013/11/07 14:25:03.838856, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:25:03.838936, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:25:03.839020, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:03.839099, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:25:03.839200, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:25:03.839300, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2013/11/07 14:25:03.839381, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (6->7) [2013/11/07 14:25:03.839465, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:25:03.839545, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:25:03.839630, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:03.839708, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:25:03.839831, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2013/11/07 14:25:03.839914, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (7->8) [2013/11/07 14:25:03.840012, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:25:03.840093, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:25:03.840181, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:03.840260, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:25:03.840367, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2013/11/07 14:25:03.840479, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (8->9) [2013/11/07 14:25:03.840565, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:25:03.840645, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:25:03.840734, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:03.840813, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:25:03.840917, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:25:03.841020, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [sprinter1] [2013/11/07 14:25:03.841102, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (9->10) [2013/11/07 14:25:03.841188, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:03.841269, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:03.841368, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:03.841448, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:03.841561, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:03.841676, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:25:03.841762, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (10->9) [2013/11/07 14:25:03.841845, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (9->8) [2013/11/07 14:25:03.841928, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (8->7) [2013/11/07 14:25:03.842011, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (7->6) [2013/11/07 14:25:03.842093, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (6->5) [2013/11/07 14:25:03.842176, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (5->4) [2013/11/07 14:25:03.842259, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[4] [0000] 00 00 00 00 F5 01 00 00 00 00 00 00 7B 52 AF 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:03.842409, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001f5-0000-0000-7b52-af947f2c0000 result : WERR_OK [2013/11/07 14:25:03.842761, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001f5-0000-0000-7b52-af947f2c0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2013/11/07 14:25:03.843536, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 F5 01 00 00 00 00 00 00 7B 52 AF 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:03.843689, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:03.843784, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2013/11/07 14:25:03.843867, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' (ops 0xb6d86bc0) [2013/11/07 14:25:03.843950, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:03.844058, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[0]: name[Attributes] len[4] [2013/11/07 14:25:03.844141, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[1]: name[Description] len[2] [2013/11/07 14:25:03.844225, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[2]: name[Datatype] len[8] [2013/11/07 14:25:03.844309, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[3]: name[Default Priority] len[4] [2013/11/07 14:25:03.844419, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[4]: name[Port] len[38] [2013/11/07 14:25:03.844507, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[5]: name[Name] len[20] [2013/11/07 14:25:03.844591, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[6]: name[Print Processor] len[18] [2013/11/07 14:25:03.844676, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[7]: name[Priority] len[4] [2013/11/07 14:25:03.844760, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[8]: name[Security] len[248] [2013/11/07 14:25:03.844845, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[9]: name[Share Name] len[20] [2013/11/07 14:25:03.844930, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[10]: name[StartTime] len[4] [2013/11/07 14:25:03.845015, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[11]: name[UntilTime] len[4] [2013/11/07 14:25:03.845101, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[12]: name[ChangeID] len[4] [2013/11/07 14:25:03.845188, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : NULL data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x00000000 (0) result : WERR_OK [2013/11/07 14:25:03.845668, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001f5-0000-0000-7b52-af947f2c0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_BINARY (3) data : * data: ARRAY(0) data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x00000000 (0) [2013/11/07 14:25:03.846528, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 F5 01 00 00 00 00 00 00 7B 52 AF 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:03.846681, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:03.846764, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2013/11/07 14:25:03.846852, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : * data: ARRAY(248) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0xc4 (196) [55] : 0x00 (0) [56] : 0x07 (7) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x24 (36) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x05 (5) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x15 (21) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0xcd (205) [101] : 0x0e (14) [102] : 0x37 (55) [103] : 0x41 (65) [104] : 0xea (234) [105] : 0x03 (3) [106] : 0x00 (0) [107] : 0x1d (29) [108] : 0x0e (14) [109] : 0x89 (137) [110] : 0x3c (60) [111] : 0xd2 (210) [112] : 0x00 (0) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x02 (2) [118] : 0x24 (36) [119] : 0x00 (0) [120] : 0x0c (12) [121] : 0x00 (0) [122] : 0x0f (15) [123] : 0x10 (16) [124] : 0x01 (1) [125] : 0x05 (5) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x05 (5) [132] : 0x15 (21) [133] : 0x00 (0) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0xcd (205) [137] : 0x0e (14) [138] : 0x37 (55) [139] : 0x41 (65) [140] : 0xea (234) [141] : 0x03 (3) [142] : 0x00 (0) [143] : 0x1d (29) [144] : 0x0e (14) [145] : 0x89 (137) [146] : 0x3c (60) [147] : 0xd2 (210) [148] : 0x00 (0) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x09 (9) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x20 (32) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x02 (2) [178] : 0x18 (24) [179] : 0x00 (0) [180] : 0x0c (12) [181] : 0x00 (0) [182] : 0x0f (15) [183] : 0x10 (16) [184] : 0x01 (1) [185] : 0x02 (2) [186] : 0x00 (0) [187] : 0x00 (0) [188] : 0x00 (0) [189] : 0x00 (0) [190] : 0x00 (0) [191] : 0x05 (5) [192] : 0x20 (32) [193] : 0x00 (0) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x20 (32) [197] : 0x02 (2) [198] : 0x00 (0) [199] : 0x00 (0) [200] : 0x00 (0) [201] : 0x09 (9) [202] : 0x18 (24) [203] : 0x00 (0) [204] : 0x0c (12) [205] : 0x00 (0) [206] : 0x0f (15) [207] : 0x10 (16) [208] : 0x01 (1) [209] : 0x02 (2) [210] : 0x00 (0) [211] : 0x00 (0) [212] : 0x00 (0) [213] : 0x00 (0) [214] : 0x00 (0) [215] : 0x05 (5) [216] : 0x20 (32) [217] : 0x00 (0) [218] : 0x00 (0) [219] : 0x00 (0) [220] : 0x26 (38) [221] : 0x02 (2) [222] : 0x00 (0) [223] : 0x00 (0) [224] : 0x00 (0) [225] : 0x02 (2) [226] : 0x18 (24) [227] : 0x00 (0) [228] : 0x0c (12) [229] : 0x00 (0) [230] : 0x0f (15) [231] : 0x10 (16) [232] : 0x01 (1) [233] : 0x02 (2) [234] : 0x00 (0) [235] : 0x00 (0) [236] : 0x00 (0) [237] : 0x00 (0) [238] : 0x00 (0) [239] : 0x05 (5) [240] : 0x20 (32) [241] : 0x00 (0) [242] : 0x00 (0) [243] : 0x00 (0) [244] : 0x26 (38) [245] : 0x02 (2) [246] : 0x00 (0) [247] : 0x00 (0) data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x000000f8 (248) result : WERR_OK [2013/11/07 14:25:03.857138, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001f5-0000-0000-7b52-af947f2c0000 [2013/11/07 14:25:03.857434, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 F5 01 00 00 00 00 00 00 7B 52 AF 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:03.857586, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 F5 01 00 00 00 00 00 00 7B 52 AF 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:03.857736, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:25:03.857823, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (4->3) [2013/11/07 14:25:03.857906, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:25:03.858242, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001f4-0000-0000-7b52-af947f2c0000 [2013/11/07 14:25:03.858523, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 F4 01 00 00 00 00 00 00 7B 52 AF 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:03.858674, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 F4 01 00 00 00 00 00 00 7B 52 AF 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:03.858824, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:25:03.858921, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (3->2) [2013/11/07 14:25:03.859003, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:25:03.859341, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001f3-0000-0000-7b52-af947f2c0000 [2013/11/07 14:25:03.859790, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 F3 01 00 00 00 00 00 00 7B 52 AF 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:03.859944, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 F3 01 00 00 00 00 00 00 7B 52 AF 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:03.860096, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:25:03.860185, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (2->1) [2013/11/07 14:25:03.860270, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:25:03.860686, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001f2-0000-0000-7b52-af947f2c0000 [2013/11/07 14:25:03.860968, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 F2 01 00 00 00 00 00 00 7B 52 AF 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:03.861119, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 F2 01 00 00 00 00 00 00 7B 52 AF 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:03.861268, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:25:03.861378, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (1->0) [2013/11/07 14:25:03.861501, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:25:03.861842, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:416(close_policy_by_pipe) Deleted handle list for RPC connection \winreg [2013/11/07 14:25:03.862063, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) spoolss_GetPrinter: struct spoolss_GetPrinter out: struct spoolss_GetPrinter info : * info : union spoolss_PrinterInfo(case 2) info2: struct spoolss_PrinterInfo2 servername : * servername : '\\SLAVER' printername : * printername : '\\SLAVER\sprinter1' sharename : * sharename : 'sprinter1' portname : * portname : 'Samba Printer Port' drivername : * drivername : '' comment : * comment : '' location : * location : '' devmode : * devmode: struct spoolss_DeviceMode devicename : '\\SLAVER\sprinter1' specversion : DMSPEC_NT4_AND_ABOVE (1025) driverversion : 0x0400 (1024) size : 0x00dc (220) __driverextra_length : 0x0000 (0) fields : 0x00014713 (83731) 1: DEVMODE_ORIENTATION 1: DEVMODE_PAPERSIZE 0: DEVMODE_PAPERLENGTH 0: DEVMODE_PAPERWIDTH 1: DEVMODE_SCALE 0: DEVMODE_POSITION 0: DEVMODE_NUP 1: DEVMODE_COPIES 1: DEVMODE_DEFAULTSOURCE 1: DEVMODE_PRINTQUALITY 0: DEVMODE_COLOR 0: DEVMODE_DUPLEX 0: DEVMODE_YRESOLUTION 1: DEVMODE_TTOPTION 0: DEVMODE_COLLATE 1: DEVMODE_FORMNAME 0: DEVMODE_LOGPIXELS 0: DEVMODE_BITSPERPEL 0: DEVMODE_PELSWIDTH 0: DEVMODE_PELSHEIGHT 0: DEVMODE_DISPLAYFLAGS 0: DEVMODE_DISPLAYFREQUENCY 0: DEVMODE_ICMMETHOD 0: DEVMODE_ICMINTENT 0: DEVMODE_MEDIATYPE 0: DEVMODE_DITHERTYPE 0: DEVMODE_PANNINGWIDTH 0: DEVMODE_PANNINGHEIGHT orientation : DMORIENT_PORTRAIT (1) papersize : DMPAPER_LETTER (1) paperlength : 0x0000 (0) paperwidth : 0x0000 (0) scale : 0x0064 (100) copies : 0x0001 (1) defaultsource : DMBIN_FORMSOURCE (15) printquality : DMRES_HIGH (65532) color : DMRES_MONOCHROME (1) duplex : DMDUP_SIMPLEX (1) yresolution : 0x0000 (0) ttoption : DMTT_SUBDEV (3) collate : DMCOLLATE_FALSE (0) formname : 'Letter' logpixels : 0x0000 (0) bitsperpel : 0x00000000 (0) pelswidth : 0x00000000 (0) pelsheight : 0x00000000 (0) displayflags : UNKNOWN_ENUM_VALUE (0) displayfrequency : 0x00000000 (0) icmmethod : UNKNOWN_ENUM_VALUE (0) icmintent : UNKNOWN_ENUM_VALUE (0) mediatype : UNKNOWN_ENUM_VALUE (0) dithertype : UNKNOWN_ENUM_VALUE (0) reserved1 : 0x00000000 (0) reserved2 : 0x00000000 (0) panningwidth : 0x00000000 (0) panningheight : 0x00000000 (0) driverextra_data : DATA_BLOB length=0 sepfile : * sepfile : '' printprocessor : * printprocessor : 'winprint' datatype : * datatype : 'RAW' parameters : * parameters : '' secdesc : * secdesc: struct security_descriptor revision : SECURITY_DESCRIPTOR_REVISION_1 (1) type : 0x8004 (32772) 0: SEC_DESC_OWNER_DEFAULTED 0: SEC_DESC_GROUP_DEFAULTED 1: SEC_DESC_DACL_PRESENT 0: SEC_DESC_DACL_DEFAULTED 0: SEC_DESC_SACL_PRESENT 0: SEC_DESC_SACL_DEFAULTED 0: SEC_DESC_DACL_TRUSTED 0: SEC_DESC_SERVER_SECURITY 0: SEC_DESC_DACL_AUTO_INHERIT_REQ 0: SEC_DESC_SACL_AUTO_INHERIT_REQ 0: SEC_DESC_DACL_AUTO_INHERITED 0: SEC_DESC_SACL_AUTO_INHERITED 0: SEC_DESC_DACL_PROTECTED 0: SEC_DESC_SACL_PROTECTED 0: SEC_DESC_RM_CONTROL_VALID 1: SEC_DESC_SELF_RELATIVE owner_sid : * owner_sid : S-1-5-32-544 group_sid : * group_sid : S-1-5-32-544 sacl : NULL dacl : * dacl: struct security_acl revision : SECURITY_ACL_REVISION_NT4 (2) size : 0x00c4 (196) num_aces : 0x00000007 (7) aces: ARRAY(7) aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0014 (20) access_mask : 0x20020008 (537001992) object : union security_ace_object_ctr(case 0) trustee : S-1-1-0 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x09 (9) 1: SEC_ACE_FLAG_OBJECT_INHERIT 0: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 1: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0024 (36) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-21-1094127309-486540266-3527182606-512 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0024 (36) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-21-1094127309-486540266-3527182606-512 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x09 (9) 1: SEC_ACE_FLAG_OBJECT_INHERIT 0: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 1: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-544 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-544 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x09 (9) 1: SEC_ACE_FLAG_OBJECT_INHERIT 0: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 1: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-550 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-550 attributes : 0x00001048 (4168) 0: PRINTER_ATTRIBUTE_QUEUED 0: PRINTER_ATTRIBUTE_DIRECT 0: PRINTER_ATTRIBUTE_DEFAULT 1: PRINTER_ATTRIBUTE_SHARED 0: PRINTER_ATTRIBUTE_NETWORK 0: PRINTER_ATTRIBUTE_HIDDEN 1: PRINTER_ATTRIBUTE_LOCAL 0: PRINTER_ATTRIBUTE_ENABLE_DEVQ 0: PRINTER_ATTRIBUTE_KEEPPRINTEDJOBS 0: PRINTER_ATTRIBUTE_DO_COMPLETE_FIRST 0: PRINTER_ATTRIBUTE_WORK_OFFLINE 0: PRINTER_ATTRIBUTE_ENABLE_BIDI 1: PRINTER_ATTRIBUTE_RAW_ONLY 0: PRINTER_ATTRIBUTE_PUBLISHED 0: PRINTER_ATTRIBUTE_FAX 0: PRINTER_ATTRIBUTE_TS priority : 0x00000001 (1) defaultpriority : 0x00000001 (1) starttime : 0x00000000 (0) untiltime : 0x00000000 (0) status : 0x00000000 (0) 0: PRINTER_STATUS_PAUSED 0: PRINTER_STATUS_ERROR 0: PRINTER_STATUS_PENDING_DELETION 0: PRINTER_STATUS_PAPER_JAM 0: PRINTER_STATUS_PAPER_OUT 0: PRINTER_STATUS_MANUAL_FEED 0: PRINTER_STATUS_PAPER_PROBLEM 0: PRINTER_STATUS_OFFLINE 0: PRINTER_STATUS_IO_ACTIVE 0: PRINTER_STATUS_BUSY 0: PRINTER_STATUS_PRINTING 0: PRINTER_STATUS_OUTPUT_BIN_FULL 0: PRINTER_STATUS_NOT_AVAILABLE 0: PRINTER_STATUS_WAITING 0: PRINTER_STATUS_PROCESSING 0: PRINTER_STATUS_INITIALIZING 0: PRINTER_STATUS_WARMING_UP 0: PRINTER_STATUS_TONER_LOW 0: PRINTER_STATUS_NO_TONER 0: PRINTER_STATUS_PAGE_PUNT 0: PRINTER_STATUS_USER_INTERVENTION 0: PRINTER_STATUS_OUT_OF_MEMORY 0: PRINTER_STATUS_DOOR_OPEN 0: PRINTER_STATUS_SERVER_UNKNOWN 0: PRINTER_STATUS_POWER_SAVE cjobs : 0x00000000 (0) averageppm : 0x00000000 (0) needed : * needed : 0x000002f0 (752) result : WERR_OK [2013/11/07 14:25:03.873423, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1417(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2013/11/07 14:25:03.873543, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (2016, 5001) - sec_ctx_stack_ndx = 0 [2013/11/07 14:25:03.873636, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 4140 smbd_smb2_request_pending_queue: req->current_idx = 1 req->in.vector[0].iov_len = 0 req->in.vector[1].iov_len = 0 req->in.vector[2].iov_len = 64 req->in.vector[3].iov_len = 56 req->in.vector[4].iov_len = 4156 req->out.vector[0].iov_len = 4 req->out.vector[1].iov_len = 0 req->out.vector[2].iov_len = 64 req->out.vector[3].iov_len = 8 req->out.vector[4].iov_len = 0 [2013/11/07 14:25:03.874137, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:128(smbd_smb2_ioctl_pipe_write_done) smbd_smb2_ioctl_pipe_write_done: received 4156 [2013/11/07 14:25:03.874222, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:149(smbd_smb2_ioctl_pipe_write_done) smbd_smb2_ioctl_pipe_write_done: issuing np_read_send of size 4136 [2013/11/07 14:25:03.874307, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) name: \spoolss len: 4136 [2013/11/07 14:25:03.874391, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:347(read_from_internal_pipe) read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 4112. [2013/11/07 14:25:03.874489, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x1028 (4136) auth_length : 0x0000 (0) call_id : 0x00000004 (4) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00001010 (4112) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=4112 [0000] 04 00 02 00 00 10 00 00 EE 0F 00 00 C8 0F 00 00 ........ ........ [0010] B4 0F 00 00 8E 0F 00 00 8C 0F 00 00 8A 0F 00 00 ........ ........ [0020] 88 0F 00 00 8C 0E 00 00 86 0F 00 00 74 0F 00 00 ........ ....t... [0030] 6C 0F 00 00 6A 0F 00 00 94 0D 00 00 48 10 00 00 l...j... ....H... [0040] 01 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 01 00 04 80 ........ ........ [0DA0] D8 00 00 00 E8 00 00 00 00 00 00 00 14 00 00 00 ........ ........ [0DB0] 02 00 C4 00 07 00 00 00 00 02 14 00 08 00 02 20 ........ ....... [0DC0] 01 01 00 00 00 00 00 01 00 00 00 00 00 09 24 00 ........ ......$. [0DD0] 0C 00 0F 10 01 05 00 00 00 00 00 05 15 00 00 00 ........ ........ [0DE0] CD 0E 37 41 EA 03 00 1D 0E 89 3C D2 00 02 00 00 ..7A.... ..<..... [0DF0] 00 02 24 00 0C 00 0F 10 01 05 00 00 00 00 00 05 ..$..... ........ [0E00] 15 00 00 00 CD 0E 37 41 EA 03 00 1D 0E 89 3C D2 ......7A ......<. [0E10] 00 02 00 00 00 09 18 00 0C 00 0F 10 01 02 00 00 ........ ........ [0E20] 00 00 00 05 20 00 00 00 20 02 00 00 00 02 18 00 .... ... ....... [0E30] 0C 00 0F 10 01 02 00 00 00 00 00 05 20 00 00 00 ........ .... ... [0E40] 20 02 00 00 00 09 18 00 0C 00 0F 10 01 02 00 00 ....... ........ [0E50] 00 00 00 05 20 00 00 00 26 02 00 00 00 02 18 00 .... ... &....... [0E60] 0C 00 0F 10 01 02 00 00 00 00 00 05 20 00 00 00 ........ .... ... [0E70] 26 02 00 00 01 02 00 00 00 00 00 05 20 00 00 00 &....... .... ... [0E80] 20 02 00 00 01 02 00 00 00 00 00 05 20 00 00 00 ....... .... ... [0E90] 20 02 00 00 5C 00 5C 00 53 00 4C 00 41 00 56 00 ...\.\. S.L.A.V. [0EA0] 45 00 52 00 5C 00 73 00 70 00 72 00 69 00 6E 00 E.R.\.s. p.r.i.n. [0EB0] 74 00 65 00 72 00 31 00 00 00 00 00 00 00 00 00 t.e.r.1. ........ [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0ED0] 00 00 00 00 01 04 00 04 DC 00 00 00 13 47 01 00 ........ .....G.. [0EE0] 01 00 01 00 00 00 00 00 64 00 01 00 0F 00 FC FF ........ d....... [0EF0] 01 00 01 00 00 00 03 00 00 00 4C 00 65 00 74 00 ........ ..L.e.t. [0F00] 74 00 65 00 72 00 00 00 00 00 00 00 00 00 00 00 t.e.r... ........ [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0F70] 00 00 00 00 52 00 41 00 57 00 00 00 77 00 69 00 ....R.A. W...w.i. [0F80] 6E 00 70 00 72 00 69 00 6E 00 74 00 00 00 00 00 n.p.r.i. n.t..... [0F90] 00 00 00 00 00 00 53 00 61 00 6D 00 62 00 61 00 ......S. a.m.b.a. [0FA0] 20 00 50 00 72 00 69 00 6E 00 74 00 65 00 72 00 .P.r.i. n.t.e.r. [0FB0] 20 00 50 00 6F 00 72 00 74 00 00 00 73 00 70 00 .P.o.r. t...s.p. [0FC0] 72 00 69 00 6E 00 74 00 65 00 72 00 31 00 00 00 r.i.n.t. e.r.1... [0FD0] 5C 00 5C 00 53 00 4C 00 41 00 56 00 45 00 52 00 \.\.S.L. A.V.E.R. [0FE0] 5C 00 73 00 70 00 72 00 69 00 6E 00 74 00 65 00 \.s.p.r. i.n.t.e. [0FF0] 72 00 31 00 00 00 5C 00 5C 00 53 00 4C 00 41 00 r.1...\. \.S.L.A. [1000] 56 00 45 00 52 00 00 00 F0 02 00 00 00 00 00 00 V.E.R... ........ [2013/11/07 14:25:03.891827, 3, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) free_pipe_context: destroying talloc pool of size 1258 [2013/11/07 14:25:03.891958, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 4136 bytes. There is no more data outstanding [2013/11/07 14:25:03.892042, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:178(smbd_smb2_ioctl_pipe_read_done) smbd_smb2_ioctl_pipe_read_done: np_read_recv nread = 4136 is_data_outstanding = 0, status = NT_STATUS_OK [2013/11/07 14:25:03.892132, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl.c:291(smbd_smb2_request_ioctl_done) smbd_smb2_request_ioctl_done: smbd_smb2_ioctl_recv returned 4136 status NT_STATUS_OK [2013/11/07 14:25:03.892215, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[48] dyn[yes:4136] at ../source3/smbd/smb2_ioctl.c:358 [2013/11/07 14:25:03.892303, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/271/127 [2013/11/07 14:25:03.915172, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) smbd_smb2_request_incoming: idx[1] of 5 vectors [2013/11/07 14:25:03.915435, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) smb2_validate_sequence_number: clearing id 271 (position 271) from bitmap [2013/11/07 14:25:03.915561, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) smbd_smb2_request_dispatch: opcode[SMB2_OP_IOCTL] mid = 271 [2013/11/07 14:25:03.915678, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2013/11/07 14:25:03.915777, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) mid 271, CreditCharge: 1, NeededCharge: 1 [2013/11/07 14:25:03.915861, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl.c:394(smbd_smb2_ioctl_send) smbd_smb2_ioctl: ctl_code[0x0011c017] spoolss, fnum 267029485 [2013/11/07 14:25:03.915953, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:59(smb2_ioctl_named_pipe) smbd_smb2_ioctl_send: np_write_send of size 44 [2013/11/07 14:25:03.916035, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 44 [2013/11/07 14:25:03.916118, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 44 [2013/11/07 14:25:03.916198, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 44 [2013/11/07 14:25:03.916472, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 [2013/11/07 14:25:03.916732, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 16 [2013/11/07 14:25:03.916814, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 28 [2013/11/07 14:25:03.916894, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 28 [2013/11/07 14:25:03.917000, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 0 [2013/11/07 14:25:03.917081, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 28 [2013/11/07 14:25:03.917161, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 28, incoming data = 28 [2013/11/07 14:25:03.918571, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) PDU is in Little Endian format! [2013/11/07 14:25:03.918694, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x002c (44) auth_length : 0x0000 (0) call_id : 0x00000005 (5) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x00000014 (20) context_id : 0x0000 (0) opnum : 0x001d (29) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=20 [0000] 00 00 00 00 E9 01 00 00 00 00 00 00 7B 52 AF 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:03.920908, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) Processing packet type 0 [2013/11/07 14:25:03.921004, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1472(dcesrv_auth_request) Checking request auth. [2013/11/07 14:25:03.921092, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(2016, 5001) : sec_ctx_stack_ndx = 1 [2013/11/07 14:25:03.921189, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (2016, 5001) - sec_ctx_stack_ndx = 1 [2013/11/07 14:25:03.922391, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (7): SID[ 0]: S-1-5-21-1094127309-486540266-3527182606-1118 SID[ 1]: S-1-5-21-1094127309-486540266-3527182606-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-32-545 SID[ 6]: S-1-5-32-554 Privileges (0x 800000): Privilege[ 0]: SeChangeNotifyPrivilege Rights (0x 400): Right[ 0]: SeRemoteInteractiveLogonRight [2013/11/07 14:25:03.922920, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 2016 Primary group is 5001 and contains 6 supplementary groups Group[ 0]: 5001 Group[ 1]: 5012 Group[ 2]: 5032 Group[ 3]: 5010 Group[ 4]: 5067 Group[ 5]: 5052 [2013/11/07 14:25:03.923671, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1324(api_pipe_request) Requested \spoolss rpc service [2013/11/07 14:25:03.923778, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1356(api_rpcTNP) api_rpcTNP: \spoolss op 0x1d - api_rpcTNP: rpc command: SPOOLSS_CLOSEPRINTER [2013/11/07 14:25:03.923885, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1390(api_rpcTNP) api_rpc_cmds[29].fn == 0xb766a170 [2013/11/07 14:25:03.923973, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) spoolss_ClosePrinter: struct spoolss_ClosePrinter in: struct spoolss_ClosePrinter handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001e9-0000-0000-7b52-af947f2c0000 [2013/11/07 14:25:03.925464, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 E9 01 00 00 00 00 00 00 7B 52 AF 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:03.926472, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 E9 01 00 00 00 00 00 00 7B 52 AF 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:03.926667, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 E9 01 00 00 00 00 00 00 7B 52 AF 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:03.926818, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:25:03.926903, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) spoolss_ClosePrinter: struct spoolss_ClosePrinter out: struct spoolss_ClosePrinter handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:25:03.927242, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1417(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2013/11/07 14:25:03.928476, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (2016, 5001) - sec_ctx_stack_ndx = 0 [2013/11/07 14:25:03.928610, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 28 smbd_smb2_request_pending_queue: req->current_idx = 1 req->in.vector[0].iov_len = 0 req->in.vector[1].iov_len = 0 req->in.vector[2].iov_len = 64 req->in.vector[3].iov_len = 56 req->in.vector[4].iov_len = 44 req->out.vector[0].iov_len = 4 req->out.vector[1].iov_len = 0 req->out.vector[2].iov_len = 64 req->out.vector[3].iov_len = 8 req->out.vector[4].iov_len = 0 [2013/11/07 14:25:03.929125, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:128(smbd_smb2_ioctl_pipe_write_done) smbd_smb2_ioctl_pipe_write_done: received 44 [2013/11/07 14:25:03.929209, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:149(smbd_smb2_ioctl_pipe_write_done) smbd_smb2_ioctl_pipe_write_done: issuing np_read_send of size 4136 [2013/11/07 14:25:03.930377, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) name: \spoolss len: 4136 [2013/11/07 14:25:03.930469, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:347(read_from_internal_pipe) read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 24. [2013/11/07 14:25:03.930621, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0030 (48) auth_length : 0x0000 (0) call_id : 0x00000005 (5) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00000018 (24) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=24 [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0010] 00 00 00 00 00 00 00 00 ........ [2013/11/07 14:25:03.931871, 3, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) free_pipe_context: destroying talloc pool of size 25 [2013/11/07 14:25:03.931990, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 48 bytes. There is no more data outstanding [2013/11/07 14:25:03.932072, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:178(smbd_smb2_ioctl_pipe_read_done) smbd_smb2_ioctl_pipe_read_done: np_read_recv nread = 48 is_data_outstanding = 0, status = NT_STATUS_OK [2013/11/07 14:25:03.932160, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl.c:291(smbd_smb2_request_ioctl_done) smbd_smb2_request_ioctl_done: smbd_smb2_ioctl_recv returned 48 status NT_STATUS_OK [2013/11/07 14:25:03.932244, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[48] dyn[yes:48] at ../source3/smbd/smb2_ioctl.c:358 [2013/11/07 14:25:03.934339, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/272/127 [2013/11/07 14:25:03.936052, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) smbd_smb2_request_incoming: idx[1] of 5 vectors [2013/11/07 14:25:03.936167, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) smb2_validate_sequence_number: clearing id 272 (position 272) from bitmap [2013/11/07 14:25:03.936322, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) smbd_smb2_request_dispatch: opcode[SMB2_OP_CLOSE] mid = 272 [2013/11/07 14:25:03.936580, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2013/11/07 14:25:03.936683, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_close.c:185(smbd_smb2_close) smbd_smb2_close: spoolss - fnum 267029485 [2013/11/07 14:25:03.936784, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap.c:187(dbwrap_check_lock_order) check lock order 1 for /var/run/samba/smbXsrv_open_global.tdb [2013/11/07 14:25:03.937111, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) lock order: 1:/var/run/samba/smbXsrv_open_global.tdb 2: 3: [2013/11/07 14:25:03.937598, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) Locking key B6BCAC32 [2013/11/07 14:25:03.937704, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap_tdb.c:143(db_tdb_fetch_locked_internal) Allocated locked data 0x0xb7c1d250 [2013/11/07 14:25:03.937802, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) Unlocking key B6BCAC32 [2013/11/07 14:25:03.937885, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor) release lock order 1 for /var/run/samba/smbXsrv_open_global.tdb [2013/11/07 14:25:03.937965, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) lock order: 1: 2: 3: [2013/11/07 14:25:03.938077, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/files.c:525(file_free) freed files structure 267029485 (5 used) [2013/11/07 14:25:03.938194, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[60] dyn[no:0] at ../source3/smbd/smb2_close.c:139 [2013/11/07 14:25:03.938399, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/273/127 [2013/11/07 14:25:03.992916, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) smbd_smb2_request_incoming: idx[1] of 5 vectors [2013/11/07 14:25:03.993431, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) smb2_validate_sequence_number: clearing id 273 (position 273) from bitmap [2013/11/07 14:25:03.993653, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) smbd_smb2_request_dispatch: opcode[SMB2_OP_CREATE] mid = 273 [2013/11/07 14:25:03.993939, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2013/11/07 14:25:03.994173, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_create.c:451(smbd_smb2_create_send) smbd_smb2_create: name[spoolss] [2013/11/07 14:25:03.994410, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap.c:187(dbwrap_check_lock_order) check lock order 1 for /var/run/samba/smbXsrv_open_global.tdb [2013/11/07 14:25:03.994614, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) lock order: 1:/var/run/samba/smbXsrv_open_global.tdb 2: 3: [2013/11/07 14:25:03.994830, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) Locking key 1915BB6F [2013/11/07 14:25:03.995062, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap_tdb.c:143(db_tdb_fetch_locked_internal) Allocated locked data 0x0xb8217000 [2013/11/07 14:25:03.995358, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smbXsrv_open.c:695(smbXsrv_open_global_store) [2013/11/07 14:25:03.995491, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smbXsrv_open.c:697(smbXsrv_open_global_store) smbXsrv_open_global_store: key '1915BB6F' stored [2013/11/07 14:25:03.995696, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) &global_blob: struct smbXsrv_open_globalB version : SMBXSRV_VERSION_0 (0) seqnum : 0x00000001 (1) info : union smbXsrv_open_globalU(case 0) info0 : * info0: struct smbXsrv_open_global0 db_rec : * server_id: struct server_id pid : 0x0000000000002c7f (11391) task_id : 0x00000000 (0) vnn : 0xffffffff (4294967295) unique_id : 0xf0a57ba60aba1420 (-1106342180374834144) open_global_id : 0x1915bb6f (420854639) open_persistent_id : 0x000000001915bb6f (420854639) open_volatile_id : 0x00000000c0c309a5 (3234007461) open_owner : S-1-5-21-1094127309-486540266-3527182606-1118 open_time : Do Nov 7 14:25:04 2013 CET create_guid : 00000000-0000-0000-0000-000000000000 client_guid : 4a76dfb5-4795-11e3-be7a-5254003f141e app_instance_id : 00000000-0000-0000-0000-000000000000 disconnect_time : NTTIME(0) durable_timeout_msec : 0x00000000 (0) durable : 0x00 (0) backend_cookie : DATA_BLOB length=0 [2013/11/07 14:25:04.000185, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) Unlocking key 1915BB6F [2013/11/07 14:25:04.000502, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor) release lock order 1 for /var/run/samba/smbXsrv_open_global.tdb [2013/11/07 14:25:04.001343, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) lock order: 1: 2: 3: [2013/11/07 14:25:04.001570, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smbXsrv_open.c:862(smbXsrv_open_create) [2013/11/07 14:25:04.001684, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smbXsrv_open.c:870(smbXsrv_open_create) smbXsrv_open_create: global_id (0x1915bb6f) stored [2013/11/07 14:25:04.001886, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) &open_blob: struct smbXsrv_openB version : SMBXSRV_VERSION_0 (0) reserved : 0x00000000 (0) info : union smbXsrv_openU(case 0) info0 : * info0: struct smbXsrv_open table : * db_rec : NULL local_id : 0xc0c309a5 (3234007461) global : * global: struct smbXsrv_open_global0 db_rec : NULL server_id: struct server_id pid : 0x0000000000002c7f (11391) task_id : 0x00000000 (0) vnn : 0xffffffff (4294967295) unique_id : 0xf0a57ba60aba1420 (-1106342180374834144) open_global_id : 0x1915bb6f (420854639) open_persistent_id : 0x000000001915bb6f (420854639) open_volatile_id : 0x00000000c0c309a5 (3234007461) open_owner : S-1-5-21-1094127309-486540266-3527182606-1118 open_time : Do Nov 7 14:25:04 2013 CET create_guid : 00000000-0000-0000-0000-000000000000 client_guid : 4a76dfb5-4795-11e3-be7a-5254003f141e app_instance_id : 00000000-0000-0000-0000-000000000000 disconnect_time : NTTIME(0) durable_timeout_msec : 0x00000000 (0) durable : 0x00 (0) backend_cookie : DATA_BLOB length=0 status : NT_STATUS_OK idle_time : Do Nov 7 14:25:04 2013 CET compat : NULL [2013/11/07 14:25:04.006082, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/files.c:125(file_new) allocated file structure fnum 3234007461 (6 used) [2013/11/07 14:25:04.006179, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/files.c:713(file_name_hash) file_name_hash: /tmp/spoolss hash 0x7d4e46e5 [2013/11/07 14:25:04.006301, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) Create pipe requested \spoolss [2013/11/07 14:25:04.006428, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 25 for pipe \spoolss [2013/11/07 14:25:04.006640, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) Created internal pipe \spoolss [2013/11/07 14:25:04.006728, 8, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/dosmode.c:631(dos_mode) dos_mode: spoolss [2013/11/07 14:25:04.006875, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_create.c:1053(smbd_smb2_create_send) smbd_smb2_create_send: spoolss - fnum 3234007461 [2013/11/07 14:25:04.007001, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[88] dyn[yes:0] at ../source3/smbd/smb2_create.c:369 [2013/11/07 14:25:04.007091, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/274/127 [2013/11/07 14:25:04.008543, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) smbd_smb2_request_incoming: idx[1] of 5 vectors [2013/11/07 14:25:04.008697, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) smb2_validate_sequence_number: clearing id 274 (position 274) from bitmap [2013/11/07 14:25:04.008818, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) smbd_smb2_request_dispatch: opcode[SMB2_OP_WRITE] mid = 274 [2013/11/07 14:25:04.008991, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2013/11/07 14:25:04.009118, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) mid 274, CreditCharge: 1, NeededCharge: 1 [2013/11/07 14:25:04.009302, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_write.c:271(smbd_smb2_write_send) smbd_smb2_write: spoolss - fnum 3234007461 [2013/11/07 14:25:04.009432, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 160 [2013/11/07 14:25:04.009546, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 160 [2013/11/07 14:25:04.009629, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 160 [2013/11/07 14:25:04.009727, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) fill_rpc_header: data_to_copy = 160, len_needed_to_complete_hdr = 16, receive_len = 0 [2013/11/07 14:25:04.009845, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 16 [2013/11/07 14:25:04.009983, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 144 [2013/11/07 14:25:04.010103, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 144 [2013/11/07 14:25:04.010198, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 0 [2013/11/07 14:25:04.010321, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 144 [2013/11/07 14:25:04.010408, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 144, incoming data = 144 [2013/11/07 14:25:04.010492, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) PDU is in Little Endian format! [2013/11/07 14:25:04.010595, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_BIND (11) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x00a0 (160) auth_length : 0x0000 (0) call_id : 0x00000002 (2) u : union dcerpc_payload(case 11) bind: struct dcerpc_bind max_xmit_frag : 0x10b8 (4280) max_recv_frag : 0x10b8 (4280) assoc_group_id : 0x00000000 (0) num_contexts : 0x03 (3) ctx_list: ARRAY(3) ctx_list: struct dcerpc_ctx_list context_id : 0x0000 (0) num_transfer_syntaxes : 0x01 (1) abstract_syntax: struct ndr_syntax_id uuid : 12345678-1234-abcd-ef00-0123456789ab if_version : 0x00000001 (1) transfer_syntaxes: ARRAY(1) transfer_syntaxes: struct ndr_syntax_id uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 if_version : 0x00000002 (2) ctx_list: struct dcerpc_ctx_list context_id : 0x0001 (1) num_transfer_syntaxes : 0x01 (1) abstract_syntax: struct ndr_syntax_id uuid : 12345678-1234-abcd-ef00-0123456789ab if_version : 0x00000001 (1) transfer_syntaxes: ARRAY(1) transfer_syntaxes: struct ndr_syntax_id uuid : 71710533-beba-4937-8319-b5dbef9ccc36 if_version : 0x00000001 (1) ctx_list: struct dcerpc_ctx_list context_id : 0x0002 (2) num_transfer_syntaxes : 0x01 (1) abstract_syntax: struct ndr_syntax_id uuid : 12345678-1234-abcd-ef00-0123456789ab if_version : 0x00000001 (1) transfer_syntaxes: ARRAY(1) transfer_syntaxes: struct ndr_syntax_id uuid : 6cb71c2c-9812-4540-0300-000000000000 if_version : 0x00000001 (1) auth_info : DATA_BLOB length=0 [2013/11/07 14:25:04.012787, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) Processing packet type 11 [2013/11/07 14:25:04.012873, 3, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:693(api_pipe_bind_req) api_pipe_bind_req: spoolss -> spoolss rpc service [2013/11/07 14:25:04.012957, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:724(api_pipe_bind_req) api_pipe_bind_req: make response. 724 [2013/11/07 14:25:04.013038, 3, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:342(check_bind_req) check_bind_req for \spoolss [2013/11/07 14:25:04.013124, 3, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:349(check_bind_req) check_bind_req: spoolss -> spoolss rpc service [2013/11/07 14:25:04.013207, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 26 for pipe \spoolss [2013/11/07 14:25:04.013331, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_BIND_ACK (12) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0044 (68) auth_length : 0x0000 (0) call_id : 0x00000002 (2) u : union dcerpc_payload(case 12) bind_ack: struct dcerpc_bind_ack max_xmit_frag : 0x10b8 (4280) max_recv_frag : 0x10b8 (4280) assoc_group_id : 0x000053f0 (21488) secondary_address_size : 0x000e (14) secondary_address : '\PIPE\spoolss' _pad1 : DATA_BLOB length=0 num_results : 0x01 (1) ctx_list: ARRAY(1) ctx_list: struct dcerpc_ack_ctx result : 0x0000 (0) reason : 0x0000 (0) syntax: struct ndr_syntax_id uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 if_version : 0x00000002 (2) auth_info : DATA_BLOB length=0 [2013/11/07 14:25:04.014545, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 144 smbd_smb2_request_pending_queue: req->current_idx = 1 req->in.vector[0].iov_len = 0 req->in.vector[1].iov_len = 0 req->in.vector[2].iov_len = 64 req->in.vector[3].iov_len = 48 req->in.vector[4].iov_len = 160 req->out.vector[0].iov_len = 4 req->out.vector[1].iov_len = 0 req->out.vector[2].iov_len = 64 req->out.vector[3].iov_len = 8 req->out.vector[4].iov_len = 0 [2013/11/07 14:25:04.015059, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[16] dyn[yes:0] at ../source3/smbd/smb2_write.c:150 [2013/11/07 14:25:04.015149, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/275/127 [2013/11/07 14:25:04.016332, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) smbd_smb2_request_incoming: idx[1] of 5 vectors [2013/11/07 14:25:04.016494, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) smb2_validate_sequence_number: clearing id 275 (position 275) from bitmap [2013/11/07 14:25:04.016631, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) smbd_smb2_request_dispatch: opcode[SMB2_OP_READ] mid = 275 [2013/11/07 14:25:04.016735, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2013/11/07 14:25:04.016827, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) mid 275, CreditCharge: 1, NeededCharge: 1 [2013/11/07 14:25:04.016909, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_read.c:400(smbd_smb2_read_send) smbd_smb2_read: spoolss - fnum 3234007461 [2013/11/07 14:25:04.016999, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) name: \spoolss len: 1024 [2013/11/07 14:25:04.017085, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:326(read_from_internal_pipe) read_from_pipe: \spoolss: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. [2013/11/07 14:25:04.017171, 3, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) free_pipe_context: destroying talloc pool of size 25 smbd_smb2_request_pending_queue: req->current_idx = 1 req->in.vector[0].iov_len = 0 req->in.vector[1].iov_len = 0 req->in.vector[2].iov_len = 64 req->in.vector[3].iov_len = 48 req->in.vector[4].iov_len = 1 req->out.vector[0].iov_len = 4 req->out.vector[1].iov_len = 0 req->out.vector[2].iov_len = 64 req->out.vector[3].iov_len = 8 req->out.vector[4].iov_len = 0 [2013/11/07 14:25:04.017707, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 68 bytes. There is no more data outstanding [2013/11/07 14:25:04.017792, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[16] dyn[yes:68] at ../source3/smbd/smb2_read.c:154 [2013/11/07 14:25:04.017877, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/276/127 [2013/11/07 14:25:04.018881, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) smbd_smb2_request_incoming: idx[1] of 5 vectors [2013/11/07 14:25:04.018994, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) smb2_validate_sequence_number: clearing id 276 (position 276) from bitmap [2013/11/07 14:25:04.019123, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) smbd_smb2_request_dispatch: opcode[SMB2_OP_IOCTL] mid = 276 [2013/11/07 14:25:04.019241, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2013/11/07 14:25:04.019330, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) mid 276, CreditCharge: 1, NeededCharge: 1 [2013/11/07 14:25:04.019413, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl.c:394(smbd_smb2_ioctl_send) smbd_smb2_ioctl: ctl_code[0x0011c017] spoolss, fnum 3234007461 [2013/11/07 14:25:04.019500, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:59(smb2_ioctl_named_pipe) smbd_smb2_ioctl_send: np_write_send of size 192 [2013/11/07 14:25:04.019582, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 192 [2013/11/07 14:25:04.019663, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 192 [2013/11/07 14:25:04.019778, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 192 [2013/11/07 14:25:04.019861, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) fill_rpc_header: data_to_copy = 192, len_needed_to_complete_hdr = 16, receive_len = 0 [2013/11/07 14:25:04.019943, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 16 [2013/11/07 14:25:04.020022, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 176 [2013/11/07 14:25:04.020148, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 176 [2013/11/07 14:25:04.020232, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 0 [2013/11/07 14:25:04.020311, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 176 [2013/11/07 14:25:04.020421, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 176, incoming data = 176 [2013/11/07 14:25:04.020508, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) PDU is in Little Endian format! [2013/11/07 14:25:04.020600, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x00c0 (192) auth_length : 0x0000 (0) call_id : 0x00000002 (2) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x000000a8 (168) context_id : 0x0000 (0) opnum : 0x0045 (69) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=168 [0000] 00 00 02 00 13 00 00 00 00 00 00 00 13 00 00 00 ........ ........ [0010] 5C 00 5C 00 53 00 4C 00 41 00 56 00 45 00 52 00 \.\.S.L. A.V.E.R. [0020] 5C 00 73 00 70 00 72 00 69 00 6E 00 74 00 65 00 \.s.p.r. i.n.t.e. [0030] 72 00 31 00 00 00 00 00 00 00 00 00 00 00 00 00 r.1..... ........ [0040] 00 00 00 00 00 00 00 00 01 00 00 00 01 00 00 00 ........ ........ [0050] 04 00 02 00 28 00 00 00 08 00 02 00 0C 00 02 00 ....(... ........ [0060] 80 25 00 00 03 00 00 00 00 00 00 00 09 00 00 00 .%...... ........ [0070] 05 00 00 00 00 00 00 00 05 00 00 00 57 00 49 00 ........ ....W.I. [0080] 4E 00 38 00 00 00 00 00 0A 00 00 00 00 00 00 00 N.8..... ........ [0090] 0A 00 00 00 46 00 46 00 46 00 5C 00 74 00 65 00 ....F.F. F.\.t.e. [00A0] 73 00 74 00 38 00 00 00 s.t.8... [2013/11/07 14:25:04.022327, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) Processing packet type 0 [2013/11/07 14:25:04.022409, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1472(dcesrv_auth_request) Checking request auth. [2013/11/07 14:25:04.022495, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(2016, 5001) : sec_ctx_stack_ndx = 1 [2013/11/07 14:25:04.022589, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (2016, 5001) - sec_ctx_stack_ndx = 1 [2013/11/07 14:25:04.022674, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (7): SID[ 0]: S-1-5-21-1094127309-486540266-3527182606-1118 SID[ 1]: S-1-5-21-1094127309-486540266-3527182606-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-32-545 SID[ 6]: S-1-5-32-554 Privileges (0x 800000): Privilege[ 0]: SeChangeNotifyPrivilege Rights (0x 400): Right[ 0]: SeRemoteInteractiveLogonRight [2013/11/07 14:25:04.023164, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 2016 Primary group is 5001 and contains 6 supplementary groups Group[ 0]: 5001 Group[ 1]: 5012 Group[ 2]: 5032 Group[ 3]: 5010 Group[ 4]: 5067 Group[ 5]: 5052 [2013/11/07 14:25:04.023512, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1324(api_pipe_request) Requested \spoolss rpc service [2013/11/07 14:25:04.023598, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1356(api_rpcTNP) api_rpcTNP: \spoolss op 0x45 - api_rpcTNP: rpc command: SPOOLSS_OPENPRINTEREX [2013/11/07 14:25:04.023684, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1390(api_rpcTNP) api_rpc_cmds[69].fn == 0xb7662e70 [2013/11/07 14:25:04.023783, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) spoolss_OpenPrinterEx: struct spoolss_OpenPrinterEx in: struct spoolss_OpenPrinterEx printername : * printername : '\\SLAVER\sprinter1' datatype : NULL devmode_ctr: struct spoolss_DevmodeContainer _ndr_size : 0x00000000 (0) devmode : NULL access_mask : 0x00000000 (0) 0: SERVER_ACCESS_ADMINISTER 0: SERVER_ACCESS_ENUMERATE 0: PRINTER_ACCESS_ADMINISTER 0: PRINTER_ACCESS_USE 0: JOB_ACCESS_ADMINISTER 0: JOB_ACCESS_READ userlevel_ctr: struct spoolss_UserLevelCtr level : 0x00000001 (1) user_info : union spoolss_UserLevel(case 1) level1 : * level1: struct spoolss_UserLevel1 size : 0x00000028 (40) client : * client : 'WIN8' user : * user : 'FFF\test8' build : 0x00002580 (9600) major : UNKNOWN_ENUM_VALUE (3) minor : SPOOLSS_MINOR_VERSION_0 (0) processor : PROCESSOR_ARCHITECTURE_AMD64 (9) checking name: \\SLAVER\sprinter1 [2013/11/07 14:25:04.025585, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:737(open_printer_hnd) open_printer_hnd: name [\\SLAVER\sprinter1] [2013/11/07 14:25:04.025684, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[6] [0000] 00 00 00 00 F6 01 00 00 00 00 00 00 7B 52 B0 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:04.025837, 3, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:506(set_printer_hnd_printertype) Setting printer type=\\SLAVER\sprinter1 Printer is a printer [2013/11/07 14:25:04.025956, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:566(set_printer_hnd_name) Setting printer name=\\SLAVER\sprinter1 (len=18) searching for [sprinter1] [2013/11/07 14:25:04.026122, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=tdb] ../source3/lib/gencache.c:275(gencache_set_data_blob) Did not store value for PRINTERNAME/sprinter1, we already got it set_printer_hnd_name: Printer found: sprinter1 -> sprinter1 [2013/11/07 14:25:04.026240, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:773(open_printer_hnd) 6 printer handles active [2013/11/07 14:25:04.026321, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 F6 01 00 00 00 00 00 00 7B 52 B0 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:04.026472, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 F6 01 00 00 00 00 00 00 7B 52 B0 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:04.026621, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:489(get_printer_snum) short name:sprinter1 [2013/11/07 14:25:04.026729, 3, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/access.c:338(allow_access) Allowed connection from 10.200.7.61 (10.200.7.61) [2013/11/07 14:25:04.026953, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/share_access.c:237(user_ok_token) user_ok_token: share sprinter1 is ok for unix user test8 [2013/11/07 14:25:04.027117, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) Create pipe requested \winreg [2013/11/07 14:25:04.027231, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:221(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \winreg [2013/11/07 14:25:04.027314, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg [2013/11/07 14:25:04.027448, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) Created internal pipe \winreg [2013/11/07 14:25:04.027559, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:25:04.028064, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2013/11/07 14:25:04.028150, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(2016, 5001) : sec_ctx_stack_ndx = 2 [2013/11/07 14:25:04.028238, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:485(push_conn_ctx) push_conn_ctx(2620291195) : conn_ctx_stack_ndx = 0 [2013/11/07 14:25:04.028320, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/11/07 14:25:04.028445, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/11/07 14:25:04.028530, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/11/07 14:25:04.028780, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (2016, 5001) - sec_ctx_stack_ndx = 1 [2013/11/07 14:25:04.028865, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:866(regdb_open) regdb_open: registry db opened. refcount reset (1) [2013/11/07 14:25:04.028953, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2013/11/07 14:25:04.029034, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2013/11/07 14:25:04.029119, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:04.029199, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM] [2013/11/07 14:25:04.029368, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2013/11/07 14:25:04.029475, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:25:04.029577, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 F7 01 00 00 00 00 00 00 7B 52 B0 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:04.029729, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001f7-0000-0000-7b52-b0947f2c0000 result : WERR_OK [2013/11/07 14:25:04.030095, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001f7-0000-0000-7b52-b0947f2c0000 keyname: struct winreg_String name_len : 0x008c (140) name_size : 0x008c (140) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:25:04.031099, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 F7 01 00 00 00 00 00 00 7B 52 B0 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:04.031256, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2013/11/07 14:25:04.031338, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (1->2) [2013/11/07 14:25:04.031422, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2013/11/07 14:25:04.031502, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2013/11/07 14:25:04.031586, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:04.031665, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE] [2013/11/07 14:25:04.031778, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2013/11/07 14:25:04.031879, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2013/11/07 14:25:04.031976, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (2->3) [2013/11/07 14:25:04.032061, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:25:04.032140, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:25:04.032225, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:04.032304, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:25:04.032451, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2013/11/07 14:25:04.032557, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2013/11/07 14:25:04.032640, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (3->4) [2013/11/07 14:25:04.032724, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:25:04.032804, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:25:04.032888, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:04.032967, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:25:04.033071, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:25:04.033173, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2013/11/07 14:25:04.033254, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (4->5) [2013/11/07 14:25:04.033357, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:25:04.033436, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:25:04.033731, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:04.033816, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:25:04.033960, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2013/11/07 14:25:04.034044, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (5->6) [2013/11/07 14:25:04.034130, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:25:04.034211, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:25:04.034298, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:04.034611, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:25:04.034731, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2013/11/07 14:25:04.034815, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (6->7) [2013/11/07 14:25:04.034900, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:25:04.034981, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:25:04.035071, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:04.035151, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:25:04.035256, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:25:04.035359, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [sprinter1] [2013/11/07 14:25:04.035633, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (7->8) [2013/11/07 14:25:04.035721, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:04.035803, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:04.035892, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:04.035971, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:04.036121, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:04.036228, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:25:04.036314, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (8->7) [2013/11/07 14:25:04.036440, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (7->6) [2013/11/07 14:25:04.036529, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (6->5) [2013/11/07 14:25:04.036612, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (5->4) [2013/11/07 14:25:04.036696, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (4->3) [2013/11/07 14:25:04.036779, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (3->2) [2013/11/07 14:25:04.036864, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 F8 01 00 00 00 00 00 00 7B 52 B0 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:04.037016, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001f8-0000-0000-7b52-b0947f2c0000 result : WERR_OK [2013/11/07 14:25:04.037798, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001f8-0000-0000-7b52-b0947f2c0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2013/11/07 14:25:04.038595, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 F8 01 00 00 00 00 00 00 7B 52 B0 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:04.038749, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:04.038852, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2013/11/07 14:25:04.038936, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' (ops 0xb6d86bc0) [2013/11/07 14:25:04.039021, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:04.039149, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[0]: name[Attributes] len[4] [2013/11/07 14:25:04.039235, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[1]: name[Description] len[2] [2013/11/07 14:25:04.039320, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[2]: name[Datatype] len[8] [2013/11/07 14:25:04.039404, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[3]: name[Default Priority] len[4] [2013/11/07 14:25:04.039489, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[4]: name[Port] len[38] [2013/11/07 14:25:04.039574, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[5]: name[Name] len[20] [2013/11/07 14:25:04.039659, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[6]: name[Print Processor] len[18] [2013/11/07 14:25:04.039744, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[7]: name[Priority] len[4] [2013/11/07 14:25:04.039829, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[8]: name[Security] len[248] [2013/11/07 14:25:04.039915, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[9]: name[Share Name] len[20] [2013/11/07 14:25:04.040001, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[10]: name[StartTime] len[4] [2013/11/07 14:25:04.040086, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[11]: name[UntilTime] len[4] [2013/11/07 14:25:04.040709, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[12]: name[ChangeID] len[4] [2013/11/07 14:25:04.040824, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : NULL data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x00000000 (0) result : WERR_OK [2013/11/07 14:25:04.041356, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001f8-0000-0000-7b52-b0947f2c0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_BINARY (3) data : * data: ARRAY(0) data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x00000000 (0) [2013/11/07 14:25:04.042174, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 F8 01 00 00 00 00 00 00 7B 52 B0 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:04.042324, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:04.042407, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2013/11/07 14:25:04.042496, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : * data: ARRAY(248) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0xc4 (196) [55] : 0x00 (0) [56] : 0x07 (7) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x24 (36) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x05 (5) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x15 (21) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0xcd (205) [101] : 0x0e (14) [102] : 0x37 (55) [103] : 0x41 (65) [104] : 0xea (234) [105] : 0x03 (3) [106] : 0x00 (0) [107] : 0x1d (29) [108] : 0x0e (14) [109] : 0x89 (137) [110] : 0x3c (60) [111] : 0xd2 (210) [112] : 0x00 (0) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x02 (2) [118] : 0x24 (36) [119] : 0x00 (0) [120] : 0x0c (12) [121] : 0x00 (0) [122] : 0x0f (15) [123] : 0x10 (16) [124] : 0x01 (1) [125] : 0x05 (5) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x05 (5) [132] : 0x15 (21) [133] : 0x00 (0) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0xcd (205) [137] : 0x0e (14) [138] : 0x37 (55) [139] : 0x41 (65) [140] : 0xea (234) [141] : 0x03 (3) [142] : 0x00 (0) [143] : 0x1d (29) [144] : 0x0e (14) [145] : 0x89 (137) [146] : 0x3c (60) [147] : 0xd2 (210) [148] : 0x00 (0) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x09 (9) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x20 (32) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x02 (2) [178] : 0x18 (24) [179] : 0x00 (0) [180] : 0x0c (12) [181] : 0x00 (0) [182] : 0x0f (15) [183] : 0x10 (16) [184] : 0x01 (1) [185] : 0x02 (2) [186] : 0x00 (0) [187] : 0x00 (0) [188] : 0x00 (0) [189] : 0x00 (0) [190] : 0x00 (0) [191] : 0x05 (5) [192] : 0x20 (32) [193] : 0x00 (0) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x20 (32) [197] : 0x02 (2) [198] : 0x00 (0) [199] : 0x00 (0) [200] : 0x00 (0) [201] : 0x09 (9) [202] : 0x18 (24) [203] : 0x00 (0) [204] : 0x0c (12) [205] : 0x00 (0) [206] : 0x0f (15) [207] : 0x10 (16) [208] : 0x01 (1) [209] : 0x02 (2) [210] : 0x00 (0) [211] : 0x00 (0) [212] : 0x00 (0) [213] : 0x00 (0) [214] : 0x00 (0) [215] : 0x05 (5) [216] : 0x20 (32) [217] : 0x00 (0) [218] : 0x00 (0) [219] : 0x00 (0) [220] : 0x26 (38) [221] : 0x02 (2) [222] : 0x00 (0) [223] : 0x00 (0) [224] : 0x00 (0) [225] : 0x02 (2) [226] : 0x18 (24) [227] : 0x00 (0) [228] : 0x0c (12) [229] : 0x00 (0) [230] : 0x0f (15) [231] : 0x10 (16) [232] : 0x01 (1) [233] : 0x02 (2) [234] : 0x00 (0) [235] : 0x00 (0) [236] : 0x00 (0) [237] : 0x00 (0) [238] : 0x00 (0) [239] : 0x05 (5) [240] : 0x20 (32) [241] : 0x00 (0) [242] : 0x00 (0) [243] : 0x00 (0) [244] : 0x26 (38) [245] : 0x02 (2) [246] : 0x00 (0) [247] : 0x00 (0) data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x000000f8 (248) result : WERR_OK [2013/11/07 14:25:04.053005, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001f8-0000-0000-7b52-b0947f2c0000 [2013/11/07 14:25:04.053324, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 F8 01 00 00 00 00 00 00 7B 52 B0 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:04.053477, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 F8 01 00 00 00 00 00 00 7B 52 B0 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:04.053624, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:25:04.053713, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (2->1) [2013/11/07 14:25:04.053796, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:25:04.054136, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001f7-0000-0000-7b52-b0947f2c0000 [2013/11/07 14:25:04.054417, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 F7 01 00 00 00 00 00 00 7B 52 B0 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:04.054568, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 F7 01 00 00 00 00 00 00 7B 52 B0 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:04.054732, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:25:04.054814, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (1->0) [2013/11/07 14:25:04.054920, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:25:04.055253, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:416(close_policy_by_pipe) Deleted handle list for RPC connection \winreg [2013/11/07 14:25:04.055346, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x20020008 to 0x00020008 [2013/11/07 14:25:04.055427, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2013/11/07 14:25:04.055507, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2013/11/07 14:25:04.055588, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2013/11/07 14:25:04.055667, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2013/11/07 14:25:04.055747, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2013/11/07 14:25:04.055827, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2013/11/07 14:25:04.056927, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/printing/nt_printing.c:1844(print_access_check) access check was SUCCESS [2013/11/07 14:25:04.057355, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:1921(_spoolss_OpenPrinterEx) Setting printer access = PRINTER_ACCESS_USE [2013/11/07 14:25:04.057543, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) Create pipe requested \winreg [2013/11/07 14:25:04.057643, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:221(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \winreg [2013/11/07 14:25:04.057726, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg [2013/11/07 14:25:04.057873, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) Created internal pipe \winreg [2013/11/07 14:25:04.057978, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:25:04.058506, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2013/11/07 14:25:04.058592, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(2016, 5001) : sec_ctx_stack_ndx = 2 [2013/11/07 14:25:04.058680, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:485(push_conn_ctx) push_conn_ctx(2620291195) : conn_ctx_stack_ndx = 0 [2013/11/07 14:25:04.058762, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/11/07 14:25:04.058843, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/11/07 14:25:04.058923, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/11/07 14:25:04.059179, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (2016, 5001) - sec_ctx_stack_ndx = 1 [2013/11/07 14:25:04.059264, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:866(regdb_open) regdb_open: registry db opened. refcount reset (1) [2013/11/07 14:25:04.059351, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2013/11/07 14:25:04.059431, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2013/11/07 14:25:04.059515, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:04.059594, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM] [2013/11/07 14:25:04.059726, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2013/11/07 14:25:04.059829, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:25:04.059917, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 F9 01 00 00 00 00 00 00 7B 52 B0 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:04.060069, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001f9-0000-0000-7b52-b0947f2c0000 result : WERR_OK [2013/11/07 14:25:04.060667, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001f9-0000-0000-7b52-b0947f2c0000 keyname: struct winreg_String name_len : 0x008c (140) name_size : 0x008c (140) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:25:04.061807, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 F9 01 00 00 00 00 00 00 7B 52 B0 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:04.061968, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2013/11/07 14:25:04.062052, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (1->2) [2013/11/07 14:25:04.062137, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2013/11/07 14:25:04.062216, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2013/11/07 14:25:04.062301, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:04.062380, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE] [2013/11/07 14:25:04.062496, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2013/11/07 14:25:04.062598, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2013/11/07 14:25:04.062681, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (2->3) [2013/11/07 14:25:04.062765, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:25:04.062844, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:25:04.062928, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:04.063006, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:25:04.063126, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2013/11/07 14:25:04.063226, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2013/11/07 14:25:04.063308, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (3->4) [2013/11/07 14:25:04.063393, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:25:04.063473, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:25:04.063557, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:04.063635, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:25:04.063737, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:25:04.063838, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2013/11/07 14:25:04.063919, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (4->5) [2013/11/07 14:25:04.064005, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:25:04.064084, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:25:04.064169, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:04.064248, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:25:04.064371, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2013/11/07 14:25:04.064492, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (5->6) [2013/11/07 14:25:04.064577, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:25:04.064658, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:25:04.064747, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:04.064839, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:25:04.064950, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2013/11/07 14:25:04.065033, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (6->7) [2013/11/07 14:25:04.065118, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:25:04.065199, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:25:04.065314, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:04.065395, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:25:04.065504, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:25:04.065608, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [sprinter1] [2013/11/07 14:25:04.065690, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (7->8) [2013/11/07 14:25:04.065776, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:04.065857, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:04.065945, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:04.066024, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:04.066150, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:04.066253, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:25:04.066339, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (8->7) [2013/11/07 14:25:04.066423, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (7->6) [2013/11/07 14:25:04.066507, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (6->5) [2013/11/07 14:25:04.066605, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (5->4) [2013/11/07 14:25:04.066688, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (4->3) [2013/11/07 14:25:04.066771, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (3->2) [2013/11/07 14:25:04.066857, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 FA 01 00 00 00 00 00 00 7B 52 B0 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:04.067009, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001fa-0000-0000-7b52-b0947f2c0000 result : WERR_OK [2013/11/07 14:25:04.067350, 2, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/rpc_client/cli_winreg_spoolss.c:626(winreg_create_printer) winreg_create_printer: Skipping, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1 already exists [2013/11/07 14:25:04.067449, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001fa-0000-0000-7b52-b0947f2c0000 [2013/11/07 14:25:04.067729, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 FA 01 00 00 00 00 00 00 7B 52 B0 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:04.067879, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 FA 01 00 00 00 00 00 00 7B 52 B0 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:04.068026, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:25:04.068108, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (2->1) [2013/11/07 14:25:04.068190, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:25:04.068565, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001f9-0000-0000-7b52-b0947f2c0000 [2013/11/07 14:25:04.068860, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 F9 01 00 00 00 00 00 00 7B 52 B0 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:04.069014, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 F9 01 00 00 00 00 00 00 7B 52 B0 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:04.069166, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:25:04.069248, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (1->0) [2013/11/07 14:25:04.069359, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:25:04.069692, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:416(close_policy_by_pipe) Deleted handle list for RPC connection \winreg [2013/11/07 14:25:04.069784, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) spoolss_OpenPrinterEx: struct spoolss_OpenPrinterEx out: struct spoolss_OpenPrinterEx handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001f6-0000-0000-7b52-b0947f2c0000 result : WERR_OK [2013/11/07 14:25:04.070111, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1417(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2013/11/07 14:25:04.070213, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (2016, 5001) - sec_ctx_stack_ndx = 0 [2013/11/07 14:25:04.070299, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 176 smbd_smb2_request_pending_queue: req->current_idx = 1 req->in.vector[0].iov_len = 0 req->in.vector[1].iov_len = 0 req->in.vector[2].iov_len = 64 req->in.vector[3].iov_len = 56 req->in.vector[4].iov_len = 192 req->out.vector[0].iov_len = 4 req->out.vector[1].iov_len = 0 req->out.vector[2].iov_len = 64 req->out.vector[3].iov_len = 8 req->out.vector[4].iov_len = 0 [2013/11/07 14:25:04.070806, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:128(smbd_smb2_ioctl_pipe_write_done) smbd_smb2_ioctl_pipe_write_done: received 192 [2013/11/07 14:25:04.070889, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:149(smbd_smb2_ioctl_pipe_write_done) smbd_smb2_ioctl_pipe_write_done: issuing np_read_send of size 1024 [2013/11/07 14:25:04.070975, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) name: \spoolss len: 1024 [2013/11/07 14:25:04.071058, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:347(read_from_internal_pipe) read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 24. [2013/11/07 14:25:04.071168, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0030 (48) auth_length : 0x0000 (0) call_id : 0x00000002 (2) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00000018 (24) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=24 [0000] 00 00 00 00 F6 01 00 00 00 00 00 00 7B 52 B0 94 ........ ....{R.. [0010] 7F 2C 00 00 00 00 00 00 .,...... [2013/11/07 14:25:04.073038, 3, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) free_pipe_context: destroying talloc pool of size 61 [2013/11/07 14:25:04.073143, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 48 bytes. There is no more data outstanding [2013/11/07 14:25:04.073225, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:178(smbd_smb2_ioctl_pipe_read_done) smbd_smb2_ioctl_pipe_read_done: np_read_recv nread = 48 is_data_outstanding = 0, status = NT_STATUS_OK [2013/11/07 14:25:04.073328, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl.c:291(smbd_smb2_request_ioctl_done) smbd_smb2_request_ioctl_done: smbd_smb2_ioctl_recv returned 48 status NT_STATUS_OK [2013/11/07 14:25:04.073413, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[48] dyn[yes:48] at ../source3/smbd/smb2_ioctl.c:358 [2013/11/07 14:25:04.073501, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/277/127 [2013/11/07 14:25:04.085053, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) smbd_smb2_request_incoming: idx[1] of 5 vectors [2013/11/07 14:25:04.085274, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) smb2_validate_sequence_number: clearing id 277 (position 277) from bitmap [2013/11/07 14:25:04.085379, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) smbd_smb2_request_dispatch: opcode[SMB2_OP_CREATE] mid = 277 [2013/11/07 14:25:04.085498, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2013/11/07 14:25:04.085601, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_create.c:451(smbd_smb2_create_send) smbd_smb2_create: name[spoolss] [2013/11/07 14:25:04.085704, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap.c:187(dbwrap_check_lock_order) check lock order 1 for /var/run/samba/smbXsrv_open_global.tdb [2013/11/07 14:25:04.085810, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) lock order: 1:/var/run/samba/smbXsrv_open_global.tdb 2: 3: [2013/11/07 14:25:04.085901, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) Locking key 77E530F9 [2013/11/07 14:25:04.086001, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap_tdb.c:143(db_tdb_fetch_locked_internal) Allocated locked data 0x0xb812e2c8 [2013/11/07 14:25:04.086135, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smbXsrv_open.c:695(smbXsrv_open_global_store) [2013/11/07 14:25:04.086182, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smbXsrv_open.c:697(smbXsrv_open_global_store) smbXsrv_open_global_store: key '77E530F9' stored [2013/11/07 14:25:04.086552, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) &global_blob: struct smbXsrv_open_globalB version : SMBXSRV_VERSION_0 (0) seqnum : 0x00000001 (1) info : union smbXsrv_open_globalU(case 0) info0 : * info0: struct smbXsrv_open_global0 db_rec : * server_id: struct server_id pid : 0x0000000000002c7f (11391) task_id : 0x00000000 (0) vnn : 0xffffffff (4294967295) unique_id : 0xf0a57ba60aba1420 (-1106342180374834144) open_global_id : 0x77e530f9 (2011508985) open_persistent_id : 0x0000000077e530f9 (2011508985) open_volatile_id : 0x000000007eb2ab20 (2125638432) open_owner : S-1-5-21-1094127309-486540266-3527182606-1118 open_time : Do Nov 7 14:25:04 2013 CET create_guid : 00000000-0000-0000-0000-000000000000 client_guid : 4a76dfb5-4795-11e3-be7a-5254003f141e app_instance_id : 00000000-0000-0000-0000-000000000000 disconnect_time : NTTIME(0) durable_timeout_msec : 0x00000000 (0) durable : 0x00 (0) backend_cookie : DATA_BLOB length=0 [2013/11/07 14:25:04.087619, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) Unlocking key 77E530F9 [2013/11/07 14:25:04.087708, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor) release lock order 1 for /var/run/samba/smbXsrv_open_global.tdb [2013/11/07 14:25:04.087790, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) lock order: 1: 2: 3: [2013/11/07 14:25:04.087874, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smbXsrv_open.c:862(smbXsrv_open_create) [2013/11/07 14:25:04.087919, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smbXsrv_open.c:870(smbXsrv_open_create) smbXsrv_open_create: global_id (0x77e530f9) stored [2013/11/07 14:25:04.088000, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) &open_blob: struct smbXsrv_openB version : SMBXSRV_VERSION_0 (0) reserved : 0x00000000 (0) info : union smbXsrv_openU(case 0) info0 : * info0: struct smbXsrv_open table : * db_rec : NULL local_id : 0x7eb2ab20 (2125638432) global : * global: struct smbXsrv_open_global0 db_rec : NULL server_id: struct server_id pid : 0x0000000000002c7f (11391) task_id : 0x00000000 (0) vnn : 0xffffffff (4294967295) unique_id : 0xf0a57ba60aba1420 (-1106342180374834144) open_global_id : 0x77e530f9 (2011508985) open_persistent_id : 0x0000000077e530f9 (2011508985) open_volatile_id : 0x000000007eb2ab20 (2125638432) open_owner : S-1-5-21-1094127309-486540266-3527182606-1118 open_time : Do Nov 7 14:25:04 2013 CET create_guid : 00000000-0000-0000-0000-000000000000 client_guid : 4a76dfb5-4795-11e3-be7a-5254003f141e app_instance_id : 00000000-0000-0000-0000-000000000000 disconnect_time : NTTIME(0) durable_timeout_msec : 0x00000000 (0) durable : 0x00 (0) backend_cookie : DATA_BLOB length=0 status : NT_STATUS_OK idle_time : Do Nov 7 14:25:04 2013 CET compat : NULL [2013/11/07 14:25:04.090688, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/files.c:125(file_new) allocated file structure fnum 2125638432 (7 used) [2013/11/07 14:25:04.090785, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/files.c:713(file_name_hash) file_name_hash: /tmp/spoolss hash 0x7d4e46e5 [2013/11/07 14:25:04.090905, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) Create pipe requested \spoolss [2013/11/07 14:25:04.090999, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 27 for pipe \spoolss [2013/11/07 14:25:04.091161, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) Created internal pipe \spoolss [2013/11/07 14:25:04.091279, 8, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/dosmode.c:631(dos_mode) dos_mode: spoolss [2013/11/07 14:25:04.091393, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_create.c:1053(smbd_smb2_create_send) smbd_smb2_create_send: spoolss - fnum 2125638432 [2013/11/07 14:25:04.091518, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[88] dyn[yes:0] at ../source3/smbd/smb2_create.c:369 [2013/11/07 14:25:04.091615, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/278/127 [2013/11/07 14:25:04.092808, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) smbd_smb2_request_incoming: idx[1] of 5 vectors [2013/11/07 14:25:04.092924, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) smb2_validate_sequence_number: clearing id 278 (position 278) from bitmap [2013/11/07 14:25:04.093010, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) smbd_smb2_request_dispatch: opcode[SMB2_OP_WRITE] mid = 278 [2013/11/07 14:25:04.093115, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2013/11/07 14:25:04.093227, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) mid 278, CreditCharge: 1, NeededCharge: 1 [2013/11/07 14:25:04.093371, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_write.c:271(smbd_smb2_write_send) smbd_smb2_write: spoolss - fnum 2125638432 [2013/11/07 14:25:04.093464, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 160 [2013/11/07 14:25:04.093547, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 160 [2013/11/07 14:25:04.093628, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 160 [2013/11/07 14:25:04.093709, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) fill_rpc_header: data_to_copy = 160, len_needed_to_complete_hdr = 16, receive_len = 0 [2013/11/07 14:25:04.093792, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 16 [2013/11/07 14:25:04.093871, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 144 [2013/11/07 14:25:04.093950, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 144 [2013/11/07 14:25:04.094034, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 0 [2013/11/07 14:25:04.094112, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 144 [2013/11/07 14:25:04.094306, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 144, incoming data = 144 [2013/11/07 14:25:04.094392, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) PDU is in Little Endian format! [2013/11/07 14:25:04.094486, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_BIND (11) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x00a0 (160) auth_length : 0x0000 (0) call_id : 0x00000002 (2) u : union dcerpc_payload(case 11) bind: struct dcerpc_bind max_xmit_frag : 0x10b8 (4280) max_recv_frag : 0x10b8 (4280) assoc_group_id : 0x00000000 (0) num_contexts : 0x03 (3) ctx_list: ARRAY(3) ctx_list: struct dcerpc_ctx_list context_id : 0x0000 (0) num_transfer_syntaxes : 0x01 (1) abstract_syntax: struct ndr_syntax_id uuid : 12345678-1234-abcd-ef00-0123456789ab if_version : 0x00000001 (1) transfer_syntaxes: ARRAY(1) transfer_syntaxes: struct ndr_syntax_id uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 if_version : 0x00000002 (2) ctx_list: struct dcerpc_ctx_list context_id : 0x0001 (1) num_transfer_syntaxes : 0x01 (1) abstract_syntax: struct ndr_syntax_id uuid : 12345678-1234-abcd-ef00-0123456789ab if_version : 0x00000001 (1) transfer_syntaxes: ARRAY(1) transfer_syntaxes: struct ndr_syntax_id uuid : 71710533-beba-4937-8319-b5dbef9ccc36 if_version : 0x00000001 (1) ctx_list: struct dcerpc_ctx_list context_id : 0x0002 (2) num_transfer_syntaxes : 0x01 (1) abstract_syntax: struct ndr_syntax_id uuid : 12345678-1234-abcd-ef00-0123456789ab if_version : 0x00000001 (1) transfer_syntaxes: ARRAY(1) transfer_syntaxes: struct ndr_syntax_id uuid : 6cb71c2c-9812-4540-0300-000000000000 if_version : 0x00000001 (1) auth_info : DATA_BLOB length=0 [2013/11/07 14:25:04.096633, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) Processing packet type 11 [2013/11/07 14:25:04.096718, 3, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:693(api_pipe_bind_req) api_pipe_bind_req: spoolss -> spoolss rpc service [2013/11/07 14:25:04.096802, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:724(api_pipe_bind_req) api_pipe_bind_req: make response. 724 [2013/11/07 14:25:04.096882, 3, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:342(check_bind_req) check_bind_req for \spoolss [2013/11/07 14:25:04.096967, 3, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:349(check_bind_req) check_bind_req: spoolss -> spoolss rpc service [2013/11/07 14:25:04.097051, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 28 for pipe \spoolss [2013/11/07 14:25:04.097552, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_BIND_ACK (12) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0044 (68) auth_length : 0x0000 (0) call_id : 0x00000002 (2) u : union dcerpc_payload(case 12) bind_ack: struct dcerpc_bind_ack max_xmit_frag : 0x10b8 (4280) max_recv_frag : 0x10b8 (4280) assoc_group_id : 0x000053f0 (21488) secondary_address_size : 0x000e (14) secondary_address : '\PIPE\spoolss' _pad1 : DATA_BLOB length=0 num_results : 0x01 (1) ctx_list: ARRAY(1) ctx_list: struct dcerpc_ack_ctx result : 0x0000 (0) reason : 0x0000 (0) syntax: struct ndr_syntax_id uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 if_version : 0x00000002 (2) auth_info : DATA_BLOB length=0 [2013/11/07 14:25:04.098789, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 144 smbd_smb2_request_pending_queue: req->current_idx = 1 req->in.vector[0].iov_len = 0 req->in.vector[1].iov_len = 0 req->in.vector[2].iov_len = 64 req->in.vector[3].iov_len = 48 req->in.vector[4].iov_len = 160 req->out.vector[0].iov_len = 4 req->out.vector[1].iov_len = 0 req->out.vector[2].iov_len = 64 req->out.vector[3].iov_len = 8 req->out.vector[4].iov_len = 0 [2013/11/07 14:25:04.099291, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[16] dyn[yes:0] at ../source3/smbd/smb2_write.c:150 [2013/11/07 14:25:04.099379, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/279/127 [2013/11/07 14:25:04.100443, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) smbd_smb2_request_incoming: idx[1] of 5 vectors [2013/11/07 14:25:04.100568, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) smb2_validate_sequence_number: clearing id 279 (position 279) from bitmap [2013/11/07 14:25:04.100653, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) smbd_smb2_request_dispatch: opcode[SMB2_OP_READ] mid = 279 [2013/11/07 14:25:04.100754, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2013/11/07 14:25:04.100842, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) mid 279, CreditCharge: 1, NeededCharge: 1 [2013/11/07 14:25:04.100924, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_read.c:400(smbd_smb2_read_send) smbd_smb2_read: spoolss - fnum 2125638432 [2013/11/07 14:25:04.101014, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) name: \spoolss len: 1024 [2013/11/07 14:25:04.101099, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:326(read_from_internal_pipe) read_from_pipe: \spoolss: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. [2013/11/07 14:25:04.101184, 3, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) free_pipe_context: destroying talloc pool of size 25 smbd_smb2_request_pending_queue: req->current_idx = 1 req->in.vector[0].iov_len = 0 req->in.vector[1].iov_len = 0 req->in.vector[2].iov_len = 64 req->in.vector[3].iov_len = 48 req->in.vector[4].iov_len = 1 req->out.vector[0].iov_len = 4 req->out.vector[1].iov_len = 0 req->out.vector[2].iov_len = 64 req->out.vector[3].iov_len = 8 req->out.vector[4].iov_len = 0 [2013/11/07 14:25:04.101746, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 68 bytes. There is no more data outstanding [2013/11/07 14:25:04.101852, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[16] dyn[yes:68] at ../source3/smbd/smb2_read.c:154 [2013/11/07 14:25:04.101938, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/280/127 [2013/11/07 14:25:04.103352, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) smbd_smb2_request_incoming: idx[1] of 5 vectors [2013/11/07 14:25:04.103464, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) smb2_validate_sequence_number: clearing id 280 (position 280) from bitmap [2013/11/07 14:25:04.103548, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) smbd_smb2_request_dispatch: opcode[SMB2_OP_IOCTL] mid = 280 [2013/11/07 14:25:04.103647, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2013/11/07 14:25:04.103734, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) mid 280, CreditCharge: 1, NeededCharge: 1 [2013/11/07 14:25:04.103815, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl.c:394(smbd_smb2_ioctl_send) smbd_smb2_ioctl: ctl_code[0x0011c017] spoolss, fnum 2125638432 [2013/11/07 14:25:04.103902, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:59(smb2_ioctl_named_pipe) smbd_smb2_ioctl_send: np_write_send of size 192 [2013/11/07 14:25:04.103982, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 192 [2013/11/07 14:25:04.104064, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 192 [2013/11/07 14:25:04.104143, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 192 [2013/11/07 14:25:04.104224, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) fill_rpc_header: data_to_copy = 192, len_needed_to_complete_hdr = 16, receive_len = 0 [2013/11/07 14:25:04.104306, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 16 [2013/11/07 14:25:04.104384, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 176 [2013/11/07 14:25:04.104501, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 176 [2013/11/07 14:25:04.104585, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 0 [2013/11/07 14:25:04.104664, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 176 [2013/11/07 14:25:04.104743, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 176, incoming data = 176 [2013/11/07 14:25:04.104845, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) PDU is in Little Endian format! [2013/11/07 14:25:04.104938, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x00c0 (192) auth_length : 0x0000 (0) call_id : 0x00000002 (2) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x000000a8 (168) context_id : 0x0000 (0) opnum : 0x0045 (69) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=168 [0000] 00 00 02 00 13 00 00 00 00 00 00 00 13 00 00 00 ........ ........ [0010] 5C 00 5C 00 53 00 4C 00 41 00 56 00 45 00 52 00 \.\.S.L. A.V.E.R. [0020] 5C 00 73 00 70 00 72 00 69 00 6E 00 74 00 65 00 \.s.p.r. i.n.t.e. [0030] 72 00 31 00 00 00 00 00 00 00 00 00 00 00 00 00 r.1..... ........ [0040] 00 00 00 00 00 00 00 00 01 00 00 00 01 00 00 00 ........ ........ [0050] 04 00 02 00 28 00 00 00 08 00 02 00 0C 00 02 00 ....(... ........ [0060] 80 25 00 00 03 00 00 00 00 00 00 00 09 00 00 00 .%...... ........ [0070] 05 00 00 00 00 00 00 00 05 00 00 00 57 00 49 00 ........ ....W.I. [0080] 4E 00 38 00 00 00 00 00 0A 00 00 00 00 00 00 00 N.8..... ........ [0090] 0A 00 00 00 46 00 46 00 46 00 5C 00 74 00 65 00 ....F.F. F.\.t.e. [00A0] 73 00 74 00 38 00 00 00 s.t.8... [2013/11/07 14:25:04.106568, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) Processing packet type 0 [2013/11/07 14:25:04.106649, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1472(dcesrv_auth_request) Checking request auth. [2013/11/07 14:25:04.106734, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(2016, 5001) : sec_ctx_stack_ndx = 1 [2013/11/07 14:25:04.106828, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (2016, 5001) - sec_ctx_stack_ndx = 1 [2013/11/07 14:25:04.106912, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (7): SID[ 0]: S-1-5-21-1094127309-486540266-3527182606-1118 SID[ 1]: S-1-5-21-1094127309-486540266-3527182606-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-32-545 SID[ 6]: S-1-5-32-554 Privileges (0x 800000): Privilege[ 0]: SeChangeNotifyPrivilege Rights (0x 400): Right[ 0]: SeRemoteInteractiveLogonRight [2013/11/07 14:25:04.107394, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 2016 Primary group is 5001 and contains 6 supplementary groups Group[ 0]: 5001 Group[ 1]: 5012 Group[ 2]: 5032 Group[ 3]: 5010 Group[ 4]: 5067 Group[ 5]: 5052 [2013/11/07 14:25:04.107743, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1324(api_pipe_request) Requested \spoolss rpc service [2013/11/07 14:25:04.107844, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1356(api_rpcTNP) api_rpcTNP: \spoolss op 0x45 - api_rpcTNP: rpc command: SPOOLSS_OPENPRINTEREX [2013/11/07 14:25:04.107930, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1390(api_rpcTNP) api_rpc_cmds[69].fn == 0xb7662e70 [2013/11/07 14:25:04.108029, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) spoolss_OpenPrinterEx: struct spoolss_OpenPrinterEx in: struct spoolss_OpenPrinterEx printername : * printername : '\\SLAVER\sprinter1' datatype : NULL devmode_ctr: struct spoolss_DevmodeContainer _ndr_size : 0x00000000 (0) devmode : NULL access_mask : 0x00000000 (0) 0: SERVER_ACCESS_ADMINISTER 0: SERVER_ACCESS_ENUMERATE 0: PRINTER_ACCESS_ADMINISTER 0: PRINTER_ACCESS_USE 0: JOB_ACCESS_ADMINISTER 0: JOB_ACCESS_READ userlevel_ctr: struct spoolss_UserLevelCtr level : 0x00000001 (1) user_info : union spoolss_UserLevel(case 1) level1 : * level1: struct spoolss_UserLevel1 size : 0x00000028 (40) client : * client : 'WIN8' user : * user : 'FFF\test8' build : 0x00002580 (9600) major : UNKNOWN_ENUM_VALUE (3) minor : SPOOLSS_MINOR_VERSION_0 (0) processor : PROCESSOR_ARCHITECTURE_AMD64 (9) checking name: \\SLAVER\sprinter1 [2013/11/07 14:25:04.109295, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:737(open_printer_hnd) open_printer_hnd: name [\\SLAVER\sprinter1] [2013/11/07 14:25:04.109387, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[7] [0000] 00 00 00 00 FB 01 00 00 00 00 00 00 7B 52 B0 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:04.109540, 3, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:506(set_printer_hnd_printertype) Setting printer type=\\SLAVER\sprinter1 Printer is a printer [2013/11/07 14:25:04.109658, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:566(set_printer_hnd_name) Setting printer name=\\SLAVER\sprinter1 (len=18) searching for [sprinter1] [2013/11/07 14:25:04.109820, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=tdb] ../source3/lib/gencache.c:275(gencache_set_data_blob) Did not store value for PRINTERNAME/sprinter1, we already got it set_printer_hnd_name: Printer found: sprinter1 -> sprinter1 [2013/11/07 14:25:04.109937, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:773(open_printer_hnd) 7 printer handles active [2013/11/07 14:25:04.110018, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 FB 01 00 00 00 00 00 00 7B 52 B0 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:04.110182, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 FB 01 00 00 00 00 00 00 7B 52 B0 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:04.110329, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:489(get_printer_snum) short name:sprinter1 [2013/11/07 14:25:04.110437, 3, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/access.c:338(allow_access) Allowed connection from 10.200.7.61 (10.200.7.61) [2013/11/07 14:25:04.110657, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/share_access.c:237(user_ok_token) user_ok_token: share sprinter1 is ok for unix user test8 [2013/11/07 14:25:04.110819, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) Create pipe requested \winreg [2013/11/07 14:25:04.110915, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:221(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \winreg [2013/11/07 14:25:04.110998, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg [2013/11/07 14:25:04.111132, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) Created internal pipe \winreg [2013/11/07 14:25:04.111242, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:25:04.111850, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2013/11/07 14:25:04.111936, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(2016, 5001) : sec_ctx_stack_ndx = 2 [2013/11/07 14:25:04.112025, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:485(push_conn_ctx) push_conn_ctx(2620291195) : conn_ctx_stack_ndx = 0 [2013/11/07 14:25:04.112107, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/11/07 14:25:04.112187, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/11/07 14:25:04.112266, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/11/07 14:25:04.112554, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (2016, 5001) - sec_ctx_stack_ndx = 1 [2013/11/07 14:25:04.112643, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:866(regdb_open) regdb_open: registry db opened. refcount reset (1) [2013/11/07 14:25:04.112730, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2013/11/07 14:25:04.112828, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2013/11/07 14:25:04.112913, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:04.112992, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM] [2013/11/07 14:25:04.113125, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2013/11/07 14:25:04.113230, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:25:04.113354, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 FC 01 00 00 00 00 00 00 7B 52 B0 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:04.113512, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001fc-0000-0000-7b52-b0947f2c0000 result : WERR_OK [2013/11/07 14:25:04.113885, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001fc-0000-0000-7b52-b0947f2c0000 keyname: struct winreg_String name_len : 0x008c (140) name_size : 0x008c (140) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:25:04.114895, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 FC 01 00 00 00 00 00 00 7B 52 B0 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:04.115051, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2013/11/07 14:25:04.115133, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (1->2) [2013/11/07 14:25:04.115232, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2013/11/07 14:25:04.115311, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2013/11/07 14:25:04.115395, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:04.115474, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE] [2013/11/07 14:25:04.115586, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2013/11/07 14:25:04.115687, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2013/11/07 14:25:04.115769, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (2->3) [2013/11/07 14:25:04.115852, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:25:04.115931, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:25:04.116016, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:04.116094, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:25:04.116201, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2013/11/07 14:25:04.116300, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2013/11/07 14:25:04.116382, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (3->4) [2013/11/07 14:25:04.116512, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:25:04.116592, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:25:04.116676, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:04.116755, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:25:04.116857, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:25:04.117003, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2013/11/07 14:25:04.117099, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (4->5) [2013/11/07 14:25:04.117186, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:25:04.117265, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:25:04.117373, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:04.117452, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:25:04.117579, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2013/11/07 14:25:04.117663, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (5->6) [2013/11/07 14:25:04.117748, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:25:04.117829, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:25:04.117917, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:04.117996, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:25:04.118105, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2013/11/07 14:25:04.118188, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (6->7) [2013/11/07 14:25:04.118821, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:25:04.118915, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:25:04.119008, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:04.119088, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:25:04.119206, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:25:04.119312, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [sprinter1] [2013/11/07 14:25:04.119411, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (7->8) [2013/11/07 14:25:04.119498, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:04.119579, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:04.119666, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:04.119745, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:04.119873, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:04.119976, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:25:04.120061, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (8->7) [2013/11/07 14:25:04.120145, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (7->6) [2013/11/07 14:25:04.120229, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (6->5) [2013/11/07 14:25:04.120311, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (5->4) [2013/11/07 14:25:04.120439, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (4->3) [2013/11/07 14:25:04.120527, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (3->2) [2013/11/07 14:25:04.120613, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 FD 01 00 00 00 00 00 00 7B 52 B0 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:04.120765, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001fd-0000-0000-7b52-b0947f2c0000 result : WERR_OK [2013/11/07 14:25:04.121145, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001fd-0000-0000-7b52-b0947f2c0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2013/11/07 14:25:04.121968, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 FD 01 00 00 00 00 00 00 7B 52 B0 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:04.122119, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:04.122201, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2013/11/07 14:25:04.122284, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' (ops 0xb6d86bc0) [2013/11/07 14:25:04.122368, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:04.122489, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[0]: name[Attributes] len[4] [2013/11/07 14:25:04.122575, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[1]: name[Description] len[2] [2013/11/07 14:25:04.122659, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[2]: name[Datatype] len[8] [2013/11/07 14:25:04.122743, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[3]: name[Default Priority] len[4] [2013/11/07 14:25:04.122827, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[4]: name[Port] len[38] [2013/11/07 14:25:04.122911, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[5]: name[Name] len[20] [2013/11/07 14:25:04.122995, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[6]: name[Print Processor] len[18] [2013/11/07 14:25:04.123080, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[7]: name[Priority] len[4] [2013/11/07 14:25:04.123165, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[8]: name[Security] len[248] [2013/11/07 14:25:04.123265, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[9]: name[Share Name] len[20] [2013/11/07 14:25:04.123349, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[10]: name[StartTime] len[4] [2013/11/07 14:25:04.123434, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[11]: name[UntilTime] len[4] [2013/11/07 14:25:04.123519, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[12]: name[ChangeID] len[4] [2013/11/07 14:25:04.123607, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : NULL data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x00000000 (0) result : WERR_OK [2013/11/07 14:25:04.124062, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001fd-0000-0000-7b52-b0947f2c0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_BINARY (3) data : * data: ARRAY(0) data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x00000000 (0) [2013/11/07 14:25:04.124916, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 FD 01 00 00 00 00 00 00 7B 52 B0 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:04.125064, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:04.125146, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2013/11/07 14:25:04.125235, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : * data: ARRAY(248) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0xc4 (196) [55] : 0x00 (0) [56] : 0x07 (7) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x24 (36) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x05 (5) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x15 (21) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0xcd (205) [101] : 0x0e (14) [102] : 0x37 (55) [103] : 0x41 (65) [104] : 0xea (234) [105] : 0x03 (3) [106] : 0x00 (0) [107] : 0x1d (29) [108] : 0x0e (14) [109] : 0x89 (137) [110] : 0x3c (60) [111] : 0xd2 (210) [112] : 0x00 (0) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x02 (2) [118] : 0x24 (36) [119] : 0x00 (0) [120] : 0x0c (12) [121] : 0x00 (0) [122] : 0x0f (15) [123] : 0x10 (16) [124] : 0x01 (1) [125] : 0x05 (5) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x05 (5) [132] : 0x15 (21) [133] : 0x00 (0) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0xcd (205) [137] : 0x0e (14) [138] : 0x37 (55) [139] : 0x41 (65) [140] : 0xea (234) [141] : 0x03 (3) [142] : 0x00 (0) [143] : 0x1d (29) [144] : 0x0e (14) [145] : 0x89 (137) [146] : 0x3c (60) [147] : 0xd2 (210) [148] : 0x00 (0) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x09 (9) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x20 (32) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x02 (2) [178] : 0x18 (24) [179] : 0x00 (0) [180] : 0x0c (12) [181] : 0x00 (0) [182] : 0x0f (15) [183] : 0x10 (16) [184] : 0x01 (1) [185] : 0x02 (2) [186] : 0x00 (0) [187] : 0x00 (0) [188] : 0x00 (0) [189] : 0x00 (0) [190] : 0x00 (0) [191] : 0x05 (5) [192] : 0x20 (32) [193] : 0x00 (0) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x20 (32) [197] : 0x02 (2) [198] : 0x00 (0) [199] : 0x00 (0) [200] : 0x00 (0) [201] : 0x09 (9) [202] : 0x18 (24) [203] : 0x00 (0) [204] : 0x0c (12) [205] : 0x00 (0) [206] : 0x0f (15) [207] : 0x10 (16) [208] : 0x01 (1) [209] : 0x02 (2) [210] : 0x00 (0) [211] : 0x00 (0) [212] : 0x00 (0) [213] : 0x00 (0) [214] : 0x00 (0) [215] : 0x05 (5) [216] : 0x20 (32) [217] : 0x00 (0) [218] : 0x00 (0) [219] : 0x00 (0) [220] : 0x26 (38) [221] : 0x02 (2) [222] : 0x00 (0) [223] : 0x00 (0) [224] : 0x00 (0) [225] : 0x02 (2) [226] : 0x18 (24) [227] : 0x00 (0) [228] : 0x0c (12) [229] : 0x00 (0) [230] : 0x0f (15) [231] : 0x10 (16) [232] : 0x01 (1) [233] : 0x02 (2) [234] : 0x00 (0) [235] : 0x00 (0) [236] : 0x00 (0) [237] : 0x00 (0) [238] : 0x00 (0) [239] : 0x05 (5) [240] : 0x20 (32) [241] : 0x00 (0) [242] : 0x00 (0) [243] : 0x00 (0) [244] : 0x26 (38) [245] : 0x02 (2) [246] : 0x00 (0) [247] : 0x00 (0) data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x000000f8 (248) result : WERR_OK [2013/11/07 14:25:04.136982, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001fd-0000-0000-7b52-b0947f2c0000 [2013/11/07 14:25:04.137321, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 FD 01 00 00 00 00 00 00 7B 52 B0 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:04.137476, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 FD 01 00 00 00 00 00 00 7B 52 B0 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:04.137622, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:25:04.137712, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (2->1) [2013/11/07 14:25:04.137794, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:25:04.138149, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001fc-0000-0000-7b52-b0947f2c0000 [2013/11/07 14:25:04.138430, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 FC 01 00 00 00 00 00 00 7B 52 B0 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:04.138581, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 FC 01 00 00 00 00 00 00 7B 52 B0 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:04.138729, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:25:04.138812, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (1->0) [2013/11/07 14:25:04.138918, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:25:04.139251, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:416(close_policy_by_pipe) Deleted handle list for RPC connection \winreg [2013/11/07 14:25:04.139343, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x20020008 to 0x00020008 [2013/11/07 14:25:04.139425, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2013/11/07 14:25:04.139505, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2013/11/07 14:25:04.139584, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2013/11/07 14:25:04.139663, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2013/11/07 14:25:04.139742, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2013/11/07 14:25:04.139822, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2013/11/07 14:25:04.139905, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/printing/nt_printing.c:1844(print_access_check) access check was SUCCESS [2013/11/07 14:25:04.139989, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:1921(_spoolss_OpenPrinterEx) Setting printer access = PRINTER_ACCESS_USE [2013/11/07 14:25:04.140180, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) Create pipe requested \winreg [2013/11/07 14:25:04.140278, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:221(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \winreg [2013/11/07 14:25:04.140361, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg [2013/11/07 14:25:04.141111, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) Created internal pipe \winreg [2013/11/07 14:25:04.141227, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:25:04.141813, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2013/11/07 14:25:04.141901, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(2016, 5001) : sec_ctx_stack_ndx = 2 [2013/11/07 14:25:04.141991, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:485(push_conn_ctx) push_conn_ctx(2620291195) : conn_ctx_stack_ndx = 0 [2013/11/07 14:25:04.142072, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/11/07 14:25:04.142153, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/11/07 14:25:04.142234, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/11/07 14:25:04.142502, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (2016, 5001) - sec_ctx_stack_ndx = 1 [2013/11/07 14:25:04.142595, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:866(regdb_open) regdb_open: registry db opened. refcount reset (1) [2013/11/07 14:25:04.142682, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2013/11/07 14:25:04.142764, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2013/11/07 14:25:04.142848, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:04.142927, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM] [2013/11/07 14:25:04.143058, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2013/11/07 14:25:04.143161, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:25:04.143269, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 FE 01 00 00 00 00 00 00 7B 52 B0 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:04.143422, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001fe-0000-0000-7b52-b0947f2c0000 result : WERR_OK [2013/11/07 14:25:04.143788, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001fe-0000-0000-7b52-b0947f2c0000 keyname: struct winreg_String name_len : 0x008c (140) name_size : 0x008c (140) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:25:04.144845, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 FE 01 00 00 00 00 00 00 7B 52 B0 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:04.145000, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2013/11/07 14:25:04.145083, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (1->2) [2013/11/07 14:25:04.145169, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2013/11/07 14:25:04.145248, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2013/11/07 14:25:04.145363, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:04.145442, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE] [2013/11/07 14:25:04.145555, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2013/11/07 14:25:04.145671, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2013/11/07 14:25:04.145753, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (2->3) [2013/11/07 14:25:04.145837, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:25:04.145916, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:25:04.146000, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:04.146078, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:25:04.146183, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2013/11/07 14:25:04.146283, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2013/11/07 14:25:04.146365, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (3->4) [2013/11/07 14:25:04.146448, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:25:04.146527, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:25:04.146611, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:04.146690, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:25:04.146792, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:25:04.146893, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2013/11/07 14:25:04.146974, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (4->5) [2013/11/07 14:25:04.147058, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:25:04.147139, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:25:04.147226, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:04.147305, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:25:04.147442, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2013/11/07 14:25:04.147524, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (5->6) [2013/11/07 14:25:04.147608, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:25:04.147689, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:25:04.147777, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:04.147857, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:25:04.147965, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2013/11/07 14:25:04.148047, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (6->7) [2013/11/07 14:25:04.148132, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:25:04.148212, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:25:04.148300, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:04.148378, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:25:04.148517, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:25:04.148621, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [sprinter1] [2013/11/07 14:25:04.148703, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (7->8) [2013/11/07 14:25:04.148789, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:04.148870, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:04.148957, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:04.149036, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:04.149178, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:04.149325, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:25:04.149413, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (8->7) [2013/11/07 14:25:04.149496, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (7->6) [2013/11/07 14:25:04.149580, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (6->5) [2013/11/07 14:25:04.150269, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (5->4) [2013/11/07 14:25:04.150358, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (4->3) [2013/11/07 14:25:04.150443, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (3->2) [2013/11/07 14:25:04.150530, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 FF 01 00 00 00 00 00 00 7B 52 B0 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:04.150683, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001ff-0000-0000-7b52-b0947f2c0000 result : WERR_OK [2013/11/07 14:25:04.151032, 2, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/rpc_client/cli_winreg_spoolss.c:626(winreg_create_printer) winreg_create_printer: Skipping, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1 already exists [2013/11/07 14:25:04.151134, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001ff-0000-0000-7b52-b0947f2c0000 [2013/11/07 14:25:04.151417, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 FF 01 00 00 00 00 00 00 7B 52 B0 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:04.151568, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 FF 01 00 00 00 00 00 00 7B 52 B0 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:04.151733, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:25:04.151817, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (2->1) [2013/11/07 14:25:04.151900, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:25:04.152237, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001fe-0000-0000-7b52-b0947f2c0000 [2013/11/07 14:25:04.152570, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 FE 01 00 00 00 00 00 00 7B 52 B0 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:04.152722, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 FE 01 00 00 00 00 00 00 7B 52 B0 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:04.152874, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:25:04.152956, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (1->0) [2013/11/07 14:25:04.153056, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:25:04.153422, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:416(close_policy_by_pipe) Deleted handle list for RPC connection \winreg [2013/11/07 14:25:04.153517, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) spoolss_OpenPrinterEx: struct spoolss_OpenPrinterEx out: struct spoolss_OpenPrinterEx handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001fb-0000-0000-7b52-b0947f2c0000 result : WERR_OK [2013/11/07 14:25:04.153846, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1417(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2013/11/07 14:25:04.153948, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (2016, 5001) - sec_ctx_stack_ndx = 0 [2013/11/07 14:25:04.154034, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 176 smbd_smb2_request_pending_queue: req->current_idx = 1 req->in.vector[0].iov_len = 0 req->in.vector[1].iov_len = 0 req->in.vector[2].iov_len = 64 req->in.vector[3].iov_len = 56 req->in.vector[4].iov_len = 192 req->out.vector[0].iov_len = 4 req->out.vector[1].iov_len = 0 req->out.vector[2].iov_len = 64 req->out.vector[3].iov_len = 8 req->out.vector[4].iov_len = 0 [2013/11/07 14:25:04.154559, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:128(smbd_smb2_ioctl_pipe_write_done) smbd_smb2_ioctl_pipe_write_done: received 192 [2013/11/07 14:25:04.154643, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:149(smbd_smb2_ioctl_pipe_write_done) smbd_smb2_ioctl_pipe_write_done: issuing np_read_send of size 1024 [2013/11/07 14:25:04.154728, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) name: \spoolss len: 1024 [2013/11/07 14:25:04.154812, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:347(read_from_internal_pipe) read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 24. [2013/11/07 14:25:04.154908, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0030 (48) auth_length : 0x0000 (0) call_id : 0x00000002 (2) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00000018 (24) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=24 [0000] 00 00 00 00 FB 01 00 00 00 00 00 00 7B 52 B0 94 ........ ....{R.. [0010] 7F 2C 00 00 00 00 00 00 .,...... [2013/11/07 14:25:04.155845, 3, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) free_pipe_context: destroying talloc pool of size 61 [2013/11/07 14:25:04.155938, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 48 bytes. There is no more data outstanding [2013/11/07 14:25:04.156019, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:178(smbd_smb2_ioctl_pipe_read_done) smbd_smb2_ioctl_pipe_read_done: np_read_recv nread = 48 is_data_outstanding = 0, status = NT_STATUS_OK [2013/11/07 14:25:04.156106, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl.c:291(smbd_smb2_request_ioctl_done) smbd_smb2_request_ioctl_done: smbd_smb2_ioctl_recv returned 48 status NT_STATUS_OK [2013/11/07 14:25:04.156190, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[48] dyn[yes:48] at ../source3/smbd/smb2_ioctl.c:358 [2013/11/07 14:25:04.156278, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/281/127 [2013/11/07 14:25:04.161564, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) smbd_smb2_request_incoming: idx[1] of 5 vectors [2013/11/07 14:25:04.161992, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) smb2_validate_sequence_number: clearing id 281 (position 281) from bitmap [2013/11/07 14:25:04.162084, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) smbd_smb2_request_dispatch: opcode[SMB2_OP_CREATE] mid = 281 [2013/11/07 14:25:04.162198, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2013/11/07 14:25:04.162299, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_create.c:451(smbd_smb2_create_send) smbd_smb2_create: name[spoolss] [2013/11/07 14:25:04.162399, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap.c:187(dbwrap_check_lock_order) check lock order 1 for /var/run/samba/smbXsrv_open_global.tdb [2013/11/07 14:25:04.162480, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) lock order: 1:/var/run/samba/smbXsrv_open_global.tdb 2: 3: [2013/11/07 14:25:04.162569, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) Locking key C405B9A3 [2013/11/07 14:25:04.162666, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap_tdb.c:143(db_tdb_fetch_locked_internal) Allocated locked data 0x0xb82bbae0 [2013/11/07 14:25:04.162798, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smbXsrv_open.c:695(smbXsrv_open_global_store) [2013/11/07 14:25:04.162844, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smbXsrv_open.c:697(smbXsrv_open_global_store) smbXsrv_open_global_store: key 'C405B9A3' stored [2013/11/07 14:25:04.162927, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) &global_blob: struct smbXsrv_open_globalB version : SMBXSRV_VERSION_0 (0) seqnum : 0x00000001 (1) info : union smbXsrv_open_globalU(case 0) info0 : * info0: struct smbXsrv_open_global0 db_rec : * server_id: struct server_id pid : 0x0000000000002c7f (11391) task_id : 0x00000000 (0) vnn : 0xffffffff (4294967295) unique_id : 0xf0a57ba60aba1420 (-1106342180374834144) open_global_id : 0xc405b9a3 (3288709539) open_persistent_id : 0x00000000c405b9a3 (3288709539) open_volatile_id : 0x0000000061a6f470 (1638331504) open_owner : S-1-5-21-1094127309-486540266-3527182606-1118 open_time : Do Nov 7 14:25:04 2013 CET create_guid : 00000000-0000-0000-0000-000000000000 client_guid : 4a76dfb5-4795-11e3-be7a-5254003f141e app_instance_id : 00000000-0000-0000-0000-000000000000 disconnect_time : NTTIME(0) durable_timeout_msec : 0x00000000 (0) durable : 0x00 (0) backend_cookie : DATA_BLOB length=0 [2013/11/07 14:25:04.163939, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) Unlocking key C405B9A3 [2013/11/07 14:25:04.164024, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor) release lock order 1 for /var/run/samba/smbXsrv_open_global.tdb [2013/11/07 14:25:04.164104, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) lock order: 1: 2: 3: [2013/11/07 14:25:04.164202, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smbXsrv_open.c:862(smbXsrv_open_create) [2013/11/07 14:25:04.164247, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smbXsrv_open.c:870(smbXsrv_open_create) smbXsrv_open_create: global_id (0xc405b9a3) stored [2013/11/07 14:25:04.164327, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) &open_blob: struct smbXsrv_openB version : SMBXSRV_VERSION_0 (0) reserved : 0x00000000 (0) info : union smbXsrv_openU(case 0) info0 : * info0: struct smbXsrv_open table : * db_rec : NULL local_id : 0x61a6f470 (1638331504) global : * global: struct smbXsrv_open_global0 db_rec : NULL server_id: struct server_id pid : 0x0000000000002c7f (11391) task_id : 0x00000000 (0) vnn : 0xffffffff (4294967295) unique_id : 0xf0a57ba60aba1420 (-1106342180374834144) open_global_id : 0xc405b9a3 (3288709539) open_persistent_id : 0x00000000c405b9a3 (3288709539) open_volatile_id : 0x0000000061a6f470 (1638331504) open_owner : S-1-5-21-1094127309-486540266-3527182606-1118 open_time : Do Nov 7 14:25:04 2013 CET create_guid : 00000000-0000-0000-0000-000000000000 client_guid : 4a76dfb5-4795-11e3-be7a-5254003f141e app_instance_id : 00000000-0000-0000-0000-000000000000 disconnect_time : NTTIME(0) durable_timeout_msec : 0x00000000 (0) durable : 0x00 (0) backend_cookie : DATA_BLOB length=0 status : NT_STATUS_OK idle_time : Do Nov 7 14:25:04 2013 CET compat : NULL [2013/11/07 14:25:04.167116, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/files.c:125(file_new) allocated file structure fnum 1638331504 (8 used) [2013/11/07 14:25:04.167212, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/files.c:713(file_name_hash) file_name_hash: /tmp/spoolss hash 0x7d4e46e5 [2013/11/07 14:25:04.167331, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) Create pipe requested \spoolss [2013/11/07 14:25:04.167423, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 29 for pipe \spoolss [2013/11/07 14:25:04.167584, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) Created internal pipe \spoolss [2013/11/07 14:25:04.167669, 8, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/dosmode.c:631(dos_mode) dos_mode: spoolss [2013/11/07 14:25:04.167774, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_create.c:1053(smbd_smb2_create_send) smbd_smb2_create_send: spoolss - fnum 1638331504 [2013/11/07 14:25:04.167890, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[88] dyn[yes:0] at ../source3/smbd/smb2_create.c:369 [2013/11/07 14:25:04.167997, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/282/127 [2013/11/07 14:25:04.169033, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) smbd_smb2_request_incoming: idx[1] of 5 vectors [2013/11/07 14:25:04.169146, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) smb2_validate_sequence_number: clearing id 282 (position 282) from bitmap [2013/11/07 14:25:04.169230, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) smbd_smb2_request_dispatch: opcode[SMB2_OP_WRITE] mid = 282 [2013/11/07 14:25:04.169361, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2013/11/07 14:25:04.169453, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) mid 282, CreditCharge: 1, NeededCharge: 1 [2013/11/07 14:25:04.169536, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_write.c:271(smbd_smb2_write_send) smbd_smb2_write: spoolss - fnum 1638331504 [2013/11/07 14:25:04.169624, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 160 [2013/11/07 14:25:04.169706, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 160 [2013/11/07 14:25:04.169786, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 160 [2013/11/07 14:25:04.169867, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) fill_rpc_header: data_to_copy = 160, len_needed_to_complete_hdr = 16, receive_len = 0 [2013/11/07 14:25:04.169949, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 16 [2013/11/07 14:25:04.170027, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 144 [2013/11/07 14:25:04.170106, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 144 [2013/11/07 14:25:04.170189, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 0 [2013/11/07 14:25:04.170268, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 144 [2013/11/07 14:25:04.170347, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 144, incoming data = 144 [2013/11/07 14:25:04.170429, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) PDU is in Little Endian format! [2013/11/07 14:25:04.170524, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_BIND (11) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x00a0 (160) auth_length : 0x0000 (0) call_id : 0x00000002 (2) u : union dcerpc_payload(case 11) bind: struct dcerpc_bind max_xmit_frag : 0x10b8 (4280) max_recv_frag : 0x10b8 (4280) assoc_group_id : 0x00000000 (0) num_contexts : 0x03 (3) ctx_list: ARRAY(3) ctx_list: struct dcerpc_ctx_list context_id : 0x0000 (0) num_transfer_syntaxes : 0x01 (1) abstract_syntax: struct ndr_syntax_id uuid : 12345678-1234-abcd-ef00-0123456789ab if_version : 0x00000001 (1) transfer_syntaxes: ARRAY(1) transfer_syntaxes: struct ndr_syntax_id uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 if_version : 0x00000002 (2) ctx_list: struct dcerpc_ctx_list context_id : 0x0001 (1) num_transfer_syntaxes : 0x01 (1) abstract_syntax: struct ndr_syntax_id uuid : 12345678-1234-abcd-ef00-0123456789ab if_version : 0x00000001 (1) transfer_syntaxes: ARRAY(1) transfer_syntaxes: struct ndr_syntax_id uuid : 71710533-beba-4937-8319-b5dbef9ccc36 if_version : 0x00000001 (1) ctx_list: struct dcerpc_ctx_list context_id : 0x0002 (2) num_transfer_syntaxes : 0x01 (1) abstract_syntax: struct ndr_syntax_id uuid : 12345678-1234-abcd-ef00-0123456789ab if_version : 0x00000001 (1) transfer_syntaxes: ARRAY(1) transfer_syntaxes: struct ndr_syntax_id uuid : 6cb71c2c-9812-4540-0300-000000000000 if_version : 0x00000001 (1) auth_info : DATA_BLOB length=0 [2013/11/07 14:25:04.172624, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) Processing packet type 11 [2013/11/07 14:25:04.172709, 3, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:693(api_pipe_bind_req) api_pipe_bind_req: spoolss -> spoolss rpc service [2013/11/07 14:25:04.172793, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:724(api_pipe_bind_req) api_pipe_bind_req: make response. 724 [2013/11/07 14:25:04.172874, 3, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:342(check_bind_req) check_bind_req for \spoolss [2013/11/07 14:25:04.172959, 3, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:349(check_bind_req) check_bind_req: spoolss -> spoolss rpc service [2013/11/07 14:25:04.173043, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 30 for pipe \spoolss [2013/11/07 14:25:04.173163, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_BIND_ACK (12) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0044 (68) auth_length : 0x0000 (0) call_id : 0x00000002 (2) u : union dcerpc_payload(case 12) bind_ack: struct dcerpc_bind_ack max_xmit_frag : 0x10b8 (4280) max_recv_frag : 0x10b8 (4280) assoc_group_id : 0x000053f0 (21488) secondary_address_size : 0x000e (14) secondary_address : '\PIPE\spoolss' _pad1 : DATA_BLOB length=0 num_results : 0x01 (1) ctx_list: ARRAY(1) ctx_list: struct dcerpc_ack_ctx result : 0x0000 (0) reason : 0x0000 (0) syntax: struct ndr_syntax_id uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 if_version : 0x00000002 (2) auth_info : DATA_BLOB length=0 [2013/11/07 14:25:04.174395, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 144 smbd_smb2_request_pending_queue: req->current_idx = 1 req->in.vector[0].iov_len = 0 req->in.vector[1].iov_len = 0 req->in.vector[2].iov_len = 64 req->in.vector[3].iov_len = 48 req->in.vector[4].iov_len = 160 req->out.vector[0].iov_len = 4 req->out.vector[1].iov_len = 0 req->out.vector[2].iov_len = 64 req->out.vector[3].iov_len = 8 req->out.vector[4].iov_len = 0 [2013/11/07 14:25:04.174888, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[16] dyn[yes:0] at ../source3/smbd/smb2_write.c:150 [2013/11/07 14:25:04.174977, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/283/127 [2013/11/07 14:25:04.175951, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) smbd_smb2_request_incoming: idx[1] of 5 vectors [2013/11/07 14:25:04.176075, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) smb2_validate_sequence_number: clearing id 283 (position 283) from bitmap [2013/11/07 14:25:04.176159, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) smbd_smb2_request_dispatch: opcode[SMB2_OP_READ] mid = 283 [2013/11/07 14:25:04.176257, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2013/11/07 14:25:04.176345, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) mid 283, CreditCharge: 1, NeededCharge: 1 [2013/11/07 14:25:04.176467, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_read.c:400(smbd_smb2_read_send) smbd_smb2_read: spoolss - fnum 1638331504 [2013/11/07 14:25:04.176576, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) name: \spoolss len: 1024 [2013/11/07 14:25:04.176662, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:326(read_from_internal_pipe) read_from_pipe: \spoolss: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. [2013/11/07 14:25:04.176747, 3, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) free_pipe_context: destroying talloc pool of size 25 smbd_smb2_request_pending_queue: req->current_idx = 1 req->in.vector[0].iov_len = 0 req->in.vector[1].iov_len = 0 req->in.vector[2].iov_len = 64 req->in.vector[3].iov_len = 48 req->in.vector[4].iov_len = 1 req->out.vector[0].iov_len = 4 req->out.vector[1].iov_len = 0 req->out.vector[2].iov_len = 64 req->out.vector[3].iov_len = 8 req->out.vector[4].iov_len = 0 [2013/11/07 14:25:04.177227, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 68 bytes. There is no more data outstanding [2013/11/07 14:25:04.177341, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[16] dyn[yes:68] at ../source3/smbd/smb2_read.c:154 [2013/11/07 14:25:04.177426, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/284/127 [2013/11/07 14:25:04.178244, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) smbd_smb2_request_incoming: idx[1] of 5 vectors [2013/11/07 14:25:04.178353, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) smb2_validate_sequence_number: clearing id 284 (position 284) from bitmap [2013/11/07 14:25:04.178436, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) smbd_smb2_request_dispatch: opcode[SMB2_OP_IOCTL] mid = 284 [2013/11/07 14:25:04.178534, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2013/11/07 14:25:04.178621, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) mid 284, CreditCharge: 1, NeededCharge: 1 [2013/11/07 14:25:04.178703, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl.c:394(smbd_smb2_ioctl_send) smbd_smb2_ioctl: ctl_code[0x0011c017] spoolss, fnum 1638331504 [2013/11/07 14:25:04.178790, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:59(smb2_ioctl_named_pipe) smbd_smb2_ioctl_send: np_write_send of size 192 [2013/11/07 14:25:04.178870, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 192 [2013/11/07 14:25:04.178950, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 192 [2013/11/07 14:25:04.179030, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 192 [2013/11/07 14:25:04.179110, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) fill_rpc_header: data_to_copy = 192, len_needed_to_complete_hdr = 16, receive_len = 0 [2013/11/07 14:25:04.179208, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 16 [2013/11/07 14:25:04.179288, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 176 [2013/11/07 14:25:04.179367, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 176 [2013/11/07 14:25:04.179449, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 0 [2013/11/07 14:25:04.179528, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 176 [2013/11/07 14:25:04.179607, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 176, incoming data = 176 [2013/11/07 14:25:04.179689, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) PDU is in Little Endian format! [2013/11/07 14:25:04.179778, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x00c0 (192) auth_length : 0x0000 (0) call_id : 0x00000002 (2) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x000000a8 (168) context_id : 0x0000 (0) opnum : 0x0045 (69) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=168 [0000] 00 00 02 00 13 00 00 00 00 00 00 00 13 00 00 00 ........ ........ [0010] 5C 00 5C 00 53 00 4C 00 41 00 56 00 45 00 52 00 \.\.S.L. A.V.E.R. [0020] 5C 00 73 00 70 00 72 00 69 00 6E 00 74 00 65 00 \.s.p.r. i.n.t.e. [0030] 72 00 31 00 00 00 00 00 00 00 00 00 00 00 00 00 r.1..... ........ [0040] 00 00 00 00 00 00 00 00 01 00 00 00 01 00 00 00 ........ ........ [0050] 04 00 02 00 28 00 00 00 08 00 02 00 0C 00 02 00 ....(... ........ [0060] 80 25 00 00 03 00 00 00 00 00 00 00 09 00 00 00 .%...... ........ [0070] 05 00 00 00 00 00 00 00 05 00 00 00 57 00 49 00 ........ ....W.I. [0080] 4E 00 38 00 00 00 00 00 0A 00 00 00 00 00 00 00 N.8..... ........ [0090] 0A 00 00 00 46 00 46 00 46 00 5C 00 74 00 65 00 ....F.F. F.\.t.e. [00A0] 73 00 74 00 38 00 00 00 s.t.8... [2013/11/07 14:25:04.181687, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) Processing packet type 0 [2013/11/07 14:25:04.181771, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1472(dcesrv_auth_request) Checking request auth. [2013/11/07 14:25:04.181856, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(2016, 5001) : sec_ctx_stack_ndx = 1 [2013/11/07 14:25:04.181965, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (2016, 5001) - sec_ctx_stack_ndx = 1 [2013/11/07 14:25:04.182050, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (7): SID[ 0]: S-1-5-21-1094127309-486540266-3527182606-1118 SID[ 1]: S-1-5-21-1094127309-486540266-3527182606-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-32-545 SID[ 6]: S-1-5-32-554 Privileges (0x 800000): Privilege[ 0]: SeChangeNotifyPrivilege Rights (0x 400): Right[ 0]: SeRemoteInteractiveLogonRight [2013/11/07 14:25:04.182531, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 2016 Primary group is 5001 and contains 6 supplementary groups Group[ 0]: 5001 Group[ 1]: 5012 Group[ 2]: 5032 Group[ 3]: 5010 Group[ 4]: 5067 Group[ 5]: 5052 [2013/11/07 14:25:04.182879, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1324(api_pipe_request) Requested \spoolss rpc service [2013/11/07 14:25:04.182965, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1356(api_rpcTNP) api_rpcTNP: \spoolss op 0x45 - api_rpcTNP: rpc command: SPOOLSS_OPENPRINTEREX [2013/11/07 14:25:04.183051, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1390(api_rpcTNP) api_rpc_cmds[69].fn == 0xb7662e70 [2013/11/07 14:25:04.183150, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) spoolss_OpenPrinterEx: struct spoolss_OpenPrinterEx in: struct spoolss_OpenPrinterEx printername : * printername : '\\SLAVER\sprinter1' datatype : NULL devmode_ctr: struct spoolss_DevmodeContainer _ndr_size : 0x00000000 (0) devmode : NULL access_mask : 0x00000000 (0) 0: SERVER_ACCESS_ADMINISTER 0: SERVER_ACCESS_ENUMERATE 0: PRINTER_ACCESS_ADMINISTER 0: PRINTER_ACCESS_USE 0: JOB_ACCESS_ADMINISTER 0: JOB_ACCESS_READ userlevel_ctr: struct spoolss_UserLevelCtr level : 0x00000001 (1) user_info : union spoolss_UserLevel(case 1) level1 : * level1: struct spoolss_UserLevel1 size : 0x00000028 (40) client : * client : 'WIN8' user : * user : 'FFF\test8' build : 0x00002580 (9600) major : UNKNOWN_ENUM_VALUE (3) minor : SPOOLSS_MINOR_VERSION_0 (0) processor : PROCESSOR_ARCHITECTURE_AMD64 (9) checking name: \\SLAVER\sprinter1 [2013/11/07 14:25:04.184340, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:737(open_printer_hnd) open_printer_hnd: name [\\SLAVER\sprinter1] [2013/11/07 14:25:04.184598, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[8] [0000] 00 00 00 00 00 02 00 00 00 00 00 00 7B 52 B0 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:04.184767, 3, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:506(set_printer_hnd_printertype) Setting printer type=\\SLAVER\sprinter1 Printer is a printer [2013/11/07 14:25:04.184886, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:566(set_printer_hnd_name) Setting printer name=\\SLAVER\sprinter1 (len=18) searching for [sprinter1] [2013/11/07 14:25:04.185048, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=tdb] ../source3/lib/gencache.c:275(gencache_set_data_blob) Did not store value for PRINTERNAME/sprinter1, we already got it set_printer_hnd_name: Printer found: sprinter1 -> sprinter1 [2013/11/07 14:25:04.185164, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:773(open_printer_hnd) 8 printer handles active [2013/11/07 14:25:04.185246, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 00 02 00 00 00 00 00 00 7B 52 B0 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:04.185441, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 00 02 00 00 00 00 00 00 7B 52 B0 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:04.185589, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:489(get_printer_snum) short name:sprinter1 [2013/11/07 14:25:04.185699, 3, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/access.c:338(allow_access) Allowed connection from 10.200.7.61 (10.200.7.61) [2013/11/07 14:25:04.185918, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/share_access.c:237(user_ok_token) user_ok_token: share sprinter1 is ok for unix user test8 [2013/11/07 14:25:04.186081, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) Create pipe requested \winreg [2013/11/07 14:25:04.186177, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:221(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \winreg [2013/11/07 14:25:04.186259, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg [2013/11/07 14:25:04.186393, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) Created internal pipe \winreg [2013/11/07 14:25:04.186504, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:25:04.187008, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2013/11/07 14:25:04.187094, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(2016, 5001) : sec_ctx_stack_ndx = 2 [2013/11/07 14:25:04.187197, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:485(push_conn_ctx) push_conn_ctx(2620291195) : conn_ctx_stack_ndx = 0 [2013/11/07 14:25:04.187280, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/11/07 14:25:04.187360, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/11/07 14:25:04.187440, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/11/07 14:25:04.187689, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (2016, 5001) - sec_ctx_stack_ndx = 1 [2013/11/07 14:25:04.187774, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:866(regdb_open) regdb_open: registry db opened. refcount reset (1) [2013/11/07 14:25:04.187861, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2013/11/07 14:25:04.187941, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2013/11/07 14:25:04.188026, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:04.188105, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM] [2013/11/07 14:25:04.188237, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2013/11/07 14:25:04.188342, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:25:04.188481, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 01 02 00 00 00 00 00 00 7B 52 B0 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:04.188634, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000201-0000-0000-7b52-b0947f2c0000 result : WERR_OK [2013/11/07 14:25:04.188999, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000201-0000-0000-7b52-b0947f2c0000 keyname: struct winreg_String name_len : 0x008c (140) name_size : 0x008c (140) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:25:04.190059, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 01 02 00 00 00 00 00 00 7B 52 B0 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:04.190212, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2013/11/07 14:25:04.190294, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (1->2) [2013/11/07 14:25:04.190378, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2013/11/07 14:25:04.190457, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2013/11/07 14:25:04.190543, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:04.190623, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE] [2013/11/07 14:25:04.190737, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2013/11/07 14:25:04.190840, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2013/11/07 14:25:04.190923, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (2->3) [2013/11/07 14:25:04.191007, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:25:04.191086, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:25:04.191170, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:04.191248, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:25:04.191355, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2013/11/07 14:25:04.191456, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2013/11/07 14:25:04.191537, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (3->4) [2013/11/07 14:25:04.191623, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:25:04.191717, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:25:04.191801, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:04.191880, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:25:04.191981, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:25:04.192081, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2013/11/07 14:25:04.192163, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (4->5) [2013/11/07 14:25:04.192247, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:25:04.192327, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:25:04.192449, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:04.192530, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:25:04.192653, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2013/11/07 14:25:04.192735, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (5->6) [2013/11/07 14:25:04.192820, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:25:04.192901, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:25:04.192989, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:04.193068, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:25:04.193175, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2013/11/07 14:25:04.193258, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (6->7) [2013/11/07 14:25:04.193373, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:25:04.193468, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:25:04.193557, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:04.193637, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:25:04.193743, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:25:04.193848, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [sprinter1] [2013/11/07 14:25:04.193929, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (7->8) [2013/11/07 14:25:04.194017, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:04.194098, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:04.194185, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:04.194263, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:04.194390, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:04.194493, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:25:04.194579, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (8->7) [2013/11/07 14:25:04.194663, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (7->6) [2013/11/07 14:25:04.194747, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (6->5) [2013/11/07 14:25:04.194829, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (5->4) [2013/11/07 14:25:04.194912, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (4->3) [2013/11/07 14:25:04.194995, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (3->2) [2013/11/07 14:25:04.195079, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 02 02 00 00 00 00 00 00 7B 52 B0 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:04.195243, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000202-0000-0000-7b52-b0947f2c0000 result : WERR_OK [2013/11/07 14:25:04.195599, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000202-0000-0000-7b52-b0947f2c0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2013/11/07 14:25:04.196367, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 02 02 00 00 00 00 00 00 7B 52 B0 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:04.196718, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:04.196801, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2013/11/07 14:25:04.196885, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' (ops 0xb6d86bc0) [2013/11/07 14:25:04.196969, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:04.197093, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[0]: name[Attributes] len[4] [2013/11/07 14:25:04.197179, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[1]: name[Description] len[2] [2013/11/07 14:25:04.197263, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[2]: name[Datatype] len[8] [2013/11/07 14:25:04.197393, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[3]: name[Default Priority] len[4] [2013/11/07 14:25:04.197495, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[4]: name[Port] len[38] [2013/11/07 14:25:04.197580, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[5]: name[Name] len[20] [2013/11/07 14:25:04.197665, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[6]: name[Print Processor] len[18] [2013/11/07 14:25:04.197750, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[7]: name[Priority] len[4] [2013/11/07 14:25:04.197835, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[8]: name[Security] len[248] [2013/11/07 14:25:04.197920, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[9]: name[Share Name] len[20] [2013/11/07 14:25:04.198005, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[10]: name[StartTime] len[4] [2013/11/07 14:25:04.198091, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[11]: name[UntilTime] len[4] [2013/11/07 14:25:04.198176, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[12]: name[ChangeID] len[4] [2013/11/07 14:25:04.198265, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : NULL data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x00000000 (0) result : WERR_OK [2013/11/07 14:25:04.198735, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000202-0000-0000-7b52-b0947f2c0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_BINARY (3) data : * data: ARRAY(0) data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x00000000 (0) [2013/11/07 14:25:04.199549, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 02 02 00 00 00 00 00 00 7B 52 B0 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:04.199712, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:04.199794, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2013/11/07 14:25:04.199883, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : * data: ARRAY(248) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0xc4 (196) [55] : 0x00 (0) [56] : 0x07 (7) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x24 (36) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x05 (5) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x15 (21) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0xcd (205) [101] : 0x0e (14) [102] : 0x37 (55) [103] : 0x41 (65) [104] : 0xea (234) [105] : 0x03 (3) [106] : 0x00 (0) [107] : 0x1d (29) [108] : 0x0e (14) [109] : 0x89 (137) [110] : 0x3c (60) [111] : 0xd2 (210) [112] : 0x00 (0) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x02 (2) [118] : 0x24 (36) [119] : 0x00 (0) [120] : 0x0c (12) [121] : 0x00 (0) [122] : 0x0f (15) [123] : 0x10 (16) [124] : 0x01 (1) [125] : 0x05 (5) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x05 (5) [132] : 0x15 (21) [133] : 0x00 (0) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0xcd (205) [137] : 0x0e (14) [138] : 0x37 (55) [139] : 0x41 (65) [140] : 0xea (234) [141] : 0x03 (3) [142] : 0x00 (0) [143] : 0x1d (29) [144] : 0x0e (14) [145] : 0x89 (137) [146] : 0x3c (60) [147] : 0xd2 (210) [148] : 0x00 (0) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x09 (9) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x20 (32) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x02 (2) [178] : 0x18 (24) [179] : 0x00 (0) [180] : 0x0c (12) [181] : 0x00 (0) [182] : 0x0f (15) [183] : 0x10 (16) [184] : 0x01 (1) [185] : 0x02 (2) [186] : 0x00 (0) [187] : 0x00 (0) [188] : 0x00 (0) [189] : 0x00 (0) [190] : 0x00 (0) [191] : 0x05 (5) [192] : 0x20 (32) [193] : 0x00 (0) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x20 (32) [197] : 0x02 (2) [198] : 0x00 (0) [199] : 0x00 (0) [200] : 0x00 (0) [201] : 0x09 (9) [202] : 0x18 (24) [203] : 0x00 (0) [204] : 0x0c (12) [205] : 0x00 (0) [206] : 0x0f (15) [207] : 0x10 (16) [208] : 0x01 (1) [209] : 0x02 (2) [210] : 0x00 (0) [211] : 0x00 (0) [212] : 0x00 (0) [213] : 0x00 (0) [214] : 0x00 (0) [215] : 0x05 (5) [216] : 0x20 (32) [217] : 0x00 (0) [218] : 0x00 (0) [219] : 0x00 (0) [220] : 0x26 (38) [221] : 0x02 (2) [222] : 0x00 (0) [223] : 0x00 (0) [224] : 0x00 (0) [225] : 0x02 (2) [226] : 0x18 (24) [227] : 0x00 (0) [228] : 0x0c (12) [229] : 0x00 (0) [230] : 0x0f (15) [231] : 0x10 (16) [232] : 0x01 (1) [233] : 0x02 (2) [234] : 0x00 (0) [235] : 0x00 (0) [236] : 0x00 (0) [237] : 0x00 (0) [238] : 0x00 (0) [239] : 0x05 (5) [240] : 0x20 (32) [241] : 0x00 (0) [242] : 0x00 (0) [243] : 0x00 (0) [244] : 0x26 (38) [245] : 0x02 (2) [246] : 0x00 (0) [247] : 0x00 (0) data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x000000f8 (248) result : WERR_OK [2013/11/07 14:25:04.210266, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000202-0000-0000-7b52-b0947f2c0000 [2013/11/07 14:25:04.210550, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 02 02 00 00 00 00 00 00 7B 52 B0 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:04.210716, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 02 02 00 00 00 00 00 00 7B 52 B0 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:04.210866, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:25:04.210955, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (2->1) [2013/11/07 14:25:04.211038, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:25:04.211375, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000201-0000-0000-7b52-b0947f2c0000 [2013/11/07 14:25:04.211756, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 01 02 00 00 00 00 00 00 7B 52 B0 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:04.211909, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 01 02 00 00 00 00 00 00 7B 52 B0 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:04.212805, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:25:04.212898, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (1->0) [2013/11/07 14:25:04.213003, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:25:04.213370, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:416(close_policy_by_pipe) Deleted handle list for RPC connection \winreg [2013/11/07 14:25:04.213464, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x20020008 to 0x00020008 [2013/11/07 14:25:04.213547, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2013/11/07 14:25:04.213627, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2013/11/07 14:25:04.213724, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2013/11/07 14:25:04.213805, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2013/11/07 14:25:04.213885, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2013/11/07 14:25:04.213965, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2013/11/07 14:25:04.214049, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/printing/nt_printing.c:1844(print_access_check) access check was SUCCESS [2013/11/07 14:25:04.214133, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:1921(_spoolss_OpenPrinterEx) Setting printer access = PRINTER_ACCESS_USE [2013/11/07 14:25:04.214309, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) Create pipe requested \winreg [2013/11/07 14:25:04.214407, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:221(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \winreg [2013/11/07 14:25:04.214489, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg [2013/11/07 14:25:04.214631, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) Created internal pipe \winreg [2013/11/07 14:25:04.214735, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:25:04.215242, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2013/11/07 14:25:04.215328, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(2016, 5001) : sec_ctx_stack_ndx = 2 [2013/11/07 14:25:04.215418, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:485(push_conn_ctx) push_conn_ctx(2620291195) : conn_ctx_stack_ndx = 0 [2013/11/07 14:25:04.215500, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/11/07 14:25:04.215581, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/11/07 14:25:04.215662, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/11/07 14:25:04.215916, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (2016, 5001) - sec_ctx_stack_ndx = 1 [2013/11/07 14:25:04.216000, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:866(regdb_open) regdb_open: registry db opened. refcount reset (1) [2013/11/07 14:25:04.216108, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2013/11/07 14:25:04.216189, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2013/11/07 14:25:04.216272, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:04.216352, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM] [2013/11/07 14:25:04.216940, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2013/11/07 14:25:04.217060, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:25:04.217148, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 03 02 00 00 00 00 00 00 7B 52 B0 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:04.217339, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000203-0000-0000-7b52-b0947f2c0000 result : WERR_OK [2013/11/07 14:25:04.217698, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000203-0000-0000-7b52-b0947f2c0000 keyname: struct winreg_String name_len : 0x008c (140) name_size : 0x008c (140) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:25:04.218702, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 03 02 00 00 00 00 00 00 7B 52 B0 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:04.218854, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2013/11/07 14:25:04.218954, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (1->2) [2013/11/07 14:25:04.219039, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2013/11/07 14:25:04.219118, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2013/11/07 14:25:04.219203, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:04.219282, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE] [2013/11/07 14:25:04.219393, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2013/11/07 14:25:04.219493, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2013/11/07 14:25:04.219575, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (2->3) [2013/11/07 14:25:04.219661, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:25:04.219740, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:25:04.219824, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:04.219902, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:25:04.220008, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2013/11/07 14:25:04.220107, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2013/11/07 14:25:04.220189, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (3->4) [2013/11/07 14:25:04.220273, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:25:04.220352, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:25:04.220480, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:04.220560, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:25:04.220662, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:25:04.220775, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2013/11/07 14:25:04.220858, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (4->5) [2013/11/07 14:25:04.220942, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:25:04.221022, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:25:04.221108, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:04.221187, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:25:04.221357, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2013/11/07 14:25:04.221441, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (5->6) [2013/11/07 14:25:04.221525, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:25:04.221605, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:25:04.221692, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:04.221772, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:25:04.221882, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2013/11/07 14:25:04.221964, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (6->7) [2013/11/07 14:25:04.222049, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:25:04.222129, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:25:04.222217, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:04.222295, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:25:04.222399, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:25:04.222515, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [sprinter1] [2013/11/07 14:25:04.222597, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (7->8) [2013/11/07 14:25:04.222682, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:04.222762, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:04.222849, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:04.222927, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:04.223052, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:04.223155, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:25:04.223240, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (8->7) [2013/11/07 14:25:04.223324, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (7->6) [2013/11/07 14:25:04.223407, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (6->5) [2013/11/07 14:25:04.223490, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (5->4) [2013/11/07 14:25:04.223572, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (4->3) [2013/11/07 14:25:04.223655, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (3->2) [2013/11/07 14:25:04.223740, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 04 02 00 00 00 00 00 00 7B 52 B0 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:04.223890, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000204-0000-0000-7b52-b0947f2c0000 result : WERR_OK [2013/11/07 14:25:04.224229, 2, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/rpc_client/cli_winreg_spoolss.c:626(winreg_create_printer) winreg_create_printer: Skipping, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1 already exists [2013/11/07 14:25:04.224341, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000204-0000-0000-7b52-b0947f2c0000 [2013/11/07 14:25:04.224660, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 04 02 00 00 00 00 00 00 7B 52 B0 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:04.224813, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 04 02 00 00 00 00 00 00 7B 52 B0 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:04.224962, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:25:04.225044, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (2->1) [2013/11/07 14:25:04.225126, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:25:04.225489, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000203-0000-0000-7b52-b0947f2c0000 [2013/11/07 14:25:04.225768, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 03 02 00 00 00 00 00 00 7B 52 B0 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:04.225916, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 03 02 00 00 00 00 00 00 7B 52 B0 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:04.226062, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:25:04.226144, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (1->0) [2013/11/07 14:25:04.226242, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:25:04.226572, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:416(close_policy_by_pipe) Deleted handle list for RPC connection \winreg [2013/11/07 14:25:04.226730, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) spoolss_OpenPrinterEx: struct spoolss_OpenPrinterEx out: struct spoolss_OpenPrinterEx handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000200-0000-0000-7b52-b0947f2c0000 result : WERR_OK [2013/11/07 14:25:04.227056, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1417(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2013/11/07 14:25:04.227160, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (2016, 5001) - sec_ctx_stack_ndx = 0 [2013/11/07 14:25:04.227245, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 176 smbd_smb2_request_pending_queue: req->current_idx = 1 req->in.vector[0].iov_len = 0 req->in.vector[1].iov_len = 0 req->in.vector[2].iov_len = 64 req->in.vector[3].iov_len = 56 req->in.vector[4].iov_len = 192 req->out.vector[0].iov_len = 4 req->out.vector[1].iov_len = 0 req->out.vector[2].iov_len = 64 req->out.vector[3].iov_len = 8 req->out.vector[4].iov_len = 0 [2013/11/07 14:25:04.227752, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:128(smbd_smb2_ioctl_pipe_write_done) smbd_smb2_ioctl_pipe_write_done: received 192 [2013/11/07 14:25:04.227835, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:149(smbd_smb2_ioctl_pipe_write_done) smbd_smb2_ioctl_pipe_write_done: issuing np_read_send of size 1024 [2013/11/07 14:25:04.228079, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) name: \spoolss len: 1024 [2013/11/07 14:25:04.228165, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:347(read_from_internal_pipe) read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 24. [2013/11/07 14:25:04.228263, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0030 (48) auth_length : 0x0000 (0) call_id : 0x00000002 (2) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00000018 (24) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=24 [0000] 00 00 00 00 00 02 00 00 00 00 00 00 7B 52 B0 94 ........ ....{R.. [0010] 7F 2C 00 00 00 00 00 00 .,...... [2013/11/07 14:25:04.229256, 3, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) free_pipe_context: destroying talloc pool of size 61 [2013/11/07 14:25:04.229371, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 48 bytes. There is no more data outstanding [2013/11/07 14:25:04.229470, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:178(smbd_smb2_ioctl_pipe_read_done) smbd_smb2_ioctl_pipe_read_done: np_read_recv nread = 48 is_data_outstanding = 0, status = NT_STATUS_OK [2013/11/07 14:25:04.229558, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl.c:291(smbd_smb2_request_ioctl_done) smbd_smb2_request_ioctl_done: smbd_smb2_ioctl_recv returned 48 status NT_STATUS_OK [2013/11/07 14:25:04.229641, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[48] dyn[yes:48] at ../source3/smbd/smb2_ioctl.c:358 [2013/11/07 14:25:04.229729, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/285/127 [2013/11/07 14:25:04.233326, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) smbd_smb2_request_incoming: idx[1] of 5 vectors [2013/11/07 14:25:04.233483, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) smb2_validate_sequence_number: clearing id 285 (position 285) from bitmap [2013/11/07 14:25:04.233571, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) smbd_smb2_request_dispatch: opcode[SMB2_OP_CREATE] mid = 285 [2013/11/07 14:25:04.233909, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2013/11/07 14:25:04.234009, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_create.c:451(smbd_smb2_create_send) smbd_smb2_create: name[spoolss] [2013/11/07 14:25:04.234108, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap.c:187(dbwrap_check_lock_order) check lock order 1 for /var/run/samba/smbXsrv_open_global.tdb [2013/11/07 14:25:04.234190, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) lock order: 1:/var/run/samba/smbXsrv_open_global.tdb 2: 3: [2013/11/07 14:25:04.234278, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) Locking key E05A5C03 [2013/11/07 14:25:04.234374, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap_tdb.c:143(db_tdb_fetch_locked_internal) Allocated locked data 0x0xb807cc58 [2013/11/07 14:25:04.234501, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smbXsrv_open.c:695(smbXsrv_open_global_store) [2013/11/07 14:25:04.234547, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smbXsrv_open.c:697(smbXsrv_open_global_store) smbXsrv_open_global_store: key 'E05A5C03' stored [2013/11/07 14:25:04.234630, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) &global_blob: struct smbXsrv_open_globalB version : SMBXSRV_VERSION_0 (0) seqnum : 0x00000001 (1) info : union smbXsrv_open_globalU(case 0) info0 : * info0: struct smbXsrv_open_global0 db_rec : * server_id: struct server_id pid : 0x0000000000002c7f (11391) task_id : 0x00000000 (0) vnn : 0xffffffff (4294967295) unique_id : 0xf0a57ba60aba1420 (-1106342180374834144) open_global_id : 0xe05a5c03 (3764018179) open_persistent_id : 0x00000000e05a5c03 (3764018179) open_volatile_id : 0x000000009fa0548c (2678084748) open_owner : S-1-5-21-1094127309-486540266-3527182606-1118 open_time : Do Nov 7 14:25:04 2013 CET create_guid : 00000000-0000-0000-0000-000000000000 client_guid : 4a76dfb5-4795-11e3-be7a-5254003f141e app_instance_id : 00000000-0000-0000-0000-000000000000 disconnect_time : NTTIME(0) durable_timeout_msec : 0x00000000 (0) durable : 0x00 (0) backend_cookie : DATA_BLOB length=0 [2013/11/07 14:25:04.235755, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) Unlocking key E05A5C03 [2013/11/07 14:25:04.235842, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor) release lock order 1 for /var/run/samba/smbXsrv_open_global.tdb [2013/11/07 14:25:04.235923, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) lock order: 1: 2: 3: [2013/11/07 14:25:04.236006, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smbXsrv_open.c:862(smbXsrv_open_create) [2013/11/07 14:25:04.236051, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smbXsrv_open.c:870(smbXsrv_open_create) smbXsrv_open_create: global_id (0xe05a5c03) stored [2013/11/07 14:25:04.236131, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) &open_blob: struct smbXsrv_openB version : SMBXSRV_VERSION_0 (0) reserved : 0x00000000 (0) info : union smbXsrv_openU(case 0) info0 : * info0: struct smbXsrv_open table : * db_rec : NULL local_id : 0x9fa0548c (2678084748) global : * global: struct smbXsrv_open_global0 db_rec : NULL server_id: struct server_id pid : 0x0000000000002c7f (11391) task_id : 0x00000000 (0) vnn : 0xffffffff (4294967295) unique_id : 0xf0a57ba60aba1420 (-1106342180374834144) open_global_id : 0xe05a5c03 (3764018179) open_persistent_id : 0x00000000e05a5c03 (3764018179) open_volatile_id : 0x000000009fa0548c (2678084748) open_owner : S-1-5-21-1094127309-486540266-3527182606-1118 open_time : Do Nov 7 14:25:04 2013 CET create_guid : 00000000-0000-0000-0000-000000000000 client_guid : 4a76dfb5-4795-11e3-be7a-5254003f141e app_instance_id : 00000000-0000-0000-0000-000000000000 disconnect_time : NTTIME(0) durable_timeout_msec : 0x00000000 (0) durable : 0x00 (0) backend_cookie : DATA_BLOB length=0 status : NT_STATUS_OK idle_time : Do Nov 7 14:25:04 2013 CET compat : NULL [2013/11/07 14:25:04.237522, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/files.c:125(file_new) allocated file structure fnum 2678084748 (9 used) [2013/11/07 14:25:04.237617, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/files.c:713(file_name_hash) file_name_hash: /tmp/spoolss hash 0x7d4e46e5 [2013/11/07 14:25:04.237749, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) Create pipe requested \spoolss [2013/11/07 14:25:04.237842, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 31 for pipe \spoolss [2013/11/07 14:25:04.237997, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) Created internal pipe \spoolss [2013/11/07 14:25:04.238082, 8, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/dosmode.c:631(dos_mode) dos_mode: spoolss [2013/11/07 14:25:04.238184, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_create.c:1053(smbd_smb2_create_send) smbd_smb2_create_send: spoolss - fnum 2678084748 [2013/11/07 14:25:04.238297, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[88] dyn[yes:0] at ../source3/smbd/smb2_create.c:369 [2013/11/07 14:25:04.238386, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/286/127 [2013/11/07 14:25:04.240159, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) smbd_smb2_request_incoming: idx[1] of 5 vectors [2013/11/07 14:25:04.240294, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) smb2_validate_sequence_number: clearing id 286 (position 286) from bitmap [2013/11/07 14:25:04.240380, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) smbd_smb2_request_dispatch: opcode[SMB2_OP_WRITE] mid = 286 [2013/11/07 14:25:04.240538, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2013/11/07 14:25:04.240631, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) mid 286, CreditCharge: 1, NeededCharge: 1 [2013/11/07 14:25:04.240713, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_write.c:271(smbd_smb2_write_send) smbd_smb2_write: spoolss - fnum 2678084748 [2013/11/07 14:25:04.240802, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 160 [2013/11/07 14:25:04.240925, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 160 [2013/11/07 14:25:04.241006, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 160 [2013/11/07 14:25:04.241087, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) fill_rpc_header: data_to_copy = 160, len_needed_to_complete_hdr = 16, receive_len = 0 [2013/11/07 14:25:04.241169, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 16 [2013/11/07 14:25:04.241248, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 144 [2013/11/07 14:25:04.241360, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 144 [2013/11/07 14:25:04.241464, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 0 [2013/11/07 14:25:04.241543, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 144 [2013/11/07 14:25:04.241622, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 144, incoming data = 144 [2013/11/07 14:25:04.241705, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) PDU is in Little Endian format! [2013/11/07 14:25:04.241801, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_BIND (11) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x00a0 (160) auth_length : 0x0000 (0) call_id : 0x00000002 (2) u : union dcerpc_payload(case 11) bind: struct dcerpc_bind max_xmit_frag : 0x10b8 (4280) max_recv_frag : 0x10b8 (4280) assoc_group_id : 0x00000000 (0) num_contexts : 0x03 (3) ctx_list: ARRAY(3) ctx_list: struct dcerpc_ctx_list context_id : 0x0000 (0) num_transfer_syntaxes : 0x01 (1) abstract_syntax: struct ndr_syntax_id uuid : 12345678-1234-abcd-ef00-0123456789ab if_version : 0x00000001 (1) transfer_syntaxes: ARRAY(1) transfer_syntaxes: struct ndr_syntax_id uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 if_version : 0x00000002 (2) ctx_list: struct dcerpc_ctx_list context_id : 0x0001 (1) num_transfer_syntaxes : 0x01 (1) abstract_syntax: struct ndr_syntax_id uuid : 12345678-1234-abcd-ef00-0123456789ab if_version : 0x00000001 (1) transfer_syntaxes: ARRAY(1) transfer_syntaxes: struct ndr_syntax_id uuid : 71710533-beba-4937-8319-b5dbef9ccc36 if_version : 0x00000001 (1) ctx_list: struct dcerpc_ctx_list context_id : 0x0002 (2) num_transfer_syntaxes : 0x01 (1) abstract_syntax: struct ndr_syntax_id uuid : 12345678-1234-abcd-ef00-0123456789ab if_version : 0x00000001 (1) transfer_syntaxes: ARRAY(1) transfer_syntaxes: struct ndr_syntax_id uuid : 6cb71c2c-9812-4540-0300-000000000000 if_version : 0x00000001 (1) auth_info : DATA_BLOB length=0 [2013/11/07 14:25:04.244499, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) Processing packet type 11 [2013/11/07 14:25:04.244591, 3, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:693(api_pipe_bind_req) api_pipe_bind_req: spoolss -> spoolss rpc service [2013/11/07 14:25:04.244675, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:724(api_pipe_bind_req) api_pipe_bind_req: make response. 724 [2013/11/07 14:25:04.244755, 3, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:342(check_bind_req) check_bind_req for \spoolss [2013/11/07 14:25:04.244841, 3, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:349(check_bind_req) check_bind_req: spoolss -> spoolss rpc service [2013/11/07 14:25:04.244924, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 32 for pipe \spoolss [2013/11/07 14:25:04.245031, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_BIND_ACK (12) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0044 (68) auth_length : 0x0000 (0) call_id : 0x00000002 (2) u : union dcerpc_payload(case 12) bind_ack: struct dcerpc_bind_ack max_xmit_frag : 0x10b8 (4280) max_recv_frag : 0x10b8 (4280) assoc_group_id : 0x000053f0 (21488) secondary_address_size : 0x000e (14) secondary_address : '\PIPE\spoolss' _pad1 : DATA_BLOB length=0 num_results : 0x01 (1) ctx_list: ARRAY(1) ctx_list: struct dcerpc_ack_ctx result : 0x0000 (0) reason : 0x0000 (0) syntax: struct ndr_syntax_id uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 if_version : 0x00000002 (2) auth_info : DATA_BLOB length=0 [2013/11/07 14:25:04.246260, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 144 smbd_smb2_request_pending_queue: req->current_idx = 1 req->in.vector[0].iov_len = 0 req->in.vector[1].iov_len = 0 req->in.vector[2].iov_len = 64 req->in.vector[3].iov_len = 48 req->in.vector[4].iov_len = 160 req->out.vector[0].iov_len = 4 req->out.vector[1].iov_len = 0 req->out.vector[2].iov_len = 64 req->out.vector[3].iov_len = 8 req->out.vector[4].iov_len = 0 [2013/11/07 14:25:04.246759, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[16] dyn[yes:0] at ../source3/smbd/smb2_write.c:150 [2013/11/07 14:25:04.246849, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/287/127 [2013/11/07 14:25:04.247947, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) smbd_smb2_request_incoming: idx[1] of 5 vectors [2013/11/07 14:25:04.248075, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) smb2_validate_sequence_number: clearing id 287 (position 287) from bitmap [2013/11/07 14:25:04.248159, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) smbd_smb2_request_dispatch: opcode[SMB2_OP_READ] mid = 287 [2013/11/07 14:25:04.248273, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2013/11/07 14:25:04.248363, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) mid 287, CreditCharge: 1, NeededCharge: 1 [2013/11/07 14:25:04.248485, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_read.c:400(smbd_smb2_read_send) smbd_smb2_read: spoolss - fnum 2678084748 [2013/11/07 14:25:04.248584, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) name: \spoolss len: 1024 [2013/11/07 14:25:04.248670, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:326(read_from_internal_pipe) read_from_pipe: \spoolss: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. [2013/11/07 14:25:04.248755, 3, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) free_pipe_context: destroying talloc pool of size 25 smbd_smb2_request_pending_queue: req->current_idx = 1 req->in.vector[0].iov_len = 0 req->in.vector[1].iov_len = 0 req->in.vector[2].iov_len = 64 req->in.vector[3].iov_len = 48 req->in.vector[4].iov_len = 1 req->out.vector[0].iov_len = 4 req->out.vector[1].iov_len = 0 req->out.vector[2].iov_len = 64 req->out.vector[3].iov_len = 8 req->out.vector[4].iov_len = 0 [2013/11/07 14:25:04.249236, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 68 bytes. There is no more data outstanding [2013/11/07 14:25:04.249348, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[16] dyn[yes:68] at ../source3/smbd/smb2_read.c:154 [2013/11/07 14:25:04.249434, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/288/127 [2013/11/07 14:25:04.250359, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) smbd_smb2_request_incoming: idx[1] of 5 vectors [2013/11/07 14:25:04.250468, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) smb2_validate_sequence_number: clearing id 288 (position 288) from bitmap [2013/11/07 14:25:04.250552, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) smbd_smb2_request_dispatch: opcode[SMB2_OP_IOCTL] mid = 288 [2013/11/07 14:25:04.250648, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2013/11/07 14:25:04.250735, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) mid 288, CreditCharge: 1, NeededCharge: 1 [2013/11/07 14:25:04.250817, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl.c:394(smbd_smb2_ioctl_send) smbd_smb2_ioctl: ctl_code[0x0011c017] spoolss, fnum 2678084748 [2013/11/07 14:25:04.250925, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:59(smb2_ioctl_named_pipe) smbd_smb2_ioctl_send: np_write_send of size 192 [2013/11/07 14:25:04.251006, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 192 [2013/11/07 14:25:04.251087, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 192 [2013/11/07 14:25:04.251167, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 192 [2013/11/07 14:25:04.251247, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) fill_rpc_header: data_to_copy = 192, len_needed_to_complete_hdr = 16, receive_len = 0 [2013/11/07 14:25:04.251328, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 16 [2013/11/07 14:25:04.251407, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 176 [2013/11/07 14:25:04.251486, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 176 [2013/11/07 14:25:04.251568, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 0 [2013/11/07 14:25:04.251647, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 176 [2013/11/07 14:25:04.251725, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 176, incoming data = 176 [2013/11/07 14:25:04.251808, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) PDU is in Little Endian format! [2013/11/07 14:25:04.251898, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x00c0 (192) auth_length : 0x0000 (0) call_id : 0x00000002 (2) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x000000a8 (168) context_id : 0x0000 (0) opnum : 0x0045 (69) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=168 [0000] 00 00 02 00 13 00 00 00 00 00 00 00 13 00 00 00 ........ ........ [0010] 5C 00 5C 00 53 00 4C 00 41 00 56 00 45 00 52 00 \.\.S.L. A.V.E.R. [0020] 5C 00 73 00 70 00 72 00 69 00 6E 00 74 00 65 00 \.s.p.r. i.n.t.e. [0030] 72 00 31 00 00 00 00 00 00 00 00 00 00 00 00 00 r.1..... ........ [0040] 00 00 00 00 00 00 00 00 01 00 00 00 01 00 00 00 ........ ........ [0050] 04 00 02 00 28 00 00 00 08 00 02 00 0C 00 02 00 ....(... ........ [0060] 80 25 00 00 03 00 00 00 00 00 00 00 09 00 00 00 .%...... ........ [0070] 05 00 00 00 00 00 00 00 05 00 00 00 57 00 49 00 ........ ....W.I. [0080] 4E 00 38 00 00 00 00 00 0A 00 00 00 00 00 00 00 N.8..... ........ [0090] 0A 00 00 00 46 00 46 00 46 00 5C 00 74 00 65 00 ....F.F. F.\.t.e. [00A0] 73 00 74 00 38 00 00 00 s.t.8... [2013/11/07 14:25:04.253593, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) Processing packet type 0 [2013/11/07 14:25:04.253675, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1472(dcesrv_auth_request) Checking request auth. [2013/11/07 14:25:04.253760, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(2016, 5001) : sec_ctx_stack_ndx = 1 [2013/11/07 14:25:04.253853, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (2016, 5001) - sec_ctx_stack_ndx = 1 [2013/11/07 14:25:04.253936, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (7): SID[ 0]: S-1-5-21-1094127309-486540266-3527182606-1118 SID[ 1]: S-1-5-21-1094127309-486540266-3527182606-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-32-545 SID[ 6]: S-1-5-32-554 Privileges (0x 800000): Privilege[ 0]: SeChangeNotifyPrivilege Rights (0x 400): Right[ 0]: SeRemoteInteractiveLogonRight [2013/11/07 14:25:04.254418, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 2016 Primary group is 5001 and contains 6 supplementary groups Group[ 0]: 5001 Group[ 1]: 5012 Group[ 2]: 5032 Group[ 3]: 5010 Group[ 4]: 5067 Group[ 5]: 5052 [2013/11/07 14:25:04.254762, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1324(api_pipe_request) Requested \spoolss rpc service [2013/11/07 14:25:04.254847, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1356(api_rpcTNP) api_rpcTNP: \spoolss op 0x45 - api_rpcTNP: rpc command: SPOOLSS_OPENPRINTEREX [2013/11/07 14:25:04.254933, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1390(api_rpcTNP) api_rpc_cmds[69].fn == 0xb7662e70 [2013/11/07 14:25:04.255032, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) spoolss_OpenPrinterEx: struct spoolss_OpenPrinterEx in: struct spoolss_OpenPrinterEx printername : * printername : '\\SLAVER\sprinter1' datatype : NULL devmode_ctr: struct spoolss_DevmodeContainer _ndr_size : 0x00000000 (0) devmode : NULL access_mask : 0x00000000 (0) 0: SERVER_ACCESS_ADMINISTER 0: SERVER_ACCESS_ENUMERATE 0: PRINTER_ACCESS_ADMINISTER 0: PRINTER_ACCESS_USE 0: JOB_ACCESS_ADMINISTER 0: JOB_ACCESS_READ userlevel_ctr: struct spoolss_UserLevelCtr level : 0x00000001 (1) user_info : union spoolss_UserLevel(case 1) level1 : * level1: struct spoolss_UserLevel1 size : 0x00000028 (40) client : * client : 'WIN8' user : * user : 'FFF\test8' build : 0x00002580 (9600) major : UNKNOWN_ENUM_VALUE (3) minor : SPOOLSS_MINOR_VERSION_0 (0) processor : PROCESSOR_ARCHITECTURE_AMD64 (9) checking name: \\SLAVER\sprinter1 [2013/11/07 14:25:04.256238, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:737(open_printer_hnd) open_printer_hnd: name [\\SLAVER\sprinter1] [2013/11/07 14:25:04.256359, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[9] [0000] 00 00 00 00 05 02 00 00 00 00 00 00 7B 52 B0 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:04.256572, 3, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:506(set_printer_hnd_printertype) Setting printer type=\\SLAVER\sprinter1 Printer is a printer [2013/11/07 14:25:04.256690, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:566(set_printer_hnd_name) Setting printer name=\\SLAVER\sprinter1 (len=18) searching for [sprinter1] [2013/11/07 14:25:04.256851, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=tdb] ../source3/lib/gencache.c:275(gencache_set_data_blob) Did not store value for PRINTERNAME/sprinter1, we already got it set_printer_hnd_name: Printer found: sprinter1 -> sprinter1 [2013/11/07 14:25:04.256968, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:773(open_printer_hnd) 9 printer handles active [2013/11/07 14:25:04.257050, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 05 02 00 00 00 00 00 00 7B 52 B0 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:04.257201, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 05 02 00 00 00 00 00 00 7B 52 B0 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:04.257392, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:489(get_printer_snum) short name:sprinter1 [2013/11/07 14:25:04.257503, 3, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/access.c:338(allow_access) Allowed connection from 10.200.7.61 (10.200.7.61) [2013/11/07 14:25:04.257721, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/share_access.c:237(user_ok_token) user_ok_token: share sprinter1 is ok for unix user test8 [2013/11/07 14:25:04.257883, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) Create pipe requested \winreg [2013/11/07 14:25:04.257979, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:221(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \winreg [2013/11/07 14:25:04.258062, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg [2013/11/07 14:25:04.258194, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) Created internal pipe \winreg [2013/11/07 14:25:04.258320, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:25:04.258826, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2013/11/07 14:25:04.258911, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(2016, 5001) : sec_ctx_stack_ndx = 2 [2013/11/07 14:25:04.258999, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:485(push_conn_ctx) push_conn_ctx(2620291195) : conn_ctx_stack_ndx = 0 [2013/11/07 14:25:04.260151, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/11/07 14:25:04.260237, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/11/07 14:25:04.260317, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/11/07 14:25:04.260619, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (2016, 5001) - sec_ctx_stack_ndx = 1 [2013/11/07 14:25:04.260704, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:866(regdb_open) regdb_open: registry db opened. refcount reset (1) [2013/11/07 14:25:04.260790, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2013/11/07 14:25:04.260871, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2013/11/07 14:25:04.260956, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:04.261036, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM] [2013/11/07 14:25:04.261166, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2013/11/07 14:25:04.261270, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:25:04.261579, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 06 02 00 00 00 00 00 00 7B 52 B0 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:04.261790, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000206-0000-0000-7b52-b0947f2c0000 result : WERR_OK [2013/11/07 14:25:04.262184, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000206-0000-0000-7b52-b0947f2c0000 keyname: struct winreg_String name_len : 0x008c (140) name_size : 0x008c (140) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:25:04.263197, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 06 02 00 00 00 00 00 00 7B 52 B0 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:04.263349, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2013/11/07 14:25:04.263431, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (1->2) [2013/11/07 14:25:04.263515, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2013/11/07 14:25:04.263596, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2013/11/07 14:25:04.263680, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:04.263759, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE] [2013/11/07 14:25:04.263875, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2013/11/07 14:25:04.263977, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2013/11/07 14:25:04.264059, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (2->3) [2013/11/07 14:25:04.264142, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:25:04.264221, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:25:04.264319, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:04.264436, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:25:04.264547, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2013/11/07 14:25:04.264648, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2013/11/07 14:25:04.264730, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (3->4) [2013/11/07 14:25:04.264813, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:25:04.264892, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:25:04.264976, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:04.265054, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:25:04.265157, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:25:04.265259, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2013/11/07 14:25:04.265364, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (4->5) [2013/11/07 14:25:04.265448, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:25:04.265527, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:25:04.265613, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:04.265691, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:25:04.265816, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2013/11/07 14:25:04.265898, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (5->6) [2013/11/07 14:25:04.265985, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:25:04.266066, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:25:04.266167, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:04.266246, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:25:04.266355, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2013/11/07 14:25:04.266436, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (6->7) [2013/11/07 14:25:04.266521, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:25:04.266602, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:25:04.266690, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:04.266769, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:25:04.266873, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:25:04.266976, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [sprinter1] [2013/11/07 14:25:04.267058, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (7->8) [2013/11/07 14:25:04.267143, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:04.267223, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:04.267309, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:04.267388, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:04.267513, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:04.267615, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:25:04.267699, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (8->7) [2013/11/07 14:25:04.267796, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (7->6) [2013/11/07 14:25:04.267880, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (6->5) [2013/11/07 14:25:04.267962, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (5->4) [2013/11/07 14:25:04.268045, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (4->3) [2013/11/07 14:25:04.268127, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (3->2) [2013/11/07 14:25:04.268211, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 07 02 00 00 00 00 00 00 7B 52 B0 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:04.268361, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000207-0000-0000-7b52-b0947f2c0000 result : WERR_OK [2013/11/07 14:25:04.268754, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000207-0000-0000-7b52-b0947f2c0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2013/11/07 14:25:04.269566, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 07 02 00 00 00 00 00 00 7B 52 B0 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:04.269716, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:04.269797, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2013/11/07 14:25:04.269880, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' (ops 0xb6d86bc0) [2013/11/07 14:25:04.269977, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:04.270102, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[0]: name[Attributes] len[4] [2013/11/07 14:25:04.270188, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[1]: name[Description] len[2] [2013/11/07 14:25:04.270271, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[2]: name[Datatype] len[8] [2013/11/07 14:25:04.270355, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[3]: name[Default Priority] len[4] [2013/11/07 14:25:04.270439, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[4]: name[Port] len[38] [2013/11/07 14:25:04.270523, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[5]: name[Name] len[20] [2013/11/07 14:25:04.270607, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[6]: name[Print Processor] len[18] [2013/11/07 14:25:04.270691, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[7]: name[Priority] len[4] [2013/11/07 14:25:04.270776, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[8]: name[Security] len[248] [2013/11/07 14:25:04.270861, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[9]: name[Share Name] len[20] [2013/11/07 14:25:04.270945, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[10]: name[StartTime] len[4] [2013/11/07 14:25:04.271031, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[11]: name[UntilTime] len[4] [2013/11/07 14:25:04.271115, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[12]: name[ChangeID] len[4] [2013/11/07 14:25:04.271202, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : NULL data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x00000000 (0) result : WERR_OK [2013/11/07 14:25:04.271655, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000207-0000-0000-7b52-b0947f2c0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_BINARY (3) data : * data: ARRAY(0) data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x00000000 (0) [2013/11/07 14:25:04.272514, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 07 02 00 00 00 00 00 00 7B 52 B0 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:04.272663, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:04.272744, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2013/11/07 14:25:04.272832, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : * data: ARRAY(248) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0xc4 (196) [55] : 0x00 (0) [56] : 0x07 (7) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x24 (36) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x05 (5) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x15 (21) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0xcd (205) [101] : 0x0e (14) [102] : 0x37 (55) [103] : 0x41 (65) [104] : 0xea (234) [105] : 0x03 (3) [106] : 0x00 (0) [107] : 0x1d (29) [108] : 0x0e (14) [109] : 0x89 (137) [110] : 0x3c (60) [111] : 0xd2 (210) [112] : 0x00 (0) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x02 (2) [118] : 0x24 (36) [119] : 0x00 (0) [120] : 0x0c (12) [121] : 0x00 (0) [122] : 0x0f (15) [123] : 0x10 (16) [124] : 0x01 (1) [125] : 0x05 (5) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x05 (5) [132] : 0x15 (21) [133] : 0x00 (0) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0xcd (205) [137] : 0x0e (14) [138] : 0x37 (55) [139] : 0x41 (65) [140] : 0xea (234) [141] : 0x03 (3) [142] : 0x00 (0) [143] : 0x1d (29) [144] : 0x0e (14) [145] : 0x89 (137) [146] : 0x3c (60) [147] : 0xd2 (210) [148] : 0x00 (0) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x09 (9) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x20 (32) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x02 (2) [178] : 0x18 (24) [179] : 0x00 (0) [180] : 0x0c (12) [181] : 0x00 (0) [182] : 0x0f (15) [183] : 0x10 (16) [184] : 0x01 (1) [185] : 0x02 (2) [186] : 0x00 (0) [187] : 0x00 (0) [188] : 0x00 (0) [189] : 0x00 (0) [190] : 0x00 (0) [191] : 0x05 (5) [192] : 0x20 (32) [193] : 0x00 (0) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x20 (32) [197] : 0x02 (2) [198] : 0x00 (0) [199] : 0x00 (0) [200] : 0x00 (0) [201] : 0x09 (9) [202] : 0x18 (24) [203] : 0x00 (0) [204] : 0x0c (12) [205] : 0x00 (0) [206] : 0x0f (15) [207] : 0x10 (16) [208] : 0x01 (1) [209] : 0x02 (2) [210] : 0x00 (0) [211] : 0x00 (0) [212] : 0x00 (0) [213] : 0x00 (0) [214] : 0x00 (0) [215] : 0x05 (5) [216] : 0x20 (32) [217] : 0x00 (0) [218] : 0x00 (0) [219] : 0x00 (0) [220] : 0x26 (38) [221] : 0x02 (2) [222] : 0x00 (0) [223] : 0x00 (0) [224] : 0x00 (0) [225] : 0x02 (2) [226] : 0x18 (24) [227] : 0x00 (0) [228] : 0x0c (12) [229] : 0x00 (0) [230] : 0x0f (15) [231] : 0x10 (16) [232] : 0x01 (1) [233] : 0x02 (2) [234] : 0x00 (0) [235] : 0x00 (0) [236] : 0x00 (0) [237] : 0x00 (0) [238] : 0x00 (0) [239] : 0x05 (5) [240] : 0x20 (32) [241] : 0x00 (0) [242] : 0x00 (0) [243] : 0x00 (0) [244] : 0x26 (38) [245] : 0x02 (2) [246] : 0x00 (0) [247] : 0x00 (0) data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x000000f8 (248) result : WERR_OK [2013/11/07 14:25:04.283443, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000207-0000-0000-7b52-b0947f2c0000 [2013/11/07 14:25:04.283735, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 07 02 00 00 00 00 00 00 7B 52 B0 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:04.283886, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 07 02 00 00 00 00 00 00 7B 52 B0 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:04.284033, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:25:04.284122, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (2->1) [2013/11/07 14:25:04.284206, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:25:04.284574, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000206-0000-0000-7b52-b0947f2c0000 [2013/11/07 14:25:04.284855, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 06 02 00 00 00 00 00 00 7B 52 B0 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:04.285003, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 06 02 00 00 00 00 00 00 7B 52 B0 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:04.285149, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:25:04.285232, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (1->0) [2013/11/07 14:25:04.285352, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:25:04.285700, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:416(close_policy_by_pipe) Deleted handle list for RPC connection \winreg [2013/11/07 14:25:04.285792, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x20020008 to 0x00020008 [2013/11/07 14:25:04.285873, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2013/11/07 14:25:04.285953, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2013/11/07 14:25:04.286032, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2013/11/07 14:25:04.286112, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2013/11/07 14:25:04.286191, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2013/11/07 14:25:04.286271, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2013/11/07 14:25:04.286354, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/printing/nt_printing.c:1844(print_access_check) access check was SUCCESS [2013/11/07 14:25:04.286437, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:1921(_spoolss_OpenPrinterEx) Setting printer access = PRINTER_ACCESS_USE [2013/11/07 14:25:04.286605, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) Create pipe requested \winreg [2013/11/07 14:25:04.286703, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:221(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \winreg [2013/11/07 14:25:04.286786, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg [2013/11/07 14:25:04.286926, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) Created internal pipe \winreg [2013/11/07 14:25:04.287028, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:25:04.287540, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2013/11/07 14:25:04.287626, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(2016, 5001) : sec_ctx_stack_ndx = 2 [2013/11/07 14:25:04.287731, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:485(push_conn_ctx) push_conn_ctx(2620291195) : conn_ctx_stack_ndx = 0 [2013/11/07 14:25:04.287814, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/11/07 14:25:04.287894, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/11/07 14:25:04.287975, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/11/07 14:25:04.288217, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (2016, 5001) - sec_ctx_stack_ndx = 1 [2013/11/07 14:25:04.288302, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:866(regdb_open) regdb_open: registry db opened. refcount reset (1) [2013/11/07 14:25:04.288931, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2013/11/07 14:25:04.289043, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2013/11/07 14:25:04.289130, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:04.289210, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM] [2013/11/07 14:25:04.289415, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2013/11/07 14:25:04.289517, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:25:04.289643, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 08 02 00 00 00 00 00 00 7B 52 B0 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:04.289798, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000208-0000-0000-7b52-b0947f2c0000 result : WERR_OK [2013/11/07 14:25:04.292819, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000208-0000-0000-7b52-b0947f2c0000 keyname: struct winreg_String name_len : 0x008c (140) name_size : 0x008c (140) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:25:04.293989, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 08 02 00 00 00 00 00 00 7B 52 B0 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:04.294153, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2013/11/07 14:25:04.294236, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (1->2) [2013/11/07 14:25:04.294321, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2013/11/07 14:25:04.294402, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2013/11/07 14:25:04.294488, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:04.294598, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE] [2013/11/07 14:25:04.294728, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2013/11/07 14:25:04.294833, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2013/11/07 14:25:04.294915, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (2->3) [2013/11/07 14:25:04.294999, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:25:04.295078, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:25:04.295162, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:04.295242, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:25:04.295688, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2013/11/07 14:25:04.295790, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2013/11/07 14:25:04.295902, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (3->4) [2013/11/07 14:25:04.296007, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:25:04.296086, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:25:04.296170, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:04.296249, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:25:04.296355, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:25:04.296500, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2013/11/07 14:25:04.296615, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (4->5) [2013/11/07 14:25:04.296702, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:25:04.296781, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:25:04.296867, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:04.296946, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:25:04.297075, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2013/11/07 14:25:04.297158, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (5->6) [2013/11/07 14:25:04.297242, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:25:04.297342, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:25:04.297429, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:04.297508, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:25:04.297653, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2013/11/07 14:25:04.297736, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (6->7) [2013/11/07 14:25:04.297821, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:25:04.297916, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:25:04.298005, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:04.298084, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:25:04.298188, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:25:04.298291, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [sprinter1] [2013/11/07 14:25:04.298373, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (7->8) [2013/11/07 14:25:04.298459, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:04.298539, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:04.298659, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:04.298738, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:04.298868, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:04.298971, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:25:04.299057, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (8->7) [2013/11/07 14:25:04.299141, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (7->6) [2013/11/07 14:25:04.299225, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (6->5) [2013/11/07 14:25:04.299307, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (5->4) [2013/11/07 14:25:04.299390, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (4->3) [2013/11/07 14:25:04.299473, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (3->2) [2013/11/07 14:25:04.299603, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 09 02 00 00 00 00 00 00 7B 52 B0 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:04.299756, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000209-0000-0000-7b52-b0947f2c0000 result : WERR_OK [2013/11/07 14:25:04.300099, 2, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/rpc_client/cli_winreg_spoolss.c:626(winreg_create_printer) winreg_create_printer: Skipping, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1 already exists [2013/11/07 14:25:04.300200, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000209-0000-0000-7b52-b0947f2c0000 [2013/11/07 14:25:04.300543, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 09 02 00 00 00 00 00 00 7B 52 B0 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:04.300702, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 09 02 00 00 00 00 00 00 7B 52 B0 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:04.300851, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:25:04.300933, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (2->1) [2013/11/07 14:25:04.301015, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:25:04.301378, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000208-0000-0000-7b52-b0947f2c0000 [2013/11/07 14:25:04.301656, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 08 02 00 00 00 00 00 00 7B 52 B0 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:04.301804, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 08 02 00 00 00 00 00 00 7B 52 B0 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:04.301965, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:25:04.302047, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (1->0) [2013/11/07 14:25:04.302147, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:25:04.302479, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:416(close_policy_by_pipe) Deleted handle list for RPC connection \winreg [2013/11/07 14:25:04.302576, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) spoolss_OpenPrinterEx: struct spoolss_OpenPrinterEx out: struct spoolss_OpenPrinterEx handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000205-0000-0000-7b52-b0947f2c0000 result : WERR_OK [2013/11/07 14:25:04.302904, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1417(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2013/11/07 14:25:04.303010, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (2016, 5001) - sec_ctx_stack_ndx = 0 [2013/11/07 14:25:04.303096, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 176 smbd_smb2_request_pending_queue: req->current_idx = 1 req->in.vector[0].iov_len = 0 req->in.vector[1].iov_len = 0 req->in.vector[2].iov_len = 64 req->in.vector[3].iov_len = 56 req->in.vector[4].iov_len = 192 req->out.vector[0].iov_len = 4 req->out.vector[1].iov_len = 0 req->out.vector[2].iov_len = 64 req->out.vector[3].iov_len = 8 req->out.vector[4].iov_len = 0 [2013/11/07 14:25:04.303603, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:128(smbd_smb2_ioctl_pipe_write_done) smbd_smb2_ioctl_pipe_write_done: received 192 [2013/11/07 14:25:04.303686, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:149(smbd_smb2_ioctl_pipe_write_done) smbd_smb2_ioctl_pipe_write_done: issuing np_read_send of size 1024 [2013/11/07 14:25:04.303770, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) name: \spoolss len: 1024 [2013/11/07 14:25:04.303854, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:347(read_from_internal_pipe) read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 24. [2013/11/07 14:25:04.303950, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0030 (48) auth_length : 0x0000 (0) call_id : 0x00000002 (2) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00000018 (24) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=24 [0000] 00 00 00 00 05 02 00 00 00 00 00 00 7B 52 B0 94 ........ ....{R.. [0010] 7F 2C 00 00 00 00 00 00 .,...... [2013/11/07 14:25:04.304926, 3, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) free_pipe_context: destroying talloc pool of size 61 [2013/11/07 14:25:04.305019, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 48 bytes. There is no more data outstanding [2013/11/07 14:25:04.305100, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:178(smbd_smb2_ioctl_pipe_read_done) smbd_smb2_ioctl_pipe_read_done: np_read_recv nread = 48 is_data_outstanding = 0, status = NT_STATUS_OK [2013/11/07 14:25:04.305188, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl.c:291(smbd_smb2_request_ioctl_done) smbd_smb2_request_ioctl_done: smbd_smb2_ioctl_recv returned 48 status NT_STATUS_OK [2013/11/07 14:25:04.305271, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[48] dyn[yes:48] at ../source3/smbd/smb2_ioctl.c:358 [2013/11/07 14:25:04.305397, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/289/127 [2013/11/07 14:25:04.315500, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) smbd_smb2_request_incoming: idx[1] of 5 vectors [2013/11/07 14:25:04.315684, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) smb2_validate_sequence_number: clearing id 289 (position 289) from bitmap [2013/11/07 14:25:04.315774, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) smbd_smb2_request_dispatch: opcode[SMB2_OP_CREATE] mid = 289 [2013/11/07 14:25:04.315887, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2013/11/07 14:25:04.315988, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_create.c:451(smbd_smb2_create_send) smbd_smb2_create: name[spoolss] [2013/11/07 14:25:04.316089, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap.c:187(dbwrap_check_lock_order) check lock order 1 for /var/run/samba/smbXsrv_open_global.tdb [2013/11/07 14:25:04.316171, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) lock order: 1:/var/run/samba/smbXsrv_open_global.tdb 2: 3: [2013/11/07 14:25:04.316260, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) Locking key 4FA9A405 [2013/11/07 14:25:04.316358, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap_tdb.c:143(db_tdb_fetch_locked_internal) Allocated locked data 0x0xb7cf7d70 [2013/11/07 14:25:04.316530, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smbXsrv_open.c:695(smbXsrv_open_global_store) [2013/11/07 14:25:04.316577, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smbXsrv_open.c:697(smbXsrv_open_global_store) smbXsrv_open_global_store: key '4FA9A405' stored [2013/11/07 14:25:04.316682, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) &global_blob: struct smbXsrv_open_globalB version : SMBXSRV_VERSION_0 (0) seqnum : 0x00000001 (1) info : union smbXsrv_open_globalU(case 0) info0 : * info0: struct smbXsrv_open_global0 db_rec : * server_id: struct server_id pid : 0x0000000000002c7f (11391) task_id : 0x00000000 (0) vnn : 0xffffffff (4294967295) unique_id : 0xf0a57ba60aba1420 (-1106342180374834144) open_global_id : 0x4fa9a405 (1336517637) open_persistent_id : 0x000000004fa9a405 (1336517637) open_volatile_id : 0x000000006fa44e90 (1873038992) open_owner : S-1-5-21-1094127309-486540266-3527182606-1118 open_time : Do Nov 7 14:25:04 2013 CET create_guid : 00000000-0000-0000-0000-000000000000 client_guid : 4a76dfb5-4795-11e3-be7a-5254003f141e app_instance_id : 00000000-0000-0000-0000-000000000000 disconnect_time : NTTIME(0) durable_timeout_msec : 0x00000000 (0) durable : 0x00 (0) backend_cookie : DATA_BLOB length=0 [2013/11/07 14:25:04.317998, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) Unlocking key 4FA9A405 [2013/11/07 14:25:04.318086, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor) release lock order 1 for /var/run/samba/smbXsrv_open_global.tdb [2013/11/07 14:25:04.318168, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) lock order: 1: 2: 3: [2013/11/07 14:25:04.318251, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smbXsrv_open.c:862(smbXsrv_open_create) [2013/11/07 14:25:04.318296, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smbXsrv_open.c:870(smbXsrv_open_create) smbXsrv_open_create: global_id (0x4fa9a405) stored [2013/11/07 14:25:04.318376, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) &open_blob: struct smbXsrv_openB version : SMBXSRV_VERSION_0 (0) reserved : 0x00000000 (0) info : union smbXsrv_openU(case 0) info0 : * info0: struct smbXsrv_open table : * db_rec : NULL local_id : 0x6fa44e90 (1873038992) global : * global: struct smbXsrv_open_global0 db_rec : NULL server_id: struct server_id pid : 0x0000000000002c7f (11391) task_id : 0x00000000 (0) vnn : 0xffffffff (4294967295) unique_id : 0xf0a57ba60aba1420 (-1106342180374834144) open_global_id : 0x4fa9a405 (1336517637) open_persistent_id : 0x000000004fa9a405 (1336517637) open_volatile_id : 0x000000006fa44e90 (1873038992) open_owner : S-1-5-21-1094127309-486540266-3527182606-1118 open_time : Do Nov 7 14:25:04 2013 CET create_guid : 00000000-0000-0000-0000-000000000000 client_guid : 4a76dfb5-4795-11e3-be7a-5254003f141e app_instance_id : 00000000-0000-0000-0000-000000000000 disconnect_time : NTTIME(0) durable_timeout_msec : 0x00000000 (0) durable : 0x00 (0) backend_cookie : DATA_BLOB length=0 status : NT_STATUS_OK idle_time : Do Nov 7 14:25:04 2013 CET compat : NULL [2013/11/07 14:25:04.319711, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/files.c:125(file_new) allocated file structure fnum 1873038992 (10 used) [2013/11/07 14:25:04.319804, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/files.c:713(file_name_hash) file_name_hash: /tmp/spoolss hash 0x7d4e46e5 [2013/11/07 14:25:04.319921, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) Create pipe requested \spoolss [2013/11/07 14:25:04.320013, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 33 for pipe \spoolss [2013/11/07 14:25:04.320169, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) Created internal pipe \spoolss [2013/11/07 14:25:04.320255, 8, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/dosmode.c:631(dos_mode) dos_mode: spoolss [2013/11/07 14:25:04.320357, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_create.c:1053(smbd_smb2_create_send) smbd_smb2_create_send: spoolss - fnum 1873038992 [2013/11/07 14:25:04.320535, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[88] dyn[yes:0] at ../source3/smbd/smb2_create.c:369 [2013/11/07 14:25:04.320624, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/290/127 [2013/11/07 14:25:04.321834, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) smbd_smb2_request_incoming: idx[1] of 5 vectors [2013/11/07 14:25:04.321948, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) smb2_validate_sequence_number: clearing id 290 (position 290) from bitmap [2013/11/07 14:25:04.322032, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) smbd_smb2_request_dispatch: opcode[SMB2_OP_WRITE] mid = 290 [2013/11/07 14:25:04.322135, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2013/11/07 14:25:04.322270, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) mid 290, CreditCharge: 1, NeededCharge: 1 [2013/11/07 14:25:04.322356, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_write.c:271(smbd_smb2_write_send) smbd_smb2_write: spoolss - fnum 1873038992 [2013/11/07 14:25:04.322448, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 160 [2013/11/07 14:25:04.322548, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 160 [2013/11/07 14:25:04.322629, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 160 [2013/11/07 14:25:04.322710, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) fill_rpc_header: data_to_copy = 160, len_needed_to_complete_hdr = 16, receive_len = 0 [2013/11/07 14:25:04.322792, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 16 [2013/11/07 14:25:04.322870, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 144 [2013/11/07 14:25:04.322949, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 144 [2013/11/07 14:25:04.323032, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 0 [2013/11/07 14:25:04.323111, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 144 [2013/11/07 14:25:04.323190, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 144, incoming data = 144 [2013/11/07 14:25:04.323305, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) PDU is in Little Endian format! [2013/11/07 14:25:04.323399, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_BIND (11) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x00a0 (160) auth_length : 0x0000 (0) call_id : 0x00000002 (2) u : union dcerpc_payload(case 11) bind: struct dcerpc_bind max_xmit_frag : 0x10b8 (4280) max_recv_frag : 0x10b8 (4280) assoc_group_id : 0x00000000 (0) num_contexts : 0x03 (3) ctx_list: ARRAY(3) ctx_list: struct dcerpc_ctx_list context_id : 0x0000 (0) num_transfer_syntaxes : 0x01 (1) abstract_syntax: struct ndr_syntax_id uuid : 12345678-1234-abcd-ef00-0123456789ab if_version : 0x00000001 (1) transfer_syntaxes: ARRAY(1) transfer_syntaxes: struct ndr_syntax_id uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 if_version : 0x00000002 (2) ctx_list: struct dcerpc_ctx_list context_id : 0x0001 (1) num_transfer_syntaxes : 0x01 (1) abstract_syntax: struct ndr_syntax_id uuid : 12345678-1234-abcd-ef00-0123456789ab if_version : 0x00000001 (1) transfer_syntaxes: ARRAY(1) transfer_syntaxes: struct ndr_syntax_id uuid : 71710533-beba-4937-8319-b5dbef9ccc36 if_version : 0x00000001 (1) ctx_list: struct dcerpc_ctx_list context_id : 0x0002 (2) num_transfer_syntaxes : 0x01 (1) abstract_syntax: struct ndr_syntax_id uuid : 12345678-1234-abcd-ef00-0123456789ab if_version : 0x00000001 (1) transfer_syntaxes: ARRAY(1) transfer_syntaxes: struct ndr_syntax_id uuid : 6cb71c2c-9812-4540-0300-000000000000 if_version : 0x00000001 (1) auth_info : DATA_BLOB length=0 [2013/11/07 14:25:04.325522, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) Processing packet type 11 [2013/11/07 14:25:04.325608, 3, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:693(api_pipe_bind_req) api_pipe_bind_req: spoolss -> spoolss rpc service [2013/11/07 14:25:04.325691, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:724(api_pipe_bind_req) api_pipe_bind_req: make response. 724 [2013/11/07 14:25:04.325771, 3, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:342(check_bind_req) check_bind_req for \spoolss [2013/11/07 14:25:04.325856, 3, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:349(check_bind_req) check_bind_req: spoolss -> spoolss rpc service [2013/11/07 14:25:04.325939, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 34 for pipe \spoolss [2013/11/07 14:25:04.326045, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_BIND_ACK (12) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0044 (68) auth_length : 0x0000 (0) call_id : 0x00000002 (2) u : union dcerpc_payload(case 12) bind_ack: struct dcerpc_bind_ack max_xmit_frag : 0x10b8 (4280) max_recv_frag : 0x10b8 (4280) assoc_group_id : 0x000053f0 (21488) secondary_address_size : 0x000e (14) secondary_address : '\PIPE\spoolss' _pad1 : DATA_BLOB length=0 num_results : 0x01 (1) ctx_list: ARRAY(1) ctx_list: struct dcerpc_ack_ctx result : 0x0000 (0) reason : 0x0000 (0) syntax: struct ndr_syntax_id uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 if_version : 0x00000002 (2) auth_info : DATA_BLOB length=0 [2013/11/07 14:25:04.327244, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 144 smbd_smb2_request_pending_queue: req->current_idx = 1 req->in.vector[0].iov_len = 0 req->in.vector[1].iov_len = 0 req->in.vector[2].iov_len = 64 req->in.vector[3].iov_len = 48 req->in.vector[4].iov_len = 160 req->out.vector[0].iov_len = 4 req->out.vector[1].iov_len = 0 req->out.vector[2].iov_len = 64 req->out.vector[3].iov_len = 8 req->out.vector[4].iov_len = 0 [2013/11/07 14:25:04.327732, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[16] dyn[yes:0] at ../source3/smbd/smb2_write.c:150 [2013/11/07 14:25:04.327819, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/291/127 [2013/11/07 14:25:04.328660, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) smbd_smb2_request_incoming: idx[1] of 5 vectors [2013/11/07 14:25:04.328780, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) smb2_validate_sequence_number: clearing id 291 (position 291) from bitmap [2013/11/07 14:25:04.328864, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) smbd_smb2_request_dispatch: opcode[SMB2_OP_READ] mid = 291 [2013/11/07 14:25:04.328960, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2013/11/07 14:25:04.329048, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) mid 291, CreditCharge: 1, NeededCharge: 1 [2013/11/07 14:25:04.329129, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_read.c:400(smbd_smb2_read_send) smbd_smb2_read: spoolss - fnum 1873038992 [2013/11/07 14:25:04.329218, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) name: \spoolss len: 1024 [2013/11/07 14:25:04.329346, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:326(read_from_internal_pipe) read_from_pipe: \spoolss: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. [2013/11/07 14:25:04.329431, 3, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) free_pipe_context: destroying talloc pool of size 25 smbd_smb2_request_pending_queue: req->current_idx = 1 req->in.vector[0].iov_len = 0 req->in.vector[1].iov_len = 0 req->in.vector[2].iov_len = 64 req->in.vector[3].iov_len = 48 req->in.vector[4].iov_len = 1 req->out.vector[0].iov_len = 4 req->out.vector[1].iov_len = 0 req->out.vector[2].iov_len = 64 req->out.vector[3].iov_len = 8 req->out.vector[4].iov_len = 0 [2013/11/07 14:25:04.329911, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 68 bytes. There is no more data outstanding [2013/11/07 14:25:04.329995, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[16] dyn[yes:68] at ../source3/smbd/smb2_read.c:154 [2013/11/07 14:25:04.330080, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/292/127 [2013/11/07 14:25:04.330987, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) smbd_smb2_request_incoming: idx[1] of 5 vectors [2013/11/07 14:25:04.331096, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) smb2_validate_sequence_number: clearing id 292 (position 292) from bitmap [2013/11/07 14:25:04.331179, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) smbd_smb2_request_dispatch: opcode[SMB2_OP_IOCTL] mid = 292 [2013/11/07 14:25:04.331317, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2013/11/07 14:25:04.331404, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) mid 292, CreditCharge: 1, NeededCharge: 1 [2013/11/07 14:25:04.331485, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl.c:394(smbd_smb2_ioctl_send) smbd_smb2_ioctl: ctl_code[0x0011c017] spoolss, fnum 1873038992 [2013/11/07 14:25:04.331572, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:59(smb2_ioctl_named_pipe) smbd_smb2_ioctl_send: np_write_send of size 192 [2013/11/07 14:25:04.331652, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 192 [2013/11/07 14:25:04.331733, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 192 [2013/11/07 14:25:04.331813, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 192 [2013/11/07 14:25:04.331893, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) fill_rpc_header: data_to_copy = 192, len_needed_to_complete_hdr = 16, receive_len = 0 [2013/11/07 14:25:04.331974, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 16 [2013/11/07 14:25:04.332052, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 176 [2013/11/07 14:25:04.332131, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 176 [2013/11/07 14:25:04.332213, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 0 [2013/11/07 14:25:04.332302, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 176 [2013/11/07 14:25:04.332381, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 176, incoming data = 176 [2013/11/07 14:25:04.332496, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) PDU is in Little Endian format! [2013/11/07 14:25:04.332584, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x00c0 (192) auth_length : 0x0000 (0) call_id : 0x00000002 (2) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x000000a8 (168) context_id : 0x0000 (0) opnum : 0x0045 (69) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=168 [0000] 00 00 02 00 13 00 00 00 00 00 00 00 13 00 00 00 ........ ........ [0010] 5C 00 5C 00 53 00 4C 00 41 00 56 00 45 00 52 00 \.\.S.L. A.V.E.R. [0020] 5C 00 73 00 70 00 72 00 69 00 6E 00 74 00 65 00 \.s.p.r. i.n.t.e. [0030] 72 00 31 00 00 00 00 00 00 00 00 00 00 00 00 00 r.1..... ........ [0040] 00 00 00 00 00 00 00 00 01 00 00 00 01 00 00 00 ........ ........ [0050] 04 00 02 00 28 00 00 00 08 00 02 00 0C 00 02 00 ....(... ........ [0060] 80 25 00 00 03 00 00 00 00 00 00 00 09 00 00 00 .%...... ........ [0070] 05 00 00 00 00 00 00 00 05 00 00 00 57 00 49 00 ........ ....W.I. [0080] 4E 00 38 00 00 00 00 00 0A 00 00 00 00 00 00 00 N.8..... ........ [0090] 0A 00 00 00 46 00 46 00 46 00 5C 00 74 00 65 00 ....F.F. F.\.t.e. [00A0] 73 00 74 00 38 00 00 00 s.t.8... [2013/11/07 14:25:04.334286, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) Processing packet type 0 [2013/11/07 14:25:04.334367, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1472(dcesrv_auth_request) Checking request auth. [2013/11/07 14:25:04.334452, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(2016, 5001) : sec_ctx_stack_ndx = 1 [2013/11/07 14:25:04.334543, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (2016, 5001) - sec_ctx_stack_ndx = 1 [2013/11/07 14:25:04.334627, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (7): SID[ 0]: S-1-5-21-1094127309-486540266-3527182606-1118 SID[ 1]: S-1-5-21-1094127309-486540266-3527182606-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-32-545 SID[ 6]: S-1-5-32-554 Privileges (0x 800000): Privilege[ 0]: SeChangeNotifyPrivilege Rights (0x 400): Right[ 0]: SeRemoteInteractiveLogonRight [2013/11/07 14:25:04.335110, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 2016 Primary group is 5001 and contains 6 supplementary groups Group[ 0]: 5001 Group[ 1]: 5012 Group[ 2]: 5032 Group[ 3]: 5010 Group[ 4]: 5067 Group[ 5]: 5052 [2013/11/07 14:25:04.335454, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1324(api_pipe_request) Requested \spoolss rpc service [2013/11/07 14:25:04.335611, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1356(api_rpcTNP) api_rpcTNP: \spoolss op 0x45 - api_rpcTNP: rpc command: SPOOLSS_OPENPRINTEREX [2013/11/07 14:25:04.335698, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1390(api_rpcTNP) api_rpc_cmds[69].fn == 0xb7662e70 [2013/11/07 14:25:04.335797, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) spoolss_OpenPrinterEx: struct spoolss_OpenPrinterEx in: struct spoolss_OpenPrinterEx printername : * printername : '\\SLAVER\sprinter1' datatype : NULL devmode_ctr: struct spoolss_DevmodeContainer _ndr_size : 0x00000000 (0) devmode : NULL access_mask : 0x00000000 (0) 0: SERVER_ACCESS_ADMINISTER 0: SERVER_ACCESS_ENUMERATE 0: PRINTER_ACCESS_ADMINISTER 0: PRINTER_ACCESS_USE 0: JOB_ACCESS_ADMINISTER 0: JOB_ACCESS_READ userlevel_ctr: struct spoolss_UserLevelCtr level : 0x00000001 (1) user_info : union spoolss_UserLevel(case 1) level1 : * level1: struct spoolss_UserLevel1 size : 0x00000028 (40) client : * client : 'WIN8' user : * user : 'FFF\test8' build : 0x00002580 (9600) major : UNKNOWN_ENUM_VALUE (3) minor : SPOOLSS_MINOR_VERSION_0 (0) processor : PROCESSOR_ARCHITECTURE_AMD64 (9) checking name: \\SLAVER\sprinter1 [2013/11/07 14:25:04.337631, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:737(open_printer_hnd) open_printer_hnd: name [\\SLAVER\sprinter1] [2013/11/07 14:25:04.337744, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[10] [0000] 00 00 00 00 0A 02 00 00 00 00 00 00 7B 52 B0 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:04.337901, 3, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:506(set_printer_hnd_printertype) Setting printer type=\\SLAVER\sprinter1 Printer is a printer [2013/11/07 14:25:04.338020, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:566(set_printer_hnd_name) Setting printer name=\\SLAVER\sprinter1 (len=18) searching for [sprinter1] [2013/11/07 14:25:04.338185, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=tdb] ../source3/lib/gencache.c:275(gencache_set_data_blob) Did not store value for PRINTERNAME/sprinter1, we already got it set_printer_hnd_name: Printer found: sprinter1 -> sprinter1 [2013/11/07 14:25:04.338302, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:773(open_printer_hnd) 10 printer handles active [2013/11/07 14:25:04.338383, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0A 02 00 00 00 00 00 00 7B 52 B0 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:04.338535, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0A 02 00 00 00 00 00 00 7B 52 B0 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:04.338685, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:489(get_printer_snum) short name:sprinter1 [2013/11/07 14:25:04.338791, 3, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/access.c:338(allow_access) Allowed connection from 10.200.7.61 (10.200.7.61) [2013/11/07 14:25:04.339028, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/share_access.c:237(user_ok_token) user_ok_token: share sprinter1 is ok for unix user test8 [2013/11/07 14:25:04.339190, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) Create pipe requested \winreg [2013/11/07 14:25:04.339287, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:221(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \winreg [2013/11/07 14:25:04.339370, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg [2013/11/07 14:25:04.339499, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) Created internal pipe \winreg [2013/11/07 14:25:04.339608, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:25:04.340113, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2013/11/07 14:25:04.340199, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(2016, 5001) : sec_ctx_stack_ndx = 2 [2013/11/07 14:25:04.340287, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:485(push_conn_ctx) push_conn_ctx(2620291195) : conn_ctx_stack_ndx = 0 [2013/11/07 14:25:04.340368, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/11/07 14:25:04.340499, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/11/07 14:25:04.340579, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/11/07 14:25:04.340824, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (2016, 5001) - sec_ctx_stack_ndx = 1 [2013/11/07 14:25:04.340909, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:866(regdb_open) regdb_open: registry db opened. refcount reset (1) [2013/11/07 14:25:04.340997, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2013/11/07 14:25:04.341077, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2013/11/07 14:25:04.341162, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:04.341241, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM] [2013/11/07 14:25:04.341428, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2013/11/07 14:25:04.341535, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:25:04.341622, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 0B 02 00 00 00 00 00 00 7B 52 B0 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:04.341777, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000020b-0000-0000-7b52-b0947f2c0000 result : WERR_OK [2013/11/07 14:25:04.342142, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000020b-0000-0000-7b52-b0947f2c0000 keyname: struct winreg_String name_len : 0x008c (140) name_size : 0x008c (140) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:25:04.343143, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0B 02 00 00 00 00 00 00 7B 52 B0 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:04.343298, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2013/11/07 14:25:04.343380, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (1->2) [2013/11/07 14:25:04.343467, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2013/11/07 14:25:04.343546, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2013/11/07 14:25:04.343630, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:04.343709, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE] [2013/11/07 14:25:04.343835, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2013/11/07 14:25:04.343936, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2013/11/07 14:25:04.344018, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (2->3) [2013/11/07 14:25:04.344102, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:25:04.344181, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:25:04.344265, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:04.344344, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:25:04.344496, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2013/11/07 14:25:04.344597, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2013/11/07 14:25:04.344680, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (3->4) [2013/11/07 14:25:04.344764, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:25:04.344843, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:25:04.344927, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:04.345006, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:25:04.345110, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:25:04.345211, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2013/11/07 14:25:04.345308, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (4->5) [2013/11/07 14:25:04.345393, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:25:04.345473, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:25:04.345573, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:04.345653, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:25:04.345776, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2013/11/07 14:25:04.345859, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (5->6) [2013/11/07 14:25:04.345945, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:25:04.346025, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:25:04.346114, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:04.346193, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:25:04.346299, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2013/11/07 14:25:04.346381, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (6->7) [2013/11/07 14:25:04.346466, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:25:04.346547, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:25:04.346637, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:04.346716, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:25:04.346820, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:25:04.346923, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [sprinter1] [2013/11/07 14:25:04.347006, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (7->8) [2013/11/07 14:25:04.347091, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:04.347172, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:04.347272, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:04.347351, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:04.347476, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:04.347579, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:25:04.347665, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (8->7) [2013/11/07 14:25:04.347748, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (7->6) [2013/11/07 14:25:04.347832, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (6->5) [2013/11/07 14:25:04.347915, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (5->4) [2013/11/07 14:25:04.347998, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (4->3) [2013/11/07 14:25:04.348081, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (3->2) [2013/11/07 14:25:04.348165, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 0C 02 00 00 00 00 00 00 7B 52 B0 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:04.348314, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000020c-0000-0000-7b52-b0947f2c0000 result : WERR_OK [2013/11/07 14:25:04.348706, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000020c-0000-0000-7b52-b0947f2c0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2013/11/07 14:25:04.349516, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0C 02 00 00 00 00 00 00 7B 52 B0 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:04.349670, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:04.349751, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2013/11/07 14:25:04.349834, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_dispatcher.c:151(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' (ops 0xb6d86bc0) [2013/11/07 14:25:04.349918, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1891(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:04.350038, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[0]: name[Attributes] len[4] [2013/11/07 14:25:04.350123, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[1]: name[Description] len[2] [2013/11/07 14:25:04.350206, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[2]: name[Datatype] len[8] [2013/11/07 14:25:04.350290, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[3]: name[Default Priority] len[4] [2013/11/07 14:25:04.350374, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[4]: name[Port] len[38] [2013/11/07 14:25:04.350458, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[5]: name[Name] len[20] [2013/11/07 14:25:04.350542, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[6]: name[Print Processor] len[18] [2013/11/07 14:25:04.350626, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[7]: name[Priority] len[4] [2013/11/07 14:25:04.350711, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[8]: name[Security] len[248] [2013/11/07 14:25:04.350795, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[9]: name[Share Name] len[20] [2013/11/07 14:25:04.350880, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[10]: name[StartTime] len[4] [2013/11/07 14:25:04.350964, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[11]: name[UntilTime] len[4] [2013/11/07 14:25:04.351062, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:1836(regdb_unpack_values) regdb_unpack_values: value[12]: name[ChangeID] len[4] [2013/11/07 14:25:04.351151, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : NULL data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x00000000 (0) result : WERR_OK [2013/11/07 14:25:04.351602, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000020c-0000-0000-7b52-b0947f2c0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_BINARY (3) data : * data: ARRAY(0) data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x00000000 (0) [2013/11/07 14:25:04.352444, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0C 02 00 00 00 00 00 00 7B 52 B0 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:04.352597, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:04.353091, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/winreg/srv_winreg_nt.c:264(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2013/11/07 14:25:04.353187, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : * data: ARRAY(248) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0xc4 (196) [55] : 0x00 (0) [56] : 0x07 (7) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x24 (36) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x05 (5) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x15 (21) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0xcd (205) [101] : 0x0e (14) [102] : 0x37 (55) [103] : 0x41 (65) [104] : 0xea (234) [105] : 0x03 (3) [106] : 0x00 (0) [107] : 0x1d (29) [108] : 0x0e (14) [109] : 0x89 (137) [110] : 0x3c (60) [111] : 0xd2 (210) [112] : 0x00 (0) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x02 (2) [118] : 0x24 (36) [119] : 0x00 (0) [120] : 0x0c (12) [121] : 0x00 (0) [122] : 0x0f (15) [123] : 0x10 (16) [124] : 0x01 (1) [125] : 0x05 (5) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x05 (5) [132] : 0x15 (21) [133] : 0x00 (0) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0xcd (205) [137] : 0x0e (14) [138] : 0x37 (55) [139] : 0x41 (65) [140] : 0xea (234) [141] : 0x03 (3) [142] : 0x00 (0) [143] : 0x1d (29) [144] : 0x0e (14) [145] : 0x89 (137) [146] : 0x3c (60) [147] : 0xd2 (210) [148] : 0x00 (0) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x09 (9) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x20 (32) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x02 (2) [178] : 0x18 (24) [179] : 0x00 (0) [180] : 0x0c (12) [181] : 0x00 (0) [182] : 0x0f (15) [183] : 0x10 (16) [184] : 0x01 (1) [185] : 0x02 (2) [186] : 0x00 (0) [187] : 0x00 (0) [188] : 0x00 (0) [189] : 0x00 (0) [190] : 0x00 (0) [191] : 0x05 (5) [192] : 0x20 (32) [193] : 0x00 (0) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x20 (32) [197] : 0x02 (2) [198] : 0x00 (0) [199] : 0x00 (0) [200] : 0x00 (0) [201] : 0x09 (9) [202] : 0x18 (24) [203] : 0x00 (0) [204] : 0x0c (12) [205] : 0x00 (0) [206] : 0x0f (15) [207] : 0x10 (16) [208] : 0x01 (1) [209] : 0x02 (2) [210] : 0x00 (0) [211] : 0x00 (0) [212] : 0x00 (0) [213] : 0x00 (0) [214] : 0x00 (0) [215] : 0x05 (5) [216] : 0x20 (32) [217] : 0x00 (0) [218] : 0x00 (0) [219] : 0x00 (0) [220] : 0x26 (38) [221] : 0x02 (2) [222] : 0x00 (0) [223] : 0x00 (0) [224] : 0x00 (0) [225] : 0x02 (2) [226] : 0x18 (24) [227] : 0x00 (0) [228] : 0x0c (12) [229] : 0x00 (0) [230] : 0x0f (15) [231] : 0x10 (16) [232] : 0x01 (1) [233] : 0x02 (2) [234] : 0x00 (0) [235] : 0x00 (0) [236] : 0x00 (0) [237] : 0x00 (0) [238] : 0x00 (0) [239] : 0x05 (5) [240] : 0x20 (32) [241] : 0x00 (0) [242] : 0x00 (0) [243] : 0x00 (0) [244] : 0x26 (38) [245] : 0x02 (2) [246] : 0x00 (0) [247] : 0x00 (0) data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x000000f8 (248) result : WERR_OK [2013/11/07 14:25:04.363770, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000020c-0000-0000-7b52-b0947f2c0000 [2013/11/07 14:25:04.364061, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0C 02 00 00 00 00 00 00 7B 52 B0 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:04.364217, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0C 02 00 00 00 00 00 00 7B 52 B0 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:04.364369, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:25:04.364489, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (2->1) [2013/11/07 14:25:04.364575, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:25:04.364914, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000020b-0000-0000-7b52-b0947f2c0000 [2013/11/07 14:25:04.365194, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0B 02 00 00 00 00 00 00 7B 52 B0 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:04.365455, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0B 02 00 00 00 00 00 00 7B 52 B0 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:04.365608, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:25:04.365691, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (1->0) [2013/11/07 14:25:04.365795, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:25:04.366130, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:416(close_policy_by_pipe) Deleted handle list for RPC connection \winreg [2013/11/07 14:25:04.366222, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x20020008 to 0x00020008 [2013/11/07 14:25:04.366303, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2013/11/07 14:25:04.366383, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2013/11/07 14:25:04.366463, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2013/11/07 14:25:04.366542, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2013/11/07 14:25:04.366622, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2013/11/07 14:25:04.366702, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2013/11/07 14:25:04.366786, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/printing/nt_printing.c:1844(print_access_check) access check was SUCCESS [2013/11/07 14:25:04.366870, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/spoolss/srv_spoolss_nt.c:1921(_spoolss_OpenPrinterEx) Setting printer access = PRINTER_ACCESS_USE [2013/11/07 14:25:04.367039, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:60(make_internal_rpc_pipe_p) Create pipe requested \winreg [2013/11/07 14:25:04.367138, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:221(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \winreg [2013/11/07 14:25:04.367221, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:238(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg [2013/11/07 14:25:04.367356, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:100(make_internal_rpc_pipe_p) Created internal pipe \winreg [2013/11/07 14:25:04.367471, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:25:04.367980, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2013/11/07 14:25:04.368064, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(2016, 5001) : sec_ctx_stack_ndx = 2 [2013/11/07 14:25:04.368153, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:485(push_conn_ctx) push_conn_ctx(2620291195) : conn_ctx_stack_ndx = 0 [2013/11/07 14:25:04.368236, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/11/07 14:25:04.369312, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/11/07 14:25:04.369403, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/11/07 14:25:04.369664, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (2016, 5001) - sec_ctx_stack_ndx = 1 [2013/11/07 14:25:04.369748, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:866(regdb_open) regdb_open: registry db opened. refcount reset (1) [2013/11/07 14:25:04.369835, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2013/11/07 14:25:04.369914, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2013/11/07 14:25:04.369998, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:04.370077, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM] [2013/11/07 14:25:04.370207, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2013/11/07 14:25:04.370353, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:25:04.370442, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 0D 02 00 00 00 00 00 00 7B 52 B0 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:04.370598, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000020d-0000-0000-7b52-b0947f2c0000 result : WERR_OK [2013/11/07 14:25:04.370978, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000020d-0000-0000-7b52-b0947f2c0000 keyname: struct winreg_String name_len : 0x008c (140) name_size : 0x008c (140) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2013/11/07 14:25:04.372018, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0D 02 00 00 00 00 00 00 7B 52 B0 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:04.372174, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2013/11/07 14:25:04.372288, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (1->2) [2013/11/07 14:25:04.372374, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2013/11/07 14:25:04.372502, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2013/11/07 14:25:04.372587, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:04.372666, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE] [2013/11/07 14:25:04.372780, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2013/11/07 14:25:04.372882, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2013/11/07 14:25:04.372965, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (2->3) [2013/11/07 14:25:04.373048, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:25:04.373143, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:25:04.373259, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:04.373364, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft] [2013/11/07 14:25:04.373474, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2013/11/07 14:25:04.373575, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2013/11/07 14:25:04.373657, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (3->4) [2013/11/07 14:25:04.373741, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:25:04.373820, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:25:04.373905, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:04.373983, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:25:04.374085, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2013/11/07 14:25:04.374186, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2013/11/07 14:25:04.374299, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (4->5) [2013/11/07 14:25:04.374385, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:25:04.374465, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:25:04.374550, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:04.374629, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2013/11/07 14:25:04.374755, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2013/11/07 14:25:04.374838, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (5->6) [2013/11/07 14:25:04.374923, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:25:04.375017, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:25:04.375106, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:04.375185, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb7783e80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2013/11/07 14:25:04.375326, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2013/11/07 14:25:04.375408, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (6->7) [2013/11/07 14:25:04.375493, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:25:04.375574, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:25:04.375663, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:04.375742, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:25:04.375846, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2013/11/07 14:25:04.375948, 7, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_api.c:143(regkey_open_onelevel) regkey_open_onelevel: name = [sprinter1] [2013/11/07 14:25:04.376030, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:846(regdb_open) regdb_open: incrementing refcount (7->8) [2013/11/07 14:25:04.376115, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:125(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:04.376212, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:04.376330, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2013/11/07 14:25:04.376450, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_cachehook.c:130(reghook_cache_find) reghook_cache_find: found ops 0xb6d86bc0 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:04.376578, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:2074(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1] [2013/11/07 14:25:04.376683, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/access_check.c:188(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2013/11/07 14:25:04.376788, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (8->7) [2013/11/07 14:25:04.376873, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (7->6) [2013/11/07 14:25:04.376957, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (6->5) [2013/11/07 14:25:04.377039, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (5->4) [2013/11/07 14:25:04.377122, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (4->3) [2013/11/07 14:25:04.377204, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (3->2) [2013/11/07 14:25:04.377333, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:302(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 0E 02 00 00 00 00 00 00 7B 52 B0 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:04.377486, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000020e-0000-0000-7b52-b0947f2c0000 result : WERR_OK [2013/11/07 14:25:04.377826, 2, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/rpc_client/cli_winreg_spoolss.c:626(winreg_create_printer) winreg_create_printer: Skipping, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\sprinter1 already exists [2013/11/07 14:25:04.377925, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000020e-0000-0000-7b52-b0947f2c0000 [2013/11/07 14:25:04.378205, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0E 02 00 00 00 00 00 00 7B 52 B0 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:04.378359, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0E 02 00 00 00 00 00 00 7B 52 B0 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:04.378510, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:25:04.378592, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (2->1) [2013/11/07 14:25:04.378674, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:25:04.379022, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000020d-0000-0000-7b52-b0947f2c0000 [2013/11/07 14:25:04.379302, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0D 02 00 00 00 00 00 00 7B 52 B0 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:04.379455, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0D 02 00 00 00 00 00 00 7B 52 B0 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:04.379606, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:25:04.379687, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=registry] ../source3/registry/reg_backend_db.c:883(regdb_close) regdb_close: decrementing refcount (1->0) [2013/11/07 14:25:04.379784, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:25:04.380118, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:416(close_policy_by_pipe) Deleted handle list for RPC connection \winreg [2013/11/07 14:25:04.380210, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) spoolss_OpenPrinterEx: struct spoolss_OpenPrinterEx out: struct spoolss_OpenPrinterEx handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000020a-0000-0000-7b52-b0947f2c0000 result : WERR_OK [2013/11/07 14:25:04.381245, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1417(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2013/11/07 14:25:04.381379, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (2016, 5001) - sec_ctx_stack_ndx = 0 [2013/11/07 14:25:04.381466, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 176 smbd_smb2_request_pending_queue: req->current_idx = 1 req->in.vector[0].iov_len = 0 req->in.vector[1].iov_len = 0 req->in.vector[2].iov_len = 64 req->in.vector[3].iov_len = 56 req->in.vector[4].iov_len = 192 req->out.vector[0].iov_len = 4 req->out.vector[1].iov_len = 0 req->out.vector[2].iov_len = 64 req->out.vector[3].iov_len = 8 req->out.vector[4].iov_len = 0 [2013/11/07 14:25:04.382035, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:128(smbd_smb2_ioctl_pipe_write_done) smbd_smb2_ioctl_pipe_write_done: received 192 [2013/11/07 14:25:04.382118, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:149(smbd_smb2_ioctl_pipe_write_done) smbd_smb2_ioctl_pipe_write_done: issuing np_read_send of size 1024 [2013/11/07 14:25:04.382215, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) name: \spoolss len: 1024 [2013/11/07 14:25:04.382300, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:347(read_from_internal_pipe) read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 24. [2013/11/07 14:25:04.382396, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0030 (48) auth_length : 0x0000 (0) call_id : 0x00000002 (2) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00000018 (24) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=24 [0000] 00 00 00 00 0A 02 00 00 00 00 00 00 7B 52 B0 94 ........ ....{R.. [0010] 7F 2C 00 00 00 00 00 00 .,...... [2013/11/07 14:25:04.383386, 3, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) free_pipe_context: destroying talloc pool of size 61 [2013/11/07 14:25:04.383479, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 48 bytes. There is no more data outstanding [2013/11/07 14:25:04.383560, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:178(smbd_smb2_ioctl_pipe_read_done) smbd_smb2_ioctl_pipe_read_done: np_read_recv nread = 48 is_data_outstanding = 0, status = NT_STATUS_OK [2013/11/07 14:25:04.383692, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl.c:291(smbd_smb2_request_ioctl_done) smbd_smb2_request_ioctl_done: smbd_smb2_ioctl_recv returned 48 status NT_STATUS_OK [2013/11/07 14:25:04.383777, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[48] dyn[yes:48] at ../source3/smbd/smb2_ioctl.c:358 [2013/11/07 14:25:04.383864, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/293/127 [2013/11/07 14:25:04.394910, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) smbd_smb2_request_incoming: idx[1] of 5 vectors [2013/11/07 14:25:04.395095, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) smb2_validate_sequence_number: clearing id 293 (position 293) from bitmap [2013/11/07 14:25:04.395186, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) smbd_smb2_request_dispatch: opcode[SMB2_OP_IOCTL] mid = 293 [2013/11/07 14:25:04.395302, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2013/11/07 14:25:04.395423, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) mid 293, CreditCharge: 1, NeededCharge: 1 [2013/11/07 14:25:04.395506, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl.c:394(smbd_smb2_ioctl_send) smbd_smb2_ioctl: ctl_code[0x0011c017] spoolss, fnum 2678084748 [2013/11/07 14:25:04.395598, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:59(smb2_ioctl_named_pipe) smbd_smb2_ioctl_send: np_write_send of size 44 [2013/11/07 14:25:04.395679, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 44 [2013/11/07 14:25:04.395761, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 44 [2013/11/07 14:25:04.395842, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 44 [2013/11/07 14:25:04.395923, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 [2013/11/07 14:25:04.396004, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 16 [2013/11/07 14:25:04.396083, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 28 [2013/11/07 14:25:04.396161, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 28 [2013/11/07 14:25:04.396244, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 0 [2013/11/07 14:25:04.396324, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 28 [2013/11/07 14:25:04.396437, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 28, incoming data = 28 [2013/11/07 14:25:04.396524, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) PDU is in Little Endian format! [2013/11/07 14:25:04.396620, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x002c (44) auth_length : 0x0000 (0) call_id : 0x00000003 (3) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x00000014 (20) context_id : 0x0000 (0) opnum : 0x001d (29) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=20 [0000] 00 00 00 00 05 02 00 00 00 00 00 00 7B 52 B0 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:04.397672, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) Processing packet type 0 [2013/11/07 14:25:04.397754, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1472(dcesrv_auth_request) Checking request auth. [2013/11/07 14:25:04.397840, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(2016, 5001) : sec_ctx_stack_ndx = 1 [2013/11/07 14:25:04.397934, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (2016, 5001) - sec_ctx_stack_ndx = 1 [2013/11/07 14:25:04.398018, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (7): SID[ 0]: S-1-5-21-1094127309-486540266-3527182606-1118 SID[ 1]: S-1-5-21-1094127309-486540266-3527182606-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-32-545 SID[ 6]: S-1-5-32-554 Privileges (0x 800000): Privilege[ 0]: SeChangeNotifyPrivilege Rights (0x 400): Right[ 0]: SeRemoteInteractiveLogonRight [2013/11/07 14:25:04.398501, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 2016 Primary group is 5001 and contains 6 supplementary groups Group[ 0]: 5001 Group[ 1]: 5012 Group[ 2]: 5032 Group[ 3]: 5010 Group[ 4]: 5067 Group[ 5]: 5052 [2013/11/07 14:25:04.398843, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1324(api_pipe_request) Requested \spoolss rpc service [2013/11/07 14:25:04.398931, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1356(api_rpcTNP) api_rpcTNP: \spoolss op 0x1d - api_rpcTNP: rpc command: SPOOLSS_CLOSEPRINTER [2013/11/07 14:25:04.399017, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1390(api_rpcTNP) api_rpc_cmds[29].fn == 0xb766a170 [2013/11/07 14:25:04.399103, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) spoolss_ClosePrinter: struct spoolss_ClosePrinter in: struct spoolss_ClosePrinter handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000205-0000-0000-7b52-b0947f2c0000 [2013/11/07 14:25:04.399389, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[1] [0000] 00 00 00 00 05 02 00 00 00 00 00 00 7B 52 B0 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:04.399541, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[1] [0000] 00 00 00 00 05 02 00 00 00 00 00 00 7B 52 B0 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:04.399689, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[1] [0000] 00 00 00 00 05 02 00 00 00 00 00 00 7B 52 B0 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:04.399835, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:25:04.399933, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) spoolss_ClosePrinter: struct spoolss_ClosePrinter out: struct spoolss_ClosePrinter handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:25:04.400258, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1417(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2013/11/07 14:25:04.400352, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (2016, 5001) - sec_ctx_stack_ndx = 0 [2013/11/07 14:25:04.400489, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 28 smbd_smb2_request_pending_queue: req->current_idx = 1 req->in.vector[0].iov_len = 0 req->in.vector[1].iov_len = 0 req->in.vector[2].iov_len = 64 req->in.vector[3].iov_len = 56 req->in.vector[4].iov_len = 44 req->out.vector[0].iov_len = 4 req->out.vector[1].iov_len = 0 req->out.vector[2].iov_len = 64 req->out.vector[3].iov_len = 8 req->out.vector[4].iov_len = 0 [2013/11/07 14:25:04.400981, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:128(smbd_smb2_ioctl_pipe_write_done) smbd_smb2_ioctl_pipe_write_done: received 44 [2013/11/07 14:25:04.401065, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:149(smbd_smb2_ioctl_pipe_write_done) smbd_smb2_ioctl_pipe_write_done: issuing np_read_send of size 1024 [2013/11/07 14:25:04.401149, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) name: \spoolss len: 1024 [2013/11/07 14:25:04.401232, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:347(read_from_internal_pipe) read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 24. [2013/11/07 14:25:04.402222, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0030 (48) auth_length : 0x0000 (0) call_id : 0x00000003 (3) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00000018 (24) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=24 [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0010] 00 00 00 00 00 00 00 00 ........ [2013/11/07 14:25:04.403170, 3, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) free_pipe_context: destroying talloc pool of size 25 [2013/11/07 14:25:04.403279, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 48 bytes. There is no more data outstanding [2013/11/07 14:25:04.403361, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:178(smbd_smb2_ioctl_pipe_read_done) smbd_smb2_ioctl_pipe_read_done: np_read_recv nread = 48 is_data_outstanding = 0, status = NT_STATUS_OK [2013/11/07 14:25:04.403468, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl.c:291(smbd_smb2_request_ioctl_done) smbd_smb2_request_ioctl_done: smbd_smb2_ioctl_recv returned 48 status NT_STATUS_OK [2013/11/07 14:25:04.403551, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[48] dyn[yes:48] at ../source3/smbd/smb2_ioctl.c:358 [2013/11/07 14:25:04.403638, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/294/127 [2013/11/07 14:25:04.404835, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) smbd_smb2_request_incoming: idx[1] of 5 vectors [2013/11/07 14:25:04.404949, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) smb2_validate_sequence_number: clearing id 294 (position 294) from bitmap [2013/11/07 14:25:04.405032, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) smbd_smb2_request_dispatch: opcode[SMB2_OP_IOCTL] mid = 294 [2013/11/07 14:25:04.405131, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2013/11/07 14:25:04.405234, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) mid 294, CreditCharge: 1, NeededCharge: 1 [2013/11/07 14:25:04.405342, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl.c:394(smbd_smb2_ioctl_send) smbd_smb2_ioctl: ctl_code[0x0011c017] spoolss, fnum 3864993587 [2013/11/07 14:25:04.405430, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:59(smb2_ioctl_named_pipe) smbd_smb2_ioctl_send: np_write_send of size 1084 [2013/11/07 14:25:04.405510, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 1084 [2013/11/07 14:25:04.405600, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 1084 [2013/11/07 14:25:04.405680, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 1084 [2013/11/07 14:25:04.405760, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) fill_rpc_header: data_to_copy = 1084, len_needed_to_complete_hdr = 16, receive_len = 0 [2013/11/07 14:25:04.405842, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 16 [2013/11/07 14:25:04.405920, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 1068 [2013/11/07 14:25:04.405999, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 1068 [2013/11/07 14:25:04.406126, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 0 [2013/11/07 14:25:04.406226, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 1068 [2013/11/07 14:25:04.406306, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 1068, incoming data = 1068 [2013/11/07 14:25:04.406389, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) PDU is in Little Endian format! [2013/11/07 14:25:04.406498, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x043c (1084) auth_length : 0x0000 (0) call_id : 0x00000003 (3) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x00000424 (1060) context_id : 0x0000 (0) opnum : 0x0018 (24) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=1060 [0000] 00 00 00 00 C0 01 00 00 00 00 00 00 7B 52 AC 94 ........ ....{R.. [0010] 7F 2C 00 00 01 00 00 00 00 00 02 00 00 04 00 00 .,...... ........ [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0420] 00 04 00 00 .... [2013/11/07 14:25:04.411980, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) Processing packet type 0 [2013/11/07 14:25:04.412062, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1472(dcesrv_auth_request) Checking request auth. [2013/11/07 14:25:04.412150, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(2016, 5001) : sec_ctx_stack_ndx = 1 [2013/11/07 14:25:04.412237, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (2016, 5001) - sec_ctx_stack_ndx = 1 [2013/11/07 14:25:04.412320, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (7): SID[ 0]: S-1-5-21-1094127309-486540266-3527182606-1118 SID[ 1]: S-1-5-21-1094127309-486540266-3527182606-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-32-545 SID[ 6]: S-1-5-32-554 Privileges (0x 800000): Privilege[ 0]: SeChangeNotifyPrivilege Rights (0x 400): Right[ 0]: SeRemoteInteractiveLogonRight [2013/11/07 14:25:04.412842, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 2016 Primary group is 5001 and contains 6 supplementary groups Group[ 0]: 5001 Group[ 1]: 5012 Group[ 2]: 5032 Group[ 3]: 5010 Group[ 4]: 5067 Group[ 5]: 5052 [2013/11/07 14:25:04.413182, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1324(api_pipe_request) Requested \spoolss rpc service [2013/11/07 14:25:04.413268, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1356(api_rpcTNP) api_rpcTNP: \spoolss op 0x18 - api_rpcTNP: rpc command: SPOOLSS_ADDJOB [2013/11/07 14:25:04.413390, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1390(api_rpcTNP) api_rpc_cmds[24].fn == 0xb766afe0 [2013/11/07 14:25:04.413502, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) spoolss_AddJob: struct spoolss_AddJob in: struct spoolss_AddJob handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001c0-0000-0000-7b52-ac947f2c0000 level : 0x00000001 (1) buffer : * buffer: ARRAY(1024) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) [4] : 0x00 (0) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x00 (0) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x00 (0) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x00 (0) [21] : 0x00 (0) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x00 (0) [28] : 0x00 (0) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x00 (0) [33] : 0x00 (0) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x00 (0) [37] : 0x00 (0) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x00 (0) [44] : 0x00 (0) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x00 (0) [49] : 0x00 (0) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x00 (0) [53] : 0x00 (0) [54] : 0x00 (0) [55] : 0x00 (0) [56] : 0x00 (0) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x00 (0) [62] : 0x00 (0) [63] : 0x00 (0) [64] : 0x00 (0) [65] : 0x00 (0) [66] : 0x00 (0) [67] : 0x00 (0) [68] : 0x00 (0) [69] : 0x00 (0) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x00 (0) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x00 (0) [82] : 0x00 (0) [83] : 0x00 (0) [84] : 0x00 (0) [85] : 0x00 (0) [86] : 0x00 (0) [87] : 0x00 (0) [88] : 0x00 (0) [89] : 0x00 (0) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x00 (0) [96] : 0x00 (0) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0x00 (0) [101] : 0x00 (0) [102] : 0x00 (0) [103] : 0x00 (0) [104] : 0x00 (0) [105] : 0x00 (0) [106] : 0x00 (0) [107] : 0x00 (0) [108] : 0x00 (0) [109] : 0x00 (0) [110] : 0x00 (0) [111] : 0x00 (0) [112] : 0x00 (0) [113] : 0x00 (0) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x00 (0) [118] : 0x00 (0) [119] : 0x00 (0) [120] : 0x00 (0) [121] : 0x00 (0) [122] : 0x00 (0) [123] : 0x00 (0) [124] : 0x00 (0) [125] : 0x00 (0) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x00 (0) [132] : 0x00 (0) [133] : 0x00 (0) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0x00 (0) [137] : 0x00 (0) [138] : 0x00 (0) [139] : 0x00 (0) [140] : 0x00 (0) [141] : 0x00 (0) [142] : 0x00 (0) [143] : 0x00 (0) [144] : 0x00 (0) [145] : 0x00 (0) [146] : 0x00 (0) [147] : 0x00 (0) [148] : 0x00 (0) [149] : 0x00 (0) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x00 (0) [154] : 0x00 (0) [155] : 0x00 (0) [156] : 0x00 (0) [157] : 0x00 (0) [158] : 0x00 (0) [159] : 0x00 (0) [160] : 0x00 (0) [161] : 0x00 (0) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x00 (0) [168] : 0x00 (0) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x00 (0) [173] : 0x00 (0) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x00 (0) [178] : 0x00 (0) [179] : 0x00 (0) [180] : 0x00 (0) [181] : 0x00 (0) [182] : 0x00 (0) [183] : 0x00 (0) [184] : 0x00 (0) [185] : 0x00 (0) [186] : 0x00 (0) [187] : 0x00 (0) [188] : 0x00 (0) [189] : 0x00 (0) [190] : 0x00 (0) [191] : 0x00 (0) [192] : 0x00 (0) [193] : 0x00 (0) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x00 (0) [197] : 0x00 (0) [198] : 0x00 (0) [199] : 0x00 (0) [200] : 0x00 (0) [201] : 0x00 (0) [202] : 0x00 (0) [203] : 0x00 (0) [204] : 0x00 (0) [205] : 0x00 (0) [206] : 0x00 (0) [207] : 0x00 (0) [208] : 0x00 (0) [209] : 0x00 (0) [210] : 0x00 (0) [211] : 0x00 (0) [212] : 0x00 (0) [213] : 0x00 (0) [214] : 0x00 (0) [215] : 0x00 (0) [216] : 0x00 (0) [217] : 0x00 (0) [218] : 0x00 (0) [219] : 0x00 (0) [220] : 0x00 (0) [221] : 0x00 (0) [222] : 0x00 (0) [223] : 0x00 (0) [224] : 0x00 (0) [225] : 0x00 (0) [226] : 0x00 (0) [227] : 0x00 (0) [228] : 0x00 (0) [229] : 0x00 (0) [230] : 0x00 (0) [231] : 0x00 (0) [232] : 0x00 (0) [233] : 0x00 (0) [234] : 0x00 (0) [235] : 0x00 (0) [236] : 0x00 (0) [237] : 0x00 (0) [238] : 0x00 (0) [239] : 0x00 (0) [240] : 0x00 (0) [241] : 0x00 (0) [242] : 0x00 (0) [243] : 0x00 (0) [244] : 0x00 (0) [245] : 0x00 (0) [246] : 0x00 (0) [247] : 0x00 (0) [248] : 0x00 (0) [249] : 0x00 (0) [250] : 0x00 (0) [251] : 0x00 (0) [252] : 0x00 (0) [253] : 0x00 (0) [254] : 0x00 (0) [255] : 0x00 (0) [256] : 0x00 (0) [257] : 0x00 (0) [258] : 0x00 (0) [259] : 0x00 (0) [260] : 0x00 (0) [261] : 0x00 (0) [262] : 0x00 (0) [263] : 0x00 (0) [264] : 0x00 (0) [265] : 0x00 (0) [266] : 0x00 (0) [267] : 0x00 (0) [268] : 0x00 (0) [269] : 0x00 (0) [270] : 0x00 (0) [271] : 0x00 (0) [272] : 0x00 (0) [273] : 0x00 (0) [274] : 0x00 (0) [275] : 0x00 (0) [276] : 0x00 (0) [277] : 0x00 (0) [278] : 0x00 (0) [279] : 0x00 (0) [280] : 0x00 (0) [281] : 0x00 (0) [282] : 0x00 (0) [283] : 0x00 (0) [284] : 0x00 (0) [285] : 0x00 (0) [286] : 0x00 (0) [287] : 0x00 (0) [288] : 0x00 (0) [289] : 0x00 (0) [290] : 0x00 (0) [291] : 0x00 (0) [292] : 0x00 (0) [293] : 0x00 (0) [294] : 0x00 (0) [295] : 0x00 (0) [296] : 0x00 (0) [297] : 0x00 (0) [298] : 0x00 (0) [299] : 0x00 (0) [300] : 0x00 (0) [301] : 0x00 (0) [302] : 0x00 (0) [303] : 0x00 (0) [304] : 0x00 (0) [305] : 0x00 (0) [306] : 0x00 (0) [307] : 0x00 (0) [308] : 0x00 (0) [309] : 0x00 (0) [310] : 0x00 (0) [311] : 0x00 (0) [312] : 0x00 (0) [313] : 0x00 (0) [314] : 0x00 (0) [315] : 0x00 (0) [316] : 0x00 (0) [317] : 0x00 (0) [318] : 0x00 (0) [319] : 0x00 (0) [320] : 0x00 (0) [321] : 0x00 (0) [322] : 0x00 (0) [323] : 0x00 (0) [324] : 0x00 (0) [325] : 0x00 (0) [326] : 0x00 (0) [327] : 0x00 (0) [328] : 0x00 (0) [329] : 0x00 (0) [330] : 0x00 (0) [331] : 0x00 (0) [332] : 0x00 (0) [333] : 0x00 (0) [334] : 0x00 (0) [335] : 0x00 (0) [336] : 0x00 (0) [337] : 0x00 (0) [338] : 0x00 (0) [339] : 0x00 (0) [340] : 0x00 (0) [341] : 0x00 (0) [342] : 0x00 (0) [343] : 0x00 (0) [344] : 0x00 (0) [345] : 0x00 (0) [346] : 0x00 (0) [347] : 0x00 (0) [348] : 0x00 (0) [349] : 0x00 (0) [350] : 0x00 (0) [351] : 0x00 (0) [352] : 0x00 (0) [353] : 0x00 (0) [354] : 0x00 (0) [355] : 0x00 (0) [356] : 0x00 (0) [357] : 0x00 (0) [358] : 0x00 (0) [359] : 0x00 (0) [360] : 0x00 (0) [361] : 0x00 (0) [362] : 0x00 (0) [363] : 0x00 (0) [364] : 0x00 (0) [365] : 0x00 (0) [366] : 0x00 (0) [367] : 0x00 (0) [368] : 0x00 (0) [369] : 0x00 (0) [370] : 0x00 (0) [371] : 0x00 (0) [372] : 0x00 (0) [373] : 0x00 (0) [374] : 0x00 (0) [375] : 0x00 (0) [376] : 0x00 (0) [377] : 0x00 (0) [378] : 0x00 (0) [379] : 0x00 (0) [380] : 0x00 (0) [381] : 0x00 (0) [382] : 0x00 (0) [383] : 0x00 (0) [384] : 0x00 (0) [385] : 0x00 (0) [386] : 0x00 (0) [387] : 0x00 (0) [388] : 0x00 (0) [389] : 0x00 (0) [390] : 0x00 (0) [391] : 0x00 (0) [392] : 0x00 (0) [393] : 0x00 (0) [394] : 0x00 (0) [395] : 0x00 (0) [396] : 0x00 (0) [397] : 0x00 (0) [398] : 0x00 (0) [399] : 0x00 (0) [400] : 0x00 (0) [401] : 0x00 (0) [402] : 0x00 (0) [403] : 0x00 (0) [404] : 0x00 (0) [405] : 0x00 (0) [406] : 0x00 (0) [407] : 0x00 (0) [408] : 0x00 (0) [409] : 0x00 (0) [410] : 0x00 (0) [411] : 0x00 (0) [412] : 0x00 (0) [413] : 0x00 (0) [414] : 0x00 (0) [415] : 0x00 (0) [416] : 0x00 (0) [417] : 0x00 (0) [418] : 0x00 (0) [419] : 0x00 (0) [420] : 0x00 (0) [421] : 0x00 (0) [422] : 0x00 (0) [423] : 0x00 (0) [424] : 0x00 (0) [425] : 0x00 (0) [426] : 0x00 (0) [427] : 0x00 (0) [428] : 0x00 (0) [429] : 0x00 (0) [430] : 0x00 (0) [431] : 0x00 (0) [432] : 0x00 (0) [433] : 0x00 (0) [434] : 0x00 (0) [435] : 0x00 (0) [436] : 0x00 (0) [437] : 0x00 (0) [438] : 0x00 (0) [439] : 0x00 (0) [440] : 0x00 (0) [441] : 0x00 (0) [442] : 0x00 (0) [443] : 0x00 (0) [444] : 0x00 (0) [445] : 0x00 (0) [446] : 0x00 (0) [447] : 0x00 (0) [448] : 0x00 (0) [449] : 0x00 (0) [450] : 0x00 (0) [451] : 0x00 (0) [452] : 0x00 (0) [453] : 0x00 (0) [454] : 0x00 (0) [455] : 0x00 (0) [456] : 0x00 (0) [457] : 0x00 (0) [458] : 0x00 (0) [459] : 0x00 (0) [460] : 0x00 (0) [461] : 0x00 (0) [462] : 0x00 (0) [463] : 0x00 (0) [464] : 0x00 (0) [465] : 0x00 (0) [466] : 0x00 (0) [467] : 0x00 (0) [468] : 0x00 (0) [469] : 0x00 (0) [470] : 0x00 (0) [471] : 0x00 (0) [472] : 0x00 (0) [473] : 0x00 (0) [474] : 0x00 (0) [475] : 0x00 (0) [476] : 0x00 (0) [477] : 0x00 (0) [478] : 0x00 (0) [479] : 0x00 (0) [480] : 0x00 (0) [481] : 0x00 (0) [482] : 0x00 (0) [483] : 0x00 (0) [484] : 0x00 (0) [485] : 0x00 (0) [486] : 0x00 (0) [487] : 0x00 (0) [488] : 0x00 (0) [489] : 0x00 (0) [490] : 0x00 (0) [491] : 0x00 (0) [492] : 0x00 (0) [493] : 0x00 (0) [494] : 0x00 (0) [495] : 0x00 (0) [496] : 0x00 (0) [497] : 0x00 (0) [498] : 0x00 (0) [499] : 0x00 (0) [500] : 0x00 (0) [501] : 0x00 (0) [502] : 0x00 (0) [503] : 0x00 (0) [504] : 0x00 (0) [505] : 0x00 (0) [506] : 0x00 (0) [507] : 0x00 (0) [508] : 0x00 (0) [509] : 0x00 (0) [510] : 0x00 (0) [511] : 0x00 (0) [512] : 0x00 (0) [513] : 0x00 (0) [514] : 0x00 (0) [515] : 0x00 (0) [516] : 0x00 (0) [517] : 0x00 (0) [518] : 0x00 (0) [519] : 0x00 (0) [520] : 0x00 (0) [521] : 0x00 (0) [522] : 0x00 (0) [523] : 0x00 (0) [524] : 0x00 (0) [525] : 0x00 (0) [526] : 0x00 (0) [527] : 0x00 (0) [528] : 0x00 (0) [529] : 0x00 (0) [530] : 0x00 (0) [531] : 0x00 (0) [532] : 0x00 (0) [533] : 0x00 (0) [534] : 0x00 (0) [535] : 0x00 (0) [536] : 0x00 (0) [537] : 0x00 (0) [538] : 0x00 (0) [539] : 0x00 (0) [540] : 0x00 (0) [541] : 0x00 (0) [542] : 0x00 (0) [543] : 0x00 (0) [544] : 0x00 (0) [545] : 0x00 (0) [546] : 0x00 (0) [547] : 0x00 (0) [548] : 0x00 (0) [549] : 0x00 (0) [550] : 0x00 (0) [551] : 0x00 (0) [552] : 0x00 (0) [553] : 0x00 (0) [554] : 0x00 (0) [555] : 0x00 (0) [556] : 0x00 (0) [557] : 0x00 (0) [558] : 0x00 (0) [559] : 0x00 (0) [560] : 0x00 (0) [561] : 0x00 (0) [562] : 0x00 (0) [563] : 0x00 (0) [564] : 0x00 (0) [565] : 0x00 (0) [566] : 0x00 (0) [567] : 0x00 (0) [568] : 0x00 (0) [569] : 0x00 (0) [570] : 0x00 (0) [571] : 0x00 (0) [572] : 0x00 (0) [573] : 0x00 (0) [574] : 0x00 (0) [575] : 0x00 (0) [576] : 0x00 (0) [577] : 0x00 (0) [578] : 0x00 (0) [579] : 0x00 (0) [580] : 0x00 (0) [581] : 0x00 (0) [582] : 0x00 (0) [583] : 0x00 (0) [584] : 0x00 (0) [585] : 0x00 (0) [586] : 0x00 (0) [587] : 0x00 (0) [588] : 0x00 (0) [589] : 0x00 (0) [590] : 0x00 (0) [591] : 0x00 (0) [592] : 0x00 (0) [593] : 0x00 (0) [594] : 0x00 (0) [595] : 0x00 (0) [596] : 0x00 (0) [597] : 0x00 (0) [598] : 0x00 (0) [599] : 0x00 (0) [600] : 0x00 (0) [601] : 0x00 (0) [602] : 0x00 (0) [603] : 0x00 (0) [604] : 0x00 (0) [605] : 0x00 (0) [606] : 0x00 (0) [607] : 0x00 (0) [608] : 0x00 (0) [609] : 0x00 (0) [610] : 0x00 (0) [611] : 0x00 (0) [612] : 0x00 (0) [613] : 0x00 (0) [614] : 0x00 (0) [615] : 0x00 (0) [616] : 0x00 (0) [617] : 0x00 (0) [618] : 0x00 (0) [619] : 0x00 (0) [620] : 0x00 (0) [621] : 0x00 (0) [622] : 0x00 (0) [623] : 0x00 (0) [624] : 0x00 (0) [625] : 0x00 (0) [626] : 0x00 (0) [627] : 0x00 (0) [628] : 0x00 (0) [629] : 0x00 (0) [630] : 0x00 (0) [631] : 0x00 (0) [632] : 0x00 (0) [633] : 0x00 (0) [634] : 0x00 (0) [635] : 0x00 (0) [636] : 0x00 (0) [637] : 0x00 (0) [638] : 0x00 (0) [639] : 0x00 (0) [640] : 0x00 (0) [641] : 0x00 (0) [642] : 0x00 (0) [643] : 0x00 (0) [644] : 0x00 (0) [645] : 0x00 (0) [646] : 0x00 (0) [647] : 0x00 (0) [648] : 0x00 (0) [649] : 0x00 (0) [650] : 0x00 (0) [651] : 0x00 (0) [652] : 0x00 (0) [653] : 0x00 (0) [654] : 0x00 (0) [655] : 0x00 (0) [656] : 0x00 (0) [657] : 0x00 (0) [658] : 0x00 (0) [659] : 0x00 (0) [660] : 0x00 (0) [661] : 0x00 (0) [662] : 0x00 (0) [663] : 0x00 (0) [664] : 0x00 (0) [665] : 0x00 (0) [666] : 0x00 (0) [667] : 0x00 (0) [668] : 0x00 (0) [669] : 0x00 (0) [670] : 0x00 (0) [671] : 0x00 (0) [672] : 0x00 (0) [673] : 0x00 (0) [674] : 0x00 (0) [675] : 0x00 (0) [676] : 0x00 (0) [677] : 0x00 (0) [678] : 0x00 (0) [679] : 0x00 (0) [680] : 0x00 (0) [681] : 0x00 (0) [682] : 0x00 (0) [683] : 0x00 (0) [684] : 0x00 (0) [685] : 0x00 (0) [686] : 0x00 (0) [687] : 0x00 (0) [688] : 0x00 (0) [689] : 0x00 (0) [690] : 0x00 (0) [691] : 0x00 (0) [692] : 0x00 (0) [693] : 0x00 (0) [694] : 0x00 (0) [695] : 0x00 (0) [696] : 0x00 (0) [697] : 0x00 (0) [698] : 0x00 (0) [699] : 0x00 (0) [700] : 0x00 (0) [701] : 0x00 (0) [702] : 0x00 (0) [703] : 0x00 (0) [704] : 0x00 (0) [705] : 0x00 (0) [706] : 0x00 (0) [707] : 0x00 (0) [708] : 0x00 (0) [709] : 0x00 (0) [710] : 0x00 (0) [711] : 0x00 (0) [712] : 0x00 (0) [713] : 0x00 (0) [714] : 0x00 (0) [715] : 0x00 (0) [716] : 0x00 (0) [717] : 0x00 (0) [718] : 0x00 (0) [719] : 0x00 (0) [720] : 0x00 (0) [721] : 0x00 (0) [722] : 0x00 (0) [723] : 0x00 (0) [724] : 0x00 (0) [725] : 0x00 (0) [726] : 0x00 (0) [727] : 0x00 (0) [728] : 0x00 (0) [729] : 0x00 (0) [730] : 0x00 (0) [731] : 0x00 (0) [732] : 0x00 (0) [733] : 0x00 (0) [734] : 0x00 (0) [735] : 0x00 (0) [736] : 0x00 (0) [737] : 0x00 (0) [738] : 0x00 (0) [739] : 0x00 (0) [740] : 0x00 (0) [741] : 0x00 (0) [742] : 0x00 (0) [743] : 0x00 (0) [744] : 0x00 (0) [745] : 0x00 (0) [746] : 0x00 (0) [747] : 0x00 (0) [748] : 0x00 (0) [749] : 0x00 (0) [750] : 0x00 (0) [751] : 0x00 (0) [752] : 0x00 (0) [753] : 0x00 (0) [754] : 0x00 (0) [755] : 0x00 (0) [756] : 0x00 (0) [757] : 0x00 (0) [758] : 0x00 (0) [759] : 0x00 (0) [760] : 0x00 (0) [761] : 0x00 (0) [762] : 0x00 (0) [763] : 0x00 (0) [764] : 0x00 (0) [765] : 0x00 (0) [766] : 0x00 (0) [767] : 0x00 (0) [768] : 0x00 (0) [769] : 0x00 (0) [770] : 0x00 (0) [771] : 0x00 (0) [772] : 0x00 (0) [773] : 0x00 (0) [774] : 0x00 (0) [775] : 0x00 (0) [776] : 0x00 (0) [777] : 0x00 (0) [778] : 0x00 (0) [779] : 0x00 (0) [780] : 0x00 (0) [781] : 0x00 (0) [782] : 0x00 (0) [783] : 0x00 (0) [784] : 0x00 (0) [785] : 0x00 (0) [786] : 0x00 (0) [787] : 0x00 (0) [788] : 0x00 (0) [789] : 0x00 (0) [790] : 0x00 (0) [791] : 0x00 (0) [792] : 0x00 (0) [793] : 0x00 (0) [794] : 0x00 (0) [795] : 0x00 (0) [796] : 0x00 (0) [797] : 0x00 (0) [798] : 0x00 (0) [799] : 0x00 (0) [800] : 0x00 (0) [801] : 0x00 (0) [802] : 0x00 (0) [803] : 0x00 (0) [804] : 0x00 (0) [805] : 0x00 (0) [806] : 0x00 (0) [807] : 0x00 (0) [808] : 0x00 (0) [809] : 0x00 (0) [810] : 0x00 (0) [811] : 0x00 (0) [812] : 0x00 (0) [813] : 0x00 (0) [814] : 0x00 (0) [815] : 0x00 (0) [816] : 0x00 (0) [817] : 0x00 (0) [818] : 0x00 (0) [819] : 0x00 (0) [820] : 0x00 (0) [821] : 0x00 (0) [822] : 0x00 (0) [823] : 0x00 (0) [824] : 0x00 (0) [825] : 0x00 (0) [826] : 0x00 (0) [827] : 0x00 (0) [828] : 0x00 (0) [829] : 0x00 (0) [830] : 0x00 (0) [831] : 0x00 (0) [832] : 0x00 (0) [833] : 0x00 (0) [834] : 0x00 (0) [835] : 0x00 (0) [836] : 0x00 (0) [837] : 0x00 (0) [838] : 0x00 (0) [839] : 0x00 (0) [840] : 0x00 (0) [841] : 0x00 (0) [842] : 0x00 (0) [843] : 0x00 (0) [844] : 0x00 (0) [845] : 0x00 (0) [846] : 0x00 (0) [847] : 0x00 (0) [848] : 0x00 (0) [849] : 0x00 (0) [850] : 0x00 (0) [851] : 0x00 (0) [852] : 0x00 (0) [853] : 0x00 (0) [854] : 0x00 (0) [855] : 0x00 (0) [856] : 0x00 (0) [857] : 0x00 (0) [858] : 0x00 (0) [859] : 0x00 (0) [860] : 0x00 (0) [861] : 0x00 (0) [862] : 0x00 (0) [863] : 0x00 (0) [864] : 0x00 (0) [865] : 0x00 (0) [866] : 0x00 (0) [867] : 0x00 (0) [868] : 0x00 (0) [869] : 0x00 (0) [870] : 0x00 (0) [871] : 0x00 (0) [872] : 0x00 (0) [873] : 0x00 (0) [874] : 0x00 (0) [875] : 0x00 (0) [876] : 0x00 (0) [877] : 0x00 (0) [878] : 0x00 (0) [879] : 0x00 (0) [880] : 0x00 (0) [881] : 0x00 (0) [882] : 0x00 (0) [883] : 0x00 (0) [884] : 0x00 (0) [885] : 0x00 (0) [886] : 0x00 (0) [887] : 0x00 (0) [888] : 0x00 (0) [889] : 0x00 (0) [890] : 0x00 (0) [891] : 0x00 (0) [892] : 0x00 (0) [893] : 0x00 (0) [894] : 0x00 (0) [895] : 0x00 (0) [896] : 0x00 (0) [897] : 0x00 (0) [898] : 0x00 (0) [899] : 0x00 (0) [900] : 0x00 (0) [901] : 0x00 (0) [902] : 0x00 (0) [903] : 0x00 (0) [904] : 0x00 (0) [905] : 0x00 (0) [906] : 0x00 (0) [907] : 0x00 (0) [908] : 0x00 (0) [909] : 0x00 (0) [910] : 0x00 (0) [911] : 0x00 (0) [912] : 0x00 (0) [913] : 0x00 (0) [914] : 0x00 (0) [915] : 0x00 (0) [916] : 0x00 (0) [917] : 0x00 (0) [918] : 0x00 (0) [919] : 0x00 (0) [920] : 0x00 (0) [921] : 0x00 (0) [922] : 0x00 (0) [923] : 0x00 (0) [924] : 0x00 (0) [925] : 0x00 (0) [926] : 0x00 (0) [927] : 0x00 (0) [928] : 0x00 (0) [929] : 0x00 (0) [930] : 0x00 (0) [931] : 0x00 (0) [932] : 0x00 (0) [933] : 0x00 (0) [934] : 0x00 (0) [935] : 0x00 (0) [936] : 0x00 (0) [937] : 0x00 (0) [938] : 0x00 (0) [939] : 0x00 (0) [940] : 0x00 (0) [941] : 0x00 (0) [942] : 0x00 (0) [943] : 0x00 (0) [944] : 0x00 (0) [945] : 0x00 (0) [946] : 0x00 (0) [947] : 0x00 (0) [948] : 0x00 (0) [949] : 0x00 (0) [950] : 0x00 (0) [951] : 0x00 (0) [952] : 0x00 (0) [953] : 0x00 (0) [954] : 0x00 (0) [955] : 0x00 (0) [956] : 0x00 (0) [957] : 0x00 (0) [958] : 0x00 (0) [959] : 0x00 (0) [960] : 0x00 (0) [961] : 0x00 (0) [962] : 0x00 (0) [963] : 0x00 (0) [964] : 0x00 (0) [965] : 0x00 (0) [966] : 0x00 (0) [967] : 0x00 (0) [968] : 0x00 (0) [969] : 0x00 (0) [970] : 0x00 (0) [971] : 0x00 (0) [972] : 0x00 (0) [973] : 0x00 (0) [974] : 0x00 (0) [975] : 0x00 (0) [976] : 0x00 (0) [977] : 0x00 (0) [978] : 0x00 (0) [979] : 0x00 (0) [980] : 0x00 (0) [981] : 0x00 (0) [982] : 0x00 (0) [983] : 0x00 (0) [984] : 0x00 (0) [985] : 0x00 (0) [986] : 0x00 (0) [987] : 0x00 (0) [988] : 0x00 (0) [989] : 0x00 (0) [990] : 0x00 (0) [991] : 0x00 (0) [992] : 0x00 (0) [993] : 0x00 (0) [994] : 0x00 (0) [995] : 0x00 (0) [996] : 0x00 (0) [997] : 0x00 (0) [998] : 0x00 (0) [999] : 0x00 (0) [1000] : 0x00 (0) [1001] : 0x00 (0) [1002] : 0x00 (0) [1003] : 0x00 (0) [1004] : 0x00 (0) [1005] : 0x00 (0) [1006] : 0x00 (0) [1007] : 0x00 (0) [1008] : 0x00 (0) [1009] : 0x00 (0) [1010] : 0x00 (0) [1011] : 0x00 (0) [1012] : 0x00 (0) [1013] : 0x00 (0) [1014] : 0x00 (0) [1015] : 0x00 (0) [1016] : 0x00 (0) [1017] : 0x00 (0) [1018] : 0x00 (0) [1019] : 0x00 (0) [1020] : 0x00 (0) [1021] : 0x00 (0) [1022] : 0x00 (0) [1023] : 0x00 (0) offered : 0x00000400 (1024) [2013/11/07 14:25:04.456865, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) spoolss_AddJob: struct spoolss_AddJob out: struct spoolss_AddJob buffer : * buffer: ARRAY(1024) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) [4] : 0x00 (0) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x00 (0) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x00 (0) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x00 (0) [21] : 0x00 (0) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x00 (0) [28] : 0x00 (0) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x00 (0) [33] : 0x00 (0) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x00 (0) [37] : 0x00 (0) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x00 (0) [44] : 0x00 (0) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x00 (0) [49] : 0x00 (0) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x00 (0) [53] : 0x00 (0) [54] : 0x00 (0) [55] : 0x00 (0) [56] : 0x00 (0) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x00 (0) [62] : 0x00 (0) [63] : 0x00 (0) [64] : 0x00 (0) [65] : 0x00 (0) [66] : 0x00 (0) [67] : 0x00 (0) [68] : 0x00 (0) [69] : 0x00 (0) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x00 (0) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x00 (0) [82] : 0x00 (0) [83] : 0x00 (0) [84] : 0x00 (0) [85] : 0x00 (0) [86] : 0x00 (0) [87] : 0x00 (0) [88] : 0x00 (0) [89] : 0x00 (0) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x00 (0) [96] : 0x00 (0) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0x00 (0) [101] : 0x00 (0) [102] : 0x00 (0) [103] : 0x00 (0) [104] : 0x00 (0) [105] : 0x00 (0) [106] : 0x00 (0) [107] : 0x00 (0) [108] : 0x00 (0) [109] : 0x00 (0) [110] : 0x00 (0) [111] : 0x00 (0) [112] : 0x00 (0) [113] : 0x00 (0) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x00 (0) [118] : 0x00 (0) [119] : 0x00 (0) [120] : 0x00 (0) [121] : 0x00 (0) [122] : 0x00 (0) [123] : 0x00 (0) [124] : 0x00 (0) [125] : 0x00 (0) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x00 (0) [132] : 0x00 (0) [133] : 0x00 (0) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0x00 (0) [137] : 0x00 (0) [138] : 0x00 (0) [139] : 0x00 (0) [140] : 0x00 (0) [141] : 0x00 (0) [142] : 0x00 (0) [143] : 0x00 (0) [144] : 0x00 (0) [145] : 0x00 (0) [146] : 0x00 (0) [147] : 0x00 (0) [148] : 0x00 (0) [149] : 0x00 (0) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x00 (0) [154] : 0x00 (0) [155] : 0x00 (0) [156] : 0x00 (0) [157] : 0x00 (0) [158] : 0x00 (0) [159] : 0x00 (0) [160] : 0x00 (0) [161] : 0x00 (0) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x00 (0) [168] : 0x00 (0) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x00 (0) [173] : 0x00 (0) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x00 (0) [178] : 0x00 (0) [179] : 0x00 (0) [180] : 0x00 (0) [181] : 0x00 (0) [182] : 0x00 (0) [183] : 0x00 (0) [184] : 0x00 (0) [185] : 0x00 (0) [186] : 0x00 (0) [187] : 0x00 (0) [188] : 0x00 (0) [189] : 0x00 (0) [190] : 0x00 (0) [191] : 0x00 (0) [192] : 0x00 (0) [193] : 0x00 (0) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x00 (0) [197] : 0x00 (0) [198] : 0x00 (0) [199] : 0x00 (0) [200] : 0x00 (0) [201] : 0x00 (0) [202] : 0x00 (0) [203] : 0x00 (0) [204] : 0x00 (0) [205] : 0x00 (0) [206] : 0x00 (0) [207] : 0x00 (0) [208] : 0x00 (0) [209] : 0x00 (0) [210] : 0x00 (0) [211] : 0x00 (0) [212] : 0x00 (0) [213] : 0x00 (0) [214] : 0x00 (0) [215] : 0x00 (0) [216] : 0x00 (0) [217] : 0x00 (0) [218] : 0x00 (0) [219] : 0x00 (0) [220] : 0x00 (0) [221] : 0x00 (0) [222] : 0x00 (0) [223] : 0x00 (0) [224] : 0x00 (0) [225] : 0x00 (0) [226] : 0x00 (0) [227] : 0x00 (0) [228] : 0x00 (0) [229] : 0x00 (0) [230] : 0x00 (0) [231] : 0x00 (0) [232] : 0x00 (0) [233] : 0x00 (0) [234] : 0x00 (0) [235] : 0x00 (0) [236] : 0x00 (0) [237] : 0x00 (0) [238] : 0x00 (0) [239] : 0x00 (0) [240] : 0x00 (0) [241] : 0x00 (0) [242] : 0x00 (0) [243] : 0x00 (0) [244] : 0x00 (0) [245] : 0x00 (0) [246] : 0x00 (0) [247] : 0x00 (0) [248] : 0x00 (0) [249] : 0x00 (0) [250] : 0x00 (0) [251] : 0x00 (0) [252] : 0x00 (0) [253] : 0x00 (0) [254] : 0x00 (0) [255] : 0x00 (0) [256] : 0x00 (0) [257] : 0x00 (0) [258] : 0x00 (0) [259] : 0x00 (0) [260] : 0x00 (0) [261] : 0x00 (0) [262] : 0x00 (0) [263] : 0x00 (0) [264] : 0x00 (0) [265] : 0x00 (0) [266] : 0x00 (0) [267] : 0x00 (0) [268] : 0x00 (0) [269] : 0x00 (0) [270] : 0x00 (0) [271] : 0x00 (0) [272] : 0x00 (0) [273] : 0x00 (0) [274] : 0x00 (0) [275] : 0x00 (0) [276] : 0x00 (0) [277] : 0x00 (0) [278] : 0x00 (0) [279] : 0x00 (0) [280] : 0x00 (0) [281] : 0x00 (0) [282] : 0x00 (0) [283] : 0x00 (0) [284] : 0x00 (0) [285] : 0x00 (0) [286] : 0x00 (0) [287] : 0x00 (0) [288] : 0x00 (0) [289] : 0x00 (0) [290] : 0x00 (0) [291] : 0x00 (0) [292] : 0x00 (0) [293] : 0x00 (0) [294] : 0x00 (0) [295] : 0x00 (0) [296] : 0x00 (0) [297] : 0x00 (0) [298] : 0x00 (0) [299] : 0x00 (0) [300] : 0x00 (0) [301] : 0x00 (0) [302] : 0x00 (0) [303] : 0x00 (0) [304] : 0x00 (0) [305] : 0x00 (0) [306] : 0x00 (0) [307] : 0x00 (0) [308] : 0x00 (0) [309] : 0x00 (0) [310] : 0x00 (0) [311] : 0x00 (0) [312] : 0x00 (0) [313] : 0x00 (0) [314] : 0x00 (0) [315] : 0x00 (0) [316] : 0x00 (0) [317] : 0x00 (0) [318] : 0x00 (0) [319] : 0x00 (0) [320] : 0x00 (0) [321] : 0x00 (0) [322] : 0x00 (0) [323] : 0x00 (0) [324] : 0x00 (0) [325] : 0x00 (0) [326] : 0x00 (0) [327] : 0x00 (0) [328] : 0x00 (0) [329] : 0x00 (0) [330] : 0x00 (0) [331] : 0x00 (0) [332] : 0x00 (0) [333] : 0x00 (0) [334] : 0x00 (0) [335] : 0x00 (0) [336] : 0x00 (0) [337] : 0x00 (0) [338] : 0x00 (0) [339] : 0x00 (0) [340] : 0x00 (0) [341] : 0x00 (0) [342] : 0x00 (0) [343] : 0x00 (0) [344] : 0x00 (0) [345] : 0x00 (0) [346] : 0x00 (0) [347] : 0x00 (0) [348] : 0x00 (0) [349] : 0x00 (0) [350] : 0x00 (0) [351] : 0x00 (0) [352] : 0x00 (0) [353] : 0x00 (0) [354] : 0x00 (0) [355] : 0x00 (0) [356] : 0x00 (0) [357] : 0x00 (0) [358] : 0x00 (0) [359] : 0x00 (0) [360] : 0x00 (0) [361] : 0x00 (0) [362] : 0x00 (0) [363] : 0x00 (0) [364] : 0x00 (0) [365] : 0x00 (0) [366] : 0x00 (0) [367] : 0x00 (0) [368] : 0x00 (0) [369] : 0x00 (0) [370] : 0x00 (0) [371] : 0x00 (0) [372] : 0x00 (0) [373] : 0x00 (0) [374] : 0x00 (0) [375] : 0x00 (0) [376] : 0x00 (0) [377] : 0x00 (0) [378] : 0x00 (0) [379] : 0x00 (0) [380] : 0x00 (0) [381] : 0x00 (0) [382] : 0x00 (0) [383] : 0x00 (0) [384] : 0x00 (0) [385] : 0x00 (0) [386] : 0x00 (0) [387] : 0x00 (0) [388] : 0x00 (0) [389] : 0x00 (0) [390] : 0x00 (0) [391] : 0x00 (0) [392] : 0x00 (0) [393] : 0x00 (0) [394] : 0x00 (0) [395] : 0x00 (0) [396] : 0x00 (0) [397] : 0x00 (0) [398] : 0x00 (0) [399] : 0x00 (0) [400] : 0x00 (0) [401] : 0x00 (0) [402] : 0x00 (0) [403] : 0x00 (0) [404] : 0x00 (0) [405] : 0x00 (0) [406] : 0x00 (0) [407] : 0x00 (0) [408] : 0x00 (0) [409] : 0x00 (0) [410] : 0x00 (0) [411] : 0x00 (0) [412] : 0x00 (0) [413] : 0x00 (0) [414] : 0x00 (0) [415] : 0x00 (0) [416] : 0x00 (0) [417] : 0x00 (0) [418] : 0x00 (0) [419] : 0x00 (0) [420] : 0x00 (0) [421] : 0x00 (0) [422] : 0x00 (0) [423] : 0x00 (0) [424] : 0x00 (0) [425] : 0x00 (0) [426] : 0x00 (0) [427] : 0x00 (0) [428] : 0x00 (0) [429] : 0x00 (0) [430] : 0x00 (0) [431] : 0x00 (0) [432] : 0x00 (0) [433] : 0x00 (0) [434] : 0x00 (0) [435] : 0x00 (0) [436] : 0x00 (0) [437] : 0x00 (0) [438] : 0x00 (0) [439] : 0x00 (0) [440] : 0x00 (0) [441] : 0x00 (0) [442] : 0x00 (0) [443] : 0x00 (0) [444] : 0x00 (0) [445] : 0x00 (0) [446] : 0x00 (0) [447] : 0x00 (0) [448] : 0x00 (0) [449] : 0x00 (0) [450] : 0x00 (0) [451] : 0x00 (0) [452] : 0x00 (0) [453] : 0x00 (0) [454] : 0x00 (0) [455] : 0x00 (0) [456] : 0x00 (0) [457] : 0x00 (0) [458] : 0x00 (0) [459] : 0x00 (0) [460] : 0x00 (0) [461] : 0x00 (0) [462] : 0x00 (0) [463] : 0x00 (0) [464] : 0x00 (0) [465] : 0x00 (0) [466] : 0x00 (0) [467] : 0x00 (0) [468] : 0x00 (0) [469] : 0x00 (0) [470] : 0x00 (0) [471] : 0x00 (0) [472] : 0x00 (0) [473] : 0x00 (0) [474] : 0x00 (0) [475] : 0x00 (0) [476] : 0x00 (0) [477] : 0x00 (0) [478] : 0x00 (0) [479] : 0x00 (0) [480] : 0x00 (0) [481] : 0x00 (0) [482] : 0x00 (0) [483] : 0x00 (0) [484] : 0x00 (0) [485] : 0x00 (0) [486] : 0x00 (0) [487] : 0x00 (0) [488] : 0x00 (0) [489] : 0x00 (0) [490] : 0x00 (0) [491] : 0x00 (0) [492] : 0x00 (0) [493] : 0x00 (0) [494] : 0x00 (0) [495] : 0x00 (0) [496] : 0x00 (0) [497] : 0x00 (0) [498] : 0x00 (0) [499] : 0x00 (0) [500] : 0x00 (0) [501] : 0x00 (0) [502] : 0x00 (0) [503] : 0x00 (0) [504] : 0x00 (0) [505] : 0x00 (0) [506] : 0x00 (0) [507] : 0x00 (0) [508] : 0x00 (0) [509] : 0x00 (0) [510] : 0x00 (0) [511] : 0x00 (0) [512] : 0x00 (0) [513] : 0x00 (0) [514] : 0x00 (0) [515] : 0x00 (0) [516] : 0x00 (0) [517] : 0x00 (0) [518] : 0x00 (0) [519] : 0x00 (0) [520] : 0x00 (0) [521] : 0x00 (0) [522] : 0x00 (0) [523] : 0x00 (0) [524] : 0x00 (0) [525] : 0x00 (0) [526] : 0x00 (0) [527] : 0x00 (0) [528] : 0x00 (0) [529] : 0x00 (0) [530] : 0x00 (0) [531] : 0x00 (0) [532] : 0x00 (0) [533] : 0x00 (0) [534] : 0x00 (0) [535] : 0x00 (0) [536] : 0x00 (0) [537] : 0x00 (0) [538] : 0x00 (0) [539] : 0x00 (0) [540] : 0x00 (0) [541] : 0x00 (0) [542] : 0x00 (0) [543] : 0x00 (0) [544] : 0x00 (0) [545] : 0x00 (0) [546] : 0x00 (0) [547] : 0x00 (0) [548] : 0x00 (0) [549] : 0x00 (0) [550] : 0x00 (0) [551] : 0x00 (0) [552] : 0x00 (0) [553] : 0x00 (0) [554] : 0x00 (0) [555] : 0x00 (0) [556] : 0x00 (0) [557] : 0x00 (0) [558] : 0x00 (0) [559] : 0x00 (0) [560] : 0x00 (0) [561] : 0x00 (0) [562] : 0x00 (0) [563] : 0x00 (0) [564] : 0x00 (0) [565] : 0x00 (0) [566] : 0x00 (0) [567] : 0x00 (0) [568] : 0x00 (0) [569] : 0x00 (0) [570] : 0x00 (0) [571] : 0x00 (0) [572] : 0x00 (0) [573] : 0x00 (0) [574] : 0x00 (0) [575] : 0x00 (0) [576] : 0x00 (0) [577] : 0x00 (0) [578] : 0x00 (0) [579] : 0x00 (0) [580] : 0x00 (0) [581] : 0x00 (0) [582] : 0x00 (0) [583] : 0x00 (0) [584] : 0x00 (0) [585] : 0x00 (0) [586] : 0x00 (0) [587] : 0x00 (0) [588] : 0x00 (0) [589] : 0x00 (0) [590] : 0x00 (0) [591] : 0x00 (0) [592] : 0x00 (0) [593] : 0x00 (0) [594] : 0x00 (0) [595] : 0x00 (0) [596] : 0x00 (0) [597] : 0x00 (0) [598] : 0x00 (0) [599] : 0x00 (0) [600] : 0x00 (0) [601] : 0x00 (0) [602] : 0x00 (0) [603] : 0x00 (0) [604] : 0x00 (0) [605] : 0x00 (0) [606] : 0x00 (0) [607] : 0x00 (0) [608] : 0x00 (0) [609] : 0x00 (0) [610] : 0x00 (0) [611] : 0x00 (0) [612] : 0x00 (0) [613] : 0x00 (0) [614] : 0x00 (0) [615] : 0x00 (0) [616] : 0x00 (0) [617] : 0x00 (0) [618] : 0x00 (0) [619] : 0x00 (0) [620] : 0x00 (0) [621] : 0x00 (0) [622] : 0x00 (0) [623] : 0x00 (0) [624] : 0x00 (0) [625] : 0x00 (0) [626] : 0x00 (0) [627] : 0x00 (0) [628] : 0x00 (0) [629] : 0x00 (0) [630] : 0x00 (0) [631] : 0x00 (0) [632] : 0x00 (0) [633] : 0x00 (0) [634] : 0x00 (0) [635] : 0x00 (0) [636] : 0x00 (0) [637] : 0x00 (0) [638] : 0x00 (0) [639] : 0x00 (0) [640] : 0x00 (0) [641] : 0x00 (0) [642] : 0x00 (0) [643] : 0x00 (0) [644] : 0x00 (0) [645] : 0x00 (0) [646] : 0x00 (0) [647] : 0x00 (0) [648] : 0x00 (0) [649] : 0x00 (0) [650] : 0x00 (0) [651] : 0x00 (0) [652] : 0x00 (0) [653] : 0x00 (0) [654] : 0x00 (0) [655] : 0x00 (0) [656] : 0x00 (0) [657] : 0x00 (0) [658] : 0x00 (0) [659] : 0x00 (0) [660] : 0x00 (0) [661] : 0x00 (0) [662] : 0x00 (0) [663] : 0x00 (0) [664] : 0x00 (0) [665] : 0x00 (0) [666] : 0x00 (0) [667] : 0x00 (0) [668] : 0x00 (0) [669] : 0x00 (0) [670] : 0x00 (0) [671] : 0x00 (0) [672] : 0x00 (0) [673] : 0x00 (0) [674] : 0x00 (0) [675] : 0x00 (0) [676] : 0x00 (0) [677] : 0x00 (0) [678] : 0x00 (0) [679] : 0x00 (0) [680] : 0x00 (0) [681] : 0x00 (0) [682] : 0x00 (0) [683] : 0x00 (0) [684] : 0x00 (0) [685] : 0x00 (0) [686] : 0x00 (0) [687] : 0x00 (0) [688] : 0x00 (0) [689] : 0x00 (0) [690] : 0x00 (0) [691] : 0x00 (0) [692] : 0x00 (0) [693] : 0x00 (0) [694] : 0x00 (0) [695] : 0x00 (0) [696] : 0x00 (0) [697] : 0x00 (0) [698] : 0x00 (0) [699] : 0x00 (0) [700] : 0x00 (0) [701] : 0x00 (0) [702] : 0x00 (0) [703] : 0x00 (0) [704] : 0x00 (0) [705] : 0x00 (0) [706] : 0x00 (0) [707] : 0x00 (0) [708] : 0x00 (0) [709] : 0x00 (0) [710] : 0x00 (0) [711] : 0x00 (0) [712] : 0x00 (0) [713] : 0x00 (0) [714] : 0x00 (0) [715] : 0x00 (0) [716] : 0x00 (0) [717] : 0x00 (0) [718] : 0x00 (0) [719] : 0x00 (0) [720] : 0x00 (0) [721] : 0x00 (0) [722] : 0x00 (0) [723] : 0x00 (0) [724] : 0x00 (0) [725] : 0x00 (0) [726] : 0x00 (0) [727] : 0x00 (0) [728] : 0x00 (0) [729] : 0x00 (0) [730] : 0x00 (0) [731] : 0x00 (0) [732] : 0x00 (0) [733] : 0x00 (0) [734] : 0x00 (0) [735] : 0x00 (0) [736] : 0x00 (0) [737] : 0x00 (0) [738] : 0x00 (0) [739] : 0x00 (0) [740] : 0x00 (0) [741] : 0x00 (0) [742] : 0x00 (0) [743] : 0x00 (0) [744] : 0x00 (0) [745] : 0x00 (0) [746] : 0x00 (0) [747] : 0x00 (0) [748] : 0x00 (0) [749] : 0x00 (0) [750] : 0x00 (0) [751] : 0x00 (0) [752] : 0x00 (0) [753] : 0x00 (0) [754] : 0x00 (0) [755] : 0x00 (0) [756] : 0x00 (0) [757] : 0x00 (0) [758] : 0x00 (0) [759] : 0x00 (0) [760] : 0x00 (0) [761] : 0x00 (0) [762] : 0x00 (0) [763] : 0x00 (0) [764] : 0x00 (0) [765] : 0x00 (0) [766] : 0x00 (0) [767] : 0x00 (0) [768] : 0x00 (0) [769] : 0x00 (0) [770] : 0x00 (0) [771] : 0x00 (0) [772] : 0x00 (0) [773] : 0x00 (0) [774] : 0x00 (0) [775] : 0x00 (0) [776] : 0x00 (0) [777] : 0x00 (0) [778] : 0x00 (0) [779] : 0x00 (0) [780] : 0x00 (0) [781] : 0x00 (0) [782] : 0x00 (0) [783] : 0x00 (0) [784] : 0x00 (0) [785] : 0x00 (0) [786] : 0x00 (0) [787] : 0x00 (0) [788] : 0x00 (0) [789] : 0x00 (0) [790] : 0x00 (0) [791] : 0x00 (0) [792] : 0x00 (0) [793] : 0x00 (0) [794] : 0x00 (0) [795] : 0x00 (0) [796] : 0x00 (0) [797] : 0x00 (0) [798] : 0x00 (0) [799] : 0x00 (0) [800] : 0x00 (0) [801] : 0x00 (0) [802] : 0x00 (0) [803] : 0x00 (0) [804] : 0x00 (0) [805] : 0x00 (0) [806] : 0x00 (0) [807] : 0x00 (0) [808] : 0x00 (0) [809] : 0x00 (0) [810] : 0x00 (0) [811] : 0x00 (0) [812] : 0x00 (0) [813] : 0x00 (0) [814] : 0x00 (0) [815] : 0x00 (0) [816] : 0x00 (0) [817] : 0x00 (0) [818] : 0x00 (0) [819] : 0x00 (0) [820] : 0x00 (0) [821] : 0x00 (0) [822] : 0x00 (0) [823] : 0x00 (0) [824] : 0x00 (0) [825] : 0x00 (0) [826] : 0x00 (0) [827] : 0x00 (0) [828] : 0x00 (0) [829] : 0x00 (0) [830] : 0x00 (0) [831] : 0x00 (0) [832] : 0x00 (0) [833] : 0x00 (0) [834] : 0x00 (0) [835] : 0x00 (0) [836] : 0x00 (0) [837] : 0x00 (0) [838] : 0x00 (0) [839] : 0x00 (0) [840] : 0x00 (0) [841] : 0x00 (0) [842] : 0x00 (0) [843] : 0x00 (0) [844] : 0x00 (0) [845] : 0x00 (0) [846] : 0x00 (0) [847] : 0x00 (0) [848] : 0x00 (0) [849] : 0x00 (0) [850] : 0x00 (0) [851] : 0x00 (0) [852] : 0x00 (0) [853] : 0x00 (0) [854] : 0x00 (0) [855] : 0x00 (0) [856] : 0x00 (0) [857] : 0x00 (0) [858] : 0x00 (0) [859] : 0x00 (0) [860] : 0x00 (0) [861] : 0x00 (0) [862] : 0x00 (0) [863] : 0x00 (0) [864] : 0x00 (0) [865] : 0x00 (0) [866] : 0x00 (0) [867] : 0x00 (0) [868] : 0x00 (0) [869] : 0x00 (0) [870] : 0x00 (0) [871] : 0x00 (0) [872] : 0x00 (0) [873] : 0x00 (0) [874] : 0x00 (0) [875] : 0x00 (0) [876] : 0x00 (0) [877] : 0x00 (0) [878] : 0x00 (0) [879] : 0x00 (0) [880] : 0x00 (0) [881] : 0x00 (0) [882] : 0x00 (0) [883] : 0x00 (0) [884] : 0x00 (0) [885] : 0x00 (0) [886] : 0x00 (0) [887] : 0x00 (0) [888] : 0x00 (0) [889] : 0x00 (0) [890] : 0x00 (0) [891] : 0x00 (0) [892] : 0x00 (0) [893] : 0x00 (0) [894] : 0x00 (0) [895] : 0x00 (0) [896] : 0x00 (0) [897] : 0x00 (0) [898] : 0x00 (0) [899] : 0x00 (0) [900] : 0x00 (0) [901] : 0x00 (0) [902] : 0x00 (0) [903] : 0x00 (0) [904] : 0x00 (0) [905] : 0x00 (0) [906] : 0x00 (0) [907] : 0x00 (0) [908] : 0x00 (0) [909] : 0x00 (0) [910] : 0x00 (0) [911] : 0x00 (0) [912] : 0x00 (0) [913] : 0x00 (0) [914] : 0x00 (0) [915] : 0x00 (0) [916] : 0x00 (0) [917] : 0x00 (0) [918] : 0x00 (0) [919] : 0x00 (0) [920] : 0x00 (0) [921] : 0x00 (0) [922] : 0x00 (0) [923] : 0x00 (0) [924] : 0x00 (0) [925] : 0x00 (0) [926] : 0x00 (0) [927] : 0x00 (0) [928] : 0x00 (0) [929] : 0x00 (0) [930] : 0x00 (0) [931] : 0x00 (0) [932] : 0x00 (0) [933] : 0x00 (0) [934] : 0x00 (0) [935] : 0x00 (0) [936] : 0x00 (0) [937] : 0x00 (0) [938] : 0x00 (0) [939] : 0x00 (0) [940] : 0x00 (0) [941] : 0x00 (0) [942] : 0x00 (0) [943] : 0x00 (0) [944] : 0x00 (0) [945] : 0x00 (0) [946] : 0x00 (0) [947] : 0x00 (0) [948] : 0x00 (0) [949] : 0x00 (0) [950] : 0x00 (0) [951] : 0x00 (0) [952] : 0x00 (0) [953] : 0x00 (0) [954] : 0x00 (0) [955] : 0x00 (0) [956] : 0x00 (0) [957] : 0x00 (0) [958] : 0x00 (0) [959] : 0x00 (0) [960] : 0x00 (0) [961] : 0x00 (0) [962] : 0x00 (0) [963] : 0x00 (0) [964] : 0x00 (0) [965] : 0x00 (0) [966] : 0x00 (0) [967] : 0x00 (0) [968] : 0x00 (0) [969] : 0x00 (0) [970] : 0x00 (0) [971] : 0x00 (0) [972] : 0x00 (0) [973] : 0x00 (0) [974] : 0x00 (0) [975] : 0x00 (0) [976] : 0x00 (0) [977] : 0x00 (0) [978] : 0x00 (0) [979] : 0x00 (0) [980] : 0x00 (0) [981] : 0x00 (0) [982] : 0x00 (0) [983] : 0x00 (0) [984] : 0x00 (0) [985] : 0x00 (0) [986] : 0x00 (0) [987] : 0x00 (0) [988] : 0x00 (0) [989] : 0x00 (0) [990] : 0x00 (0) [991] : 0x00 (0) [992] : 0x00 (0) [993] : 0x00 (0) [994] : 0x00 (0) [995] : 0x00 (0) [996] : 0x00 (0) [997] : 0x00 (0) [998] : 0x00 (0) [999] : 0x00 (0) [1000] : 0x00 (0) [1001] : 0x00 (0) [1002] : 0x00 (0) [1003] : 0x00 (0) [1004] : 0x00 (0) [1005] : 0x00 (0) [1006] : 0x00 (0) [1007] : 0x00 (0) [1008] : 0x00 (0) [1009] : 0x00 (0) [1010] : 0x00 (0) [1011] : 0x00 (0) [1012] : 0x00 (0) [1013] : 0x00 (0) [1014] : 0x00 (0) [1015] : 0x00 (0) [1016] : 0x00 (0) [1017] : 0x00 (0) [1018] : 0x00 (0) [1019] : 0x00 (0) [1020] : 0x00 (0) [1021] : 0x00 (0) [1022] : 0x00 (0) [1023] : 0x00 (0) needed : * needed : 0x00000000 (0) result : WERR_INVALID_PARAM [2013/11/07 14:25:04.497654, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1417(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2013/11/07 14:25:04.497788, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (2016, 5001) - sec_ctx_stack_ndx = 0 [2013/11/07 14:25:04.497878, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 1068 smbd_smb2_request_pending_queue: req->current_idx = 1 req->in.vector[0].iov_len = 0 req->in.vector[1].iov_len = 0 req->in.vector[2].iov_len = 64 req->in.vector[3].iov_len = 56 req->in.vector[4].iov_len = 1084 req->out.vector[0].iov_len = 4 req->out.vector[1].iov_len = 0 req->out.vector[2].iov_len = 64 req->out.vector[3].iov_len = 8 req->out.vector[4].iov_len = 0 [2013/11/07 14:25:04.498410, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:128(smbd_smb2_ioctl_pipe_write_done) smbd_smb2_ioctl_pipe_write_done: received 1084 [2013/11/07 14:25:04.498493, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:149(smbd_smb2_ioctl_pipe_write_done) smbd_smb2_ioctl_pipe_write_done: issuing np_read_send of size 1024 [2013/11/07 14:25:04.498579, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) name: \spoolss len: 1024 [2013/11/07 14:25:04.498663, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:347(read_from_internal_pipe) read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 1040. [2013/11/07 14:25:04.498783, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0428 (1064) auth_length : 0x0000 (0) call_id : 0x00000003 (3) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00000410 (1040) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=1040 [0000] 04 00 02 00 00 04 00 00 00 00 00 00 00 00 00 00 ........ ........ [0010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0400] 00 00 00 00 00 00 00 00 00 00 00 00 57 00 00 00 ........ ....W... [2013/11/07 14:25:04.504077, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 1024 bytes. There is more data outstanding [2013/11/07 14:25:04.504159, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:178(smbd_smb2_ioctl_pipe_read_done) smbd_smb2_ioctl_pipe_read_done: np_read_recv nread = 1024 is_data_outstanding = 1, status = NT_STATUS_OK [2013/11/07 14:25:04.504247, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl.c:291(smbd_smb2_request_ioctl_done) smbd_smb2_request_ioctl_done: smbd_smb2_ioctl_recv returned 1024 status STATUS_BUFFER_OVERFLOW [2013/11/07 14:25:04.504331, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) smbd_smb2_request_done_ex: idx[1] status[STATUS_BUFFER_OVERFLOW] body[48] dyn[yes:1024] at ../source3/smbd/smb2_ioctl.c:358 [2013/11/07 14:25:04.504449, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/295/127 [2013/11/07 14:25:04.504701, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) smbd_smb2_request_incoming: idx[1] of 5 vectors [2013/11/07 14:25:04.504790, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) smb2_validate_sequence_number: clearing id 295 (position 295) from bitmap [2013/11/07 14:25:04.504875, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) smbd_smb2_request_dispatch: opcode[SMB2_OP_CLOSE] mid = 295 [2013/11/07 14:25:04.505000, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2013/11/07 14:25:04.505099, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_close.c:185(smbd_smb2_close) smbd_smb2_close: spoolss - fnum 2678084748 [2013/11/07 14:25:04.505196, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap.c:187(dbwrap_check_lock_order) check lock order 1 for /var/run/samba/smbXsrv_open_global.tdb [2013/11/07 14:25:04.505299, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) lock order: 1:/var/run/samba/smbXsrv_open_global.tdb 2: 3: [2013/11/07 14:25:04.505388, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) Locking key E05A5C03 [2013/11/07 14:25:04.505487, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap_tdb.c:143(db_tdb_fetch_locked_internal) Allocated locked data 0x0xb836d4f0 [2013/11/07 14:25:04.505584, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) Unlocking key E05A5C03 [2013/11/07 14:25:04.505667, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor) release lock order 1 for /var/run/samba/smbXsrv_open_global.tdb [2013/11/07 14:25:04.505746, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) lock order: 1: 2: 3: [2013/11/07 14:25:04.505852, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/files.c:525(file_free) freed files structure 2678084748 (9 used) [2013/11/07 14:25:04.505976, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[60] dyn[no:0] at ../source3/smbd/smb2_close.c:139 [2013/11/07 14:25:04.506064, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/296/127 [2013/11/07 14:25:04.507310, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) smbd_smb2_request_incoming: idx[1] of 5 vectors [2013/11/07 14:25:04.507624, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) smb2_validate_sequence_number: clearing id 296 (position 296) from bitmap [2013/11/07 14:25:04.507841, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) smbd_smb2_request_dispatch: opcode[SMB2_OP_READ] mid = 296 [2013/11/07 14:25:04.508100, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2013/11/07 14:25:04.508319, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) mid 296, CreditCharge: 1, NeededCharge: 1 [2013/11/07 14:25:04.508607, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_read.c:400(smbd_smb2_read_send) smbd_smb2_read: spoolss - fnum 3864993587 [2013/11/07 14:25:04.508829, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) name: \spoolss len: 40 [2013/11/07 14:25:04.509063, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:326(read_from_internal_pipe) read_from_pipe: \spoolss: current_pdu_len = 1064, current_pdu_sent = 1024 returning 40 bytes. [2013/11/07 14:25:04.509434, 3, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) free_pipe_context: destroying talloc pool of size 25 smbd_smb2_request_pending_queue: req->current_idx = 1 req->in.vector[0].iov_len = 0 req->in.vector[1].iov_len = 0 req->in.vector[2].iov_len = 64 req->in.vector[3].iov_len = 48 req->in.vector[4].iov_len = 1 req->out.vector[0].iov_len = 4 req->out.vector[1].iov_len = 0 req->out.vector[2].iov_len = 64 req->out.vector[3].iov_len = 8 req->out.vector[4].iov_len = 0 [2013/11/07 14:25:04.510838, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 40 bytes. There is more data outstanding [2013/11/07 14:25:04.511050, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[16] dyn[yes:40] at ../source3/smbd/smb2_read.c:154 [2013/11/07 14:25:04.511265, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/297/127 [2013/11/07 14:25:04.513169, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) smbd_smb2_request_incoming: idx[1] of 5 vectors [2013/11/07 14:25:04.513639, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) smb2_validate_sequence_number: clearing id 297 (position 297) from bitmap [2013/11/07 14:25:04.513879, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) smbd_smb2_request_dispatch: opcode[SMB2_OP_IOCTL] mid = 297 [2013/11/07 14:25:04.514742, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2013/11/07 14:25:04.514967, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) mid 297, CreditCharge: 1, NeededCharge: 1 [2013/11/07 14:25:04.515195, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl.c:394(smbd_smb2_ioctl_send) smbd_smb2_ioctl: ctl_code[0x0011c017] spoolss, fnum 3864993587 [2013/11/07 14:25:04.515433, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:59(smb2_ioctl_named_pipe) smbd_smb2_ioctl_send: np_write_send of size 150 [2013/11/07 14:25:04.515635, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 150 [2013/11/07 14:25:04.515876, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 150 [2013/11/07 14:25:04.516078, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 150 [2013/11/07 14:25:04.516592, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) fill_rpc_header: data_to_copy = 150, len_needed_to_complete_hdr = 16, receive_len = 0 [2013/11/07 14:25:04.516836, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 16 [2013/11/07 14:25:04.517035, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 134 [2013/11/07 14:25:04.517234, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 134 [2013/11/07 14:25:04.517478, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 0 [2013/11/07 14:25:04.517737, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 134 [2013/11/07 14:25:04.517938, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 134, incoming data = 134 [2013/11/07 14:25:04.518164, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) PDU is in Little Endian format! [2013/11/07 14:25:04.518388, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0096 (150) auth_length : 0x0000 (0) call_id : 0x00000004 (4) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x0000007e (126) context_id : 0x0000 (0) opnum : 0x0011 (17) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=126 [0000] 00 00 00 00 C0 01 00 00 00 00 00 00 7B 52 AC 94 ........ ....{R.. [0010] 7F 2C 00 00 01 00 00 00 01 00 00 00 00 00 02 00 .,...... ........ [0020] 04 00 02 00 00 00 00 00 08 00 02 00 13 00 00 00 ........ ........ [0030] 00 00 00 00 13 00 00 00 4E 00 65 00 75 00 65 00 ........ N.e.u.e. [0040] 73 00 20 00 54 00 65 00 78 00 74 00 64 00 6F 00 s. .T.e. x.t.d.o. [0050] 6B 00 75 00 6D 00 65 00 6E 00 74 00 00 00 00 00 k.u.m.e. n.t..... [0060] 09 00 00 00 00 00 00 00 09 00 00 00 58 00 50 00 ........ ....X.P. [0070] 53 00 5F 00 50 00 41 00 53 00 53 00 00 00 S._.P.A. S.S... [2013/11/07 14:25:04.522403, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) Processing packet type 0 [2013/11/07 14:25:04.522615, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1472(dcesrv_auth_request) Checking request auth. [2013/11/07 14:25:04.522825, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(2016, 5001) : sec_ctx_stack_ndx = 1 [2013/11/07 14:25:04.523068, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (2016, 5001) - sec_ctx_stack_ndx = 1 [2013/11/07 14:25:04.523276, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (7): SID[ 0]: S-1-5-21-1094127309-486540266-3527182606-1118 SID[ 1]: S-1-5-21-1094127309-486540266-3527182606-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-32-545 SID[ 6]: S-1-5-32-554 Privileges (0x 800000): Privilege[ 0]: SeChangeNotifyPrivilege Rights (0x 400): Right[ 0]: SeRemoteInteractiveLogonRight [2013/11/07 14:25:04.524601, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 2016 Primary group is 5001 and contains 6 supplementary groups Group[ 0]: 5001 Group[ 1]: 5012 Group[ 2]: 5032 Group[ 3]: 5010 Group[ 4]: 5067 Group[ 5]: 5052 [2013/11/07 14:25:04.525599, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1324(api_pipe_request) Requested \spoolss rpc service [2013/11/07 14:25:04.525815, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1356(api_rpcTNP) api_rpcTNP: \spoolss op 0x11 - api_rpcTNP: rpc command: SPOOLSS_STARTDOCPRINTER [2013/11/07 14:25:04.526028, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1390(api_rpcTNP) api_rpc_cmds[17].fn == 0xb766c3f0 [2013/11/07 14:25:04.526330, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) spoolss_StartDocPrinter: struct spoolss_StartDocPrinter in: struct spoolss_StartDocPrinter handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001c0-0000-0000-7b52-ac947f2c0000 info_ctr : * info_ctr: struct spoolss_DocumentInfoCtr level : 0x00000001 (1) info : union spoolss_DocumentInfo(case 1) info1 : * info1: struct spoolss_DocumentInfo1 document_name : * document_name : 'Neues Textdokument' output_file : NULL datatype : * datatype : 'XPS_PASS' [2013/11/07 14:25:04.528243, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[4] [0000] 00 00 00 00 C0 01 00 00 00 00 00 00 7B 52 AC 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:04.528778, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) spoolss_StartDocPrinter: struct spoolss_StartDocPrinter out: struct spoolss_StartDocPrinter job_id : * job_id : 0x00000000 (0) result : WERR_INVALID_DATATYPE [2013/11/07 14:25:04.529485, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1417(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2013/11/07 14:25:04.529743, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (2016, 5001) - sec_ctx_stack_ndx = 0 [2013/11/07 14:25:04.529952, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 134 smbd_smb2_request_pending_queue: req->current_idx = 1 req->in.vector[0].iov_len = 0 req->in.vector[1].iov_len = 0 req->in.vector[2].iov_len = 64 req->in.vector[3].iov_len = 56 req->in.vector[4].iov_len = 150 req->out.vector[0].iov_len = 4 req->out.vector[1].iov_len = 0 req->out.vector[2].iov_len = 64 req->out.vector[3].iov_len = 8 req->out.vector[4].iov_len = 0 [2013/11/07 14:25:04.531182, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:128(smbd_smb2_ioctl_pipe_write_done) smbd_smb2_ioctl_pipe_write_done: received 150 [2013/11/07 14:25:04.531405, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:149(smbd_smb2_ioctl_pipe_write_done) smbd_smb2_ioctl_pipe_write_done: issuing np_read_send of size 1064 [2013/11/07 14:25:04.531650, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) name: \spoolss len: 1064 [2013/11/07 14:25:04.531859, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:347(read_from_internal_pipe) read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 8. [2013/11/07 14:25:04.532095, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0020 (32) auth_length : 0x0000 (0) call_id : 0x00000004 (4) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00000008 (8) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=8 [0000] 00 00 00 00 0C 07 00 00 ........ [2013/11/07 14:25:04.533851, 3, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) free_pipe_context: destroying talloc pool of size 25 [2013/11/07 14:25:04.533960, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 32 bytes. There is no more data outstanding [2013/11/07 14:25:04.534041, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:178(smbd_smb2_ioctl_pipe_read_done) smbd_smb2_ioctl_pipe_read_done: np_read_recv nread = 32 is_data_outstanding = 0, status = NT_STATUS_OK [2013/11/07 14:25:04.534128, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl.c:291(smbd_smb2_request_ioctl_done) smbd_smb2_request_ioctl_done: smbd_smb2_ioctl_recv returned 32 status NT_STATUS_OK [2013/11/07 14:25:04.534211, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[48] dyn[yes:32] at ../source3/smbd/smb2_ioctl.c:358 [2013/11/07 14:25:04.534297, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/298/127 [2013/11/07 14:25:04.539663, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) smbd_smb2_request_incoming: idx[1] of 5 vectors [2013/11/07 14:25:04.539995, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) smb2_validate_sequence_number: clearing id 298 (position 298) from bitmap [2013/11/07 14:25:04.540658, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) smbd_smb2_request_dispatch: opcode[SMB2_OP_IOCTL] mid = 298 [2013/11/07 14:25:04.541390, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2013/11/07 14:25:04.541855, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) mid 298, CreditCharge: 1, NeededCharge: 1 [2013/11/07 14:25:04.542075, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl.c:394(smbd_smb2_ioctl_send) smbd_smb2_ioctl: ctl_code[0x0011c017] spoolss, fnum 3864993587 [2013/11/07 14:25:04.542710, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:59(smb2_ioctl_named_pipe) smbd_smb2_ioctl_send: np_write_send of size 44 [2013/11/07 14:25:04.542920, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 44 [2013/11/07 14:25:04.543127, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 44 [2013/11/07 14:25:04.543348, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 44 [2013/11/07 14:25:04.543551, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 [2013/11/07 14:25:04.543757, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 16 [2013/11/07 14:25:04.543955, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 28 [2013/11/07 14:25:04.544154, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 28 [2013/11/07 14:25:04.544363, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 0 [2013/11/07 14:25:04.544638, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 28 [2013/11/07 14:25:04.544838, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 28, incoming data = 28 [2013/11/07 14:25:04.545047, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) PDU is in Little Endian format! [2013/11/07 14:25:04.545272, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x002c (44) auth_length : 0x0000 (0) call_id : 0x00000005 (5) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x00000014 (20) context_id : 0x0000 (0) opnum : 0x001d (29) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=20 [0000] 00 00 00 00 C0 01 00 00 00 00 00 00 7B 52 AC 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:04.546365, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) Processing packet type 0 [2013/11/07 14:25:04.546514, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1472(dcesrv_auth_request) Checking request auth. [2013/11/07 14:25:04.546603, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(2016, 5001) : sec_ctx_stack_ndx = 1 [2013/11/07 14:25:04.546697, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (2016, 5001) - sec_ctx_stack_ndx = 1 [2013/11/07 14:25:04.546782, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (7): SID[ 0]: S-1-5-21-1094127309-486540266-3527182606-1118 SID[ 1]: S-1-5-21-1094127309-486540266-3527182606-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-32-545 SID[ 6]: S-1-5-32-554 Privileges (0x 800000): Privilege[ 0]: SeChangeNotifyPrivilege Rights (0x 400): Right[ 0]: SeRemoteInteractiveLogonRight [2013/11/07 14:25:04.547401, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 2016 Primary group is 5001 and contains 6 supplementary groups Group[ 0]: 5001 Group[ 1]: 5012 Group[ 2]: 5032 Group[ 3]: 5010 Group[ 4]: 5067 Group[ 5]: 5052 [2013/11/07 14:25:04.547749, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1324(api_pipe_request) Requested \spoolss rpc service [2013/11/07 14:25:04.547868, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1356(api_rpcTNP) api_rpcTNP: \spoolss op 0x1d - api_rpcTNP: rpc command: SPOOLSS_CLOSEPRINTER [2013/11/07 14:25:04.547955, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1390(api_rpcTNP) api_rpc_cmds[29].fn == 0xb766a170 [2013/11/07 14:25:04.548042, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) spoolss_ClosePrinter: struct spoolss_ClosePrinter in: struct spoolss_ClosePrinter handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001c0-0000-0000-7b52-ac947f2c0000 [2013/11/07 14:25:04.548330, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[4] [0000] 00 00 00 00 C0 01 00 00 00 00 00 00 7B 52 AC 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:04.548550, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[4] [0000] 00 00 00 00 C0 01 00 00 00 00 00 00 7B 52 AC 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:04.548701, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[4] [0000] 00 00 00 00 C0 01 00 00 00 00 00 00 7B 52 AC 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:04.548850, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:25:04.548934, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) spoolss_ClosePrinter: struct spoolss_ClosePrinter out: struct spoolss_ClosePrinter handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:25:04.549298, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1417(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2013/11/07 14:25:04.549560, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (2016, 5001) - sec_ctx_stack_ndx = 0 [2013/11/07 14:25:04.549647, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 28 smbd_smb2_request_pending_queue: req->current_idx = 1 req->in.vector[0].iov_len = 0 req->in.vector[1].iov_len = 0 req->in.vector[2].iov_len = 64 req->in.vector[3].iov_len = 56 req->in.vector[4].iov_len = 44 req->out.vector[0].iov_len = 4 req->out.vector[1].iov_len = 0 req->out.vector[2].iov_len = 64 req->out.vector[3].iov_len = 8 req->out.vector[4].iov_len = 0 [2013/11/07 14:25:04.550151, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:128(smbd_smb2_ioctl_pipe_write_done) smbd_smb2_ioctl_pipe_write_done: received 44 [2013/11/07 14:25:04.550234, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:149(smbd_smb2_ioctl_pipe_write_done) smbd_smb2_ioctl_pipe_write_done: issuing np_read_send of size 1064 [2013/11/07 14:25:04.550319, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) name: \spoolss len: 1064 [2013/11/07 14:25:04.550402, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:347(read_from_internal_pipe) read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 24. [2013/11/07 14:25:04.550501, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0030 (48) auth_length : 0x0000 (0) call_id : 0x00000005 (5) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00000018 (24) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=24 [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0010] 00 00 00 00 00 00 00 00 ........ [2013/11/07 14:25:04.551431, 3, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) free_pipe_context: destroying talloc pool of size 25 [2013/11/07 14:25:04.551538, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 48 bytes. There is no more data outstanding [2013/11/07 14:25:04.551618, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:178(smbd_smb2_ioctl_pipe_read_done) smbd_smb2_ioctl_pipe_read_done: np_read_recv nread = 48 is_data_outstanding = 0, status = NT_STATUS_OK [2013/11/07 14:25:04.551707, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl.c:291(smbd_smb2_request_ioctl_done) smbd_smb2_request_ioctl_done: smbd_smb2_ioctl_recv returned 48 status NT_STATUS_OK [2013/11/07 14:25:04.551805, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[48] dyn[yes:48] at ../source3/smbd/smb2_ioctl.c:358 [2013/11/07 14:25:04.551893, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/299/127 [2013/11/07 14:25:04.552103, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) smbd_smb2_request_incoming: idx[1] of 5 vectors [2013/11/07 14:25:04.552190, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) smb2_validate_sequence_number: clearing id 299 (position 299) from bitmap [2013/11/07 14:25:04.552274, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) smbd_smb2_request_dispatch: opcode[SMB2_OP_IOCTL] mid = 299 [2013/11/07 14:25:04.552376, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2013/11/07 14:25:04.552510, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) mid 299, CreditCharge: 1, NeededCharge: 1 [2013/11/07 14:25:04.552593, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl.c:394(smbd_smb2_ioctl_send) smbd_smb2_ioctl: ctl_code[0x0011c017] spoolss, fnum 736039724 [2013/11/07 14:25:04.552681, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:59(smb2_ioctl_named_pipe) smbd_smb2_ioctl_send: np_write_send of size 44 [2013/11/07 14:25:04.552800, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 44 [2013/11/07 14:25:04.552884, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 44 [2013/11/07 14:25:04.552965, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 44 [2013/11/07 14:25:04.553046, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 [2013/11/07 14:25:04.553128, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 16 [2013/11/07 14:25:04.553207, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 28 [2013/11/07 14:25:04.553310, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 28 [2013/11/07 14:25:04.553394, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 0 [2013/11/07 14:25:04.553474, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 28 [2013/11/07 14:25:04.553553, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 28, incoming data = 28 [2013/11/07 14:25:04.553653, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) PDU is in Little Endian format! [2013/11/07 14:25:04.553740, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x002c (44) auth_length : 0x0000 (0) call_id : 0x00000007 (7) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x00000014 (20) context_id : 0x0000 (0) opnum : 0x001d (29) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=20 [0000] 00 00 00 00 AF 01 00 00 00 00 00 00 7B 52 AB 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:04.554745, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) Processing packet type 0 [2013/11/07 14:25:04.554826, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1472(dcesrv_auth_request) Checking request auth. [2013/11/07 14:25:04.554908, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(2016, 5001) : sec_ctx_stack_ndx = 1 [2013/11/07 14:25:04.554997, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (2016, 5001) - sec_ctx_stack_ndx = 1 [2013/11/07 14:25:04.555079, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (7): SID[ 0]: S-1-5-21-1094127309-486540266-3527182606-1118 SID[ 1]: S-1-5-21-1094127309-486540266-3527182606-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-32-545 SID[ 6]: S-1-5-32-554 Privileges (0x 800000): Privilege[ 0]: SeChangeNotifyPrivilege Rights (0x 400): Right[ 0]: SeRemoteInteractiveLogonRight [2013/11/07 14:25:04.555559, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 2016 Primary group is 5001 and contains 6 supplementary groups Group[ 0]: 5001 Group[ 1]: 5012 Group[ 2]: 5032 Group[ 3]: 5010 Group[ 4]: 5067 Group[ 5]: 5052 [2013/11/07 14:25:04.555896, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1324(api_pipe_request) Requested \spoolss rpc service [2013/11/07 14:25:04.555981, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1356(api_rpcTNP) api_rpcTNP: \spoolss op 0x1d - api_rpcTNP: rpc command: SPOOLSS_CLOSEPRINTER [2013/11/07 14:25:04.556066, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1390(api_rpcTNP) api_rpc_cmds[29].fn == 0xb766a170 [2013/11/07 14:25:04.556149, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) spoolss_ClosePrinter: struct spoolss_ClosePrinter in: struct spoolss_ClosePrinter handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001af-0000-0000-7b52-ab947f2c0000 [2013/11/07 14:25:04.556483, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[4] [0000] 00 00 00 00 AF 01 00 00 00 00 00 00 7B 52 AB 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:04.556637, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[4] [0000] 00 00 00 00 AF 01 00 00 00 00 00 00 7B 52 AB 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:04.556787, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[4] [0000] 00 00 00 00 AF 01 00 00 00 00 00 00 7B 52 AB 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:04.556936, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:25:04.557018, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) spoolss_ClosePrinter: struct spoolss_ClosePrinter out: struct spoolss_ClosePrinter handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:25:04.557369, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1417(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2013/11/07 14:25:04.557463, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (2016, 5001) - sec_ctx_stack_ndx = 0 [2013/11/07 14:25:04.557546, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 28 smbd_smb2_request_pending_queue: req->current_idx = 1 req->in.vector[0].iov_len = 0 req->in.vector[1].iov_len = 0 req->in.vector[2].iov_len = 64 req->in.vector[3].iov_len = 56 req->in.vector[4].iov_len = 44 req->out.vector[0].iov_len = 4 req->out.vector[1].iov_len = 0 req->out.vector[2].iov_len = 64 req->out.vector[3].iov_len = 8 req->out.vector[4].iov_len = 0 [2013/11/07 14:25:04.558031, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:128(smbd_smb2_ioctl_pipe_write_done) smbd_smb2_ioctl_pipe_write_done: received 44 [2013/11/07 14:25:04.558114, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:149(smbd_smb2_ioctl_pipe_write_done) smbd_smb2_ioctl_pipe_write_done: issuing np_read_send of size 4136 [2013/11/07 14:25:04.558197, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) name: \spoolss len: 4136 [2013/11/07 14:25:04.558280, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:347(read_from_internal_pipe) read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 24. [2013/11/07 14:25:04.558373, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0030 (48) auth_length : 0x0000 (0) call_id : 0x00000007 (7) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00000018 (24) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=24 [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0010] 00 00 00 00 00 00 00 00 ........ [2013/11/07 14:25:04.559311, 3, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) free_pipe_context: destroying talloc pool of size 25 [2013/11/07 14:25:04.559412, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 48 bytes. There is no more data outstanding [2013/11/07 14:25:04.559492, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:178(smbd_smb2_ioctl_pipe_read_done) smbd_smb2_ioctl_pipe_read_done: np_read_recv nread = 48 is_data_outstanding = 0, status = NT_STATUS_OK [2013/11/07 14:25:04.559577, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl.c:291(smbd_smb2_request_ioctl_done) smbd_smb2_request_ioctl_done: smbd_smb2_ioctl_recv returned 48 status NT_STATUS_OK [2013/11/07 14:25:04.559660, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[48] dyn[yes:48] at ../source3/smbd/smb2_ioctl.c:358 [2013/11/07 14:25:04.559745, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/300/127 [2013/11/07 14:25:04.559918, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) smbd_smb2_request_incoming: idx[1] of 5 vectors [2013/11/07 14:25:04.560004, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) smb2_validate_sequence_number: clearing id 300 (position 300) from bitmap [2013/11/07 14:25:04.560091, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) smbd_smb2_request_dispatch: opcode[SMB2_OP_IOCTL] mid = 300 [2013/11/07 14:25:04.560187, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2013/11/07 14:25:04.560275, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) mid 300, CreditCharge: 1, NeededCharge: 1 [2013/11/07 14:25:04.560357, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl.c:394(smbd_smb2_ioctl_send) smbd_smb2_ioctl: ctl_code[0x0011c017] spoolss, fnum 3234007461 [2013/11/07 14:25:04.560490, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:59(smb2_ioctl_named_pipe) smbd_smb2_ioctl_send: np_write_send of size 44 [2013/11/07 14:25:04.560571, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 44 [2013/11/07 14:25:04.560653, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 44 [2013/11/07 14:25:04.560749, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 44 [2013/11/07 14:25:04.560829, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 [2013/11/07 14:25:04.560911, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 16 [2013/11/07 14:25:04.560990, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 28 [2013/11/07 14:25:04.561069, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 28 [2013/11/07 14:25:04.561152, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 0 [2013/11/07 14:25:04.561231, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 28 [2013/11/07 14:25:04.561324, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 28, incoming data = 28 [2013/11/07 14:25:04.561407, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) PDU is in Little Endian format! [2013/11/07 14:25:04.561493, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x002c (44) auth_length : 0x0000 (0) call_id : 0x00000003 (3) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x00000014 (20) context_id : 0x0000 (0) opnum : 0x001d (29) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=20 [0000] 00 00 00 00 F6 01 00 00 00 00 00 00 7B 52 B0 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:04.562679, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) Processing packet type 0 [2013/11/07 14:25:04.562761, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1472(dcesrv_auth_request) Checking request auth. [2013/11/07 14:25:04.563038, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(2016, 5001) : sec_ctx_stack_ndx = 1 [2013/11/07 14:25:04.563133, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (2016, 5001) - sec_ctx_stack_ndx = 1 [2013/11/07 14:25:04.563231, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (7): SID[ 0]: S-1-5-21-1094127309-486540266-3527182606-1118 SID[ 1]: S-1-5-21-1094127309-486540266-3527182606-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-32-545 SID[ 6]: S-1-5-32-554 Privileges (0x 800000): Privilege[ 0]: SeChangeNotifyPrivilege Rights (0x 400): Right[ 0]: SeRemoteInteractiveLogonRight [2013/11/07 14:25:04.563721, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 2016 Primary group is 5001 and contains 6 supplementary groups Group[ 0]: 5001 Group[ 1]: 5012 Group[ 2]: 5032 Group[ 3]: 5010 Group[ 4]: 5067 Group[ 5]: 5052 [2013/11/07 14:25:04.564057, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1324(api_pipe_request) Requested \spoolss rpc service [2013/11/07 14:25:04.564143, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1356(api_rpcTNP) api_rpcTNP: \spoolss op 0x1d - api_rpcTNP: rpc command: SPOOLSS_CLOSEPRINTER [2013/11/07 14:25:04.564227, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1390(api_rpcTNP) api_rpc_cmds[29].fn == 0xb766a170 [2013/11/07 14:25:04.564311, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) spoolss_ClosePrinter: struct spoolss_ClosePrinter in: struct spoolss_ClosePrinter handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001f6-0000-0000-7b52-b0947f2c0000 [2013/11/07 14:25:04.564634, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[3] [0000] 00 00 00 00 F6 01 00 00 00 00 00 00 7B 52 B0 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:04.564787, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[3] [0000] 00 00 00 00 F6 01 00 00 00 00 00 00 7B 52 B0 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:04.564937, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[3] [0000] 00 00 00 00 F6 01 00 00 00 00 00 00 7B 52 B0 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:04.565086, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:25:04.565168, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) spoolss_ClosePrinter: struct spoolss_ClosePrinter out: struct spoolss_ClosePrinter handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:25:04.565510, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1417(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2013/11/07 14:25:04.565603, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (2016, 5001) - sec_ctx_stack_ndx = 0 [2013/11/07 14:25:04.565687, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 28 smbd_smb2_request_pending_queue: req->current_idx = 1 req->in.vector[0].iov_len = 0 req->in.vector[1].iov_len = 0 req->in.vector[2].iov_len = 64 req->in.vector[3].iov_len = 56 req->in.vector[4].iov_len = 44 req->out.vector[0].iov_len = 4 req->out.vector[1].iov_len = 0 req->out.vector[2].iov_len = 64 req->out.vector[3].iov_len = 8 req->out.vector[4].iov_len = 0 [2013/11/07 14:25:04.566185, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:128(smbd_smb2_ioctl_pipe_write_done) smbd_smb2_ioctl_pipe_write_done: received 44 [2013/11/07 14:25:04.566268, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:149(smbd_smb2_ioctl_pipe_write_done) smbd_smb2_ioctl_pipe_write_done: issuing np_read_send of size 1024 [2013/11/07 14:25:04.566351, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) name: \spoolss len: 1024 [2013/11/07 14:25:04.566434, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:347(read_from_internal_pipe) read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 24. [2013/11/07 14:25:04.566526, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0030 (48) auth_length : 0x0000 (0) call_id : 0x00000003 (3) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00000018 (24) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=24 [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0010] 00 00 00 00 00 00 00 00 ........ [2013/11/07 14:25:04.567517, 3, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) free_pipe_context: destroying talloc pool of size 25 [2013/11/07 14:25:04.567619, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 48 bytes. There is no more data outstanding [2013/11/07 14:25:04.567699, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:178(smbd_smb2_ioctl_pipe_read_done) smbd_smb2_ioctl_pipe_read_done: np_read_recv nread = 48 is_data_outstanding = 0, status = NT_STATUS_OK [2013/11/07 14:25:04.567785, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl.c:291(smbd_smb2_request_ioctl_done) smbd_smb2_request_ioctl_done: smbd_smb2_ioctl_recv returned 48 status NT_STATUS_OK [2013/11/07 14:25:04.567868, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[48] dyn[yes:48] at ../source3/smbd/smb2_ioctl.c:358 [2013/11/07 14:25:04.567952, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/301/127 [2013/11/07 14:25:04.568142, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) smbd_smb2_request_incoming: idx[1] of 5 vectors [2013/11/07 14:25:04.568228, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) smb2_validate_sequence_number: clearing id 301 (position 301) from bitmap [2013/11/07 14:25:04.568311, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) smbd_smb2_request_dispatch: opcode[SMB2_OP_CLOSE] mid = 301 [2013/11/07 14:25:04.568446, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2013/11/07 14:25:04.568540, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_close.c:185(smbd_smb2_close) smbd_smb2_close: spoolss - fnum 3864993587 [2013/11/07 14:25:04.568675, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap.c:187(dbwrap_check_lock_order) check lock order 1 for /var/run/samba/smbXsrv_open_global.tdb [2013/11/07 14:25:04.568757, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) lock order: 1:/var/run/samba/smbXsrv_open_global.tdb 2: 3: [2013/11/07 14:25:04.568844, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) Locking key 719E44C0 [2013/11/07 14:25:04.568943, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap_tdb.c:143(db_tdb_fetch_locked_internal) Allocated locked data 0x0xb7cf7bc8 [2013/11/07 14:25:04.569039, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) Unlocking key 719E44C0 [2013/11/07 14:25:04.569122, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor) release lock order 1 for /var/run/samba/smbXsrv_open_global.tdb [2013/11/07 14:25:04.569201, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) lock order: 1: 2: 3: [2013/11/07 14:25:04.569338, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/files.c:525(file_free) freed files structure 3864993587 (8 used) [2013/11/07 14:25:04.569449, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[60] dyn[no:0] at ../source3/smbd/smb2_close.c:139 [2013/11/07 14:25:04.569534, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/302/127 [2013/11/07 14:25:04.570449, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) smbd_smb2_request_incoming: idx[1] of 5 vectors [2013/11/07 14:25:04.570563, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) smb2_validate_sequence_number: clearing id 302 (position 302) from bitmap [2013/11/07 14:25:04.570647, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) smbd_smb2_request_dispatch: opcode[SMB2_OP_CLOSE] mid = 302 [2013/11/07 14:25:04.570751, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2013/11/07 14:25:04.570840, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_close.c:185(smbd_smb2_close) smbd_smb2_close: spoolss - fnum 736039724 [2013/11/07 14:25:04.570929, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap.c:187(dbwrap_check_lock_order) check lock order 1 for /var/run/samba/smbXsrv_open_global.tdb [2013/11/07 14:25:04.571031, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) lock order: 1:/var/run/samba/smbXsrv_open_global.tdb 2: 3: [2013/11/07 14:25:04.571117, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) Locking key DCB666EF [2013/11/07 14:25:04.571207, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap_tdb.c:143(db_tdb_fetch_locked_internal) Allocated locked data 0x0xb7cf7d08 [2013/11/07 14:25:04.571298, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) Unlocking key DCB666EF [2013/11/07 14:25:04.571388, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor) release lock order 1 for /var/run/samba/smbXsrv_open_global.tdb [2013/11/07 14:25:04.571468, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) lock order: 1: 2: 3: [2013/11/07 14:25:04.571569, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/files.c:525(file_free) freed files structure 736039724 (7 used) [2013/11/07 14:25:04.571673, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[60] dyn[no:0] at ../source3/smbd/smb2_close.c:139 [2013/11/07 14:25:04.571758, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/303/127 [2013/11/07 14:25:04.573308, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) smbd_smb2_request_incoming: idx[1] of 5 vectors [2013/11/07 14:25:04.573423, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) smb2_validate_sequence_number: clearing id 303 (position 303) from bitmap [2013/11/07 14:25:04.573507, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) smbd_smb2_request_dispatch: opcode[SMB2_OP_CLOSE] mid = 303 [2013/11/07 14:25:04.573604, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2013/11/07 14:25:04.573692, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_close.c:185(smbd_smb2_close) smbd_smb2_close: spoolss - fnum 3234007461 [2013/11/07 14:25:04.573781, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap.c:187(dbwrap_check_lock_order) check lock order 1 for /var/run/samba/smbXsrv_open_global.tdb [2013/11/07 14:25:04.573861, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) lock order: 1:/var/run/samba/smbXsrv_open_global.tdb 2: 3: [2013/11/07 14:25:04.573946, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) Locking key 1915BB6F [2013/11/07 14:25:04.574035, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap_tdb.c:143(db_tdb_fetch_locked_internal) Allocated locked data 0x0xb7cf7bc8 [2013/11/07 14:25:04.574127, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) Unlocking key 1915BB6F [2013/11/07 14:25:04.574210, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor) release lock order 1 for /var/run/samba/smbXsrv_open_global.tdb [2013/11/07 14:25:04.574299, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) lock order: 1: 2: 3: [2013/11/07 14:25:04.574402, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/files.c:525(file_free) freed files structure 3234007461 (6 used) [2013/11/07 14:25:04.574527, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[60] dyn[no:0] at ../source3/smbd/smb2_close.c:139 [2013/11/07 14:25:04.574612, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/304/127 [2013/11/07 14:25:04.576030, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) smbd_smb2_request_incoming: idx[1] of 5 vectors [2013/11/07 14:25:04.576620, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) smb2_validate_sequence_number: clearing id 304 (position 304) from bitmap [2013/11/07 14:25:04.577080, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) smbd_smb2_request_dispatch: opcode[SMB2_OP_IOCTL] mid = 304 [2013/11/07 14:25:04.577649, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2013/11/07 14:25:04.577986, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) mid 304, CreditCharge: 1, NeededCharge: 1 [2013/11/07 14:25:04.578212, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl.c:394(smbd_smb2_ioctl_send) smbd_smb2_ioctl: ctl_code[0x0011c017] spoolss, fnum 2125638432 [2013/11/07 14:25:04.578456, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:59(smb2_ioctl_named_pipe) smbd_smb2_ioctl_send: np_write_send of size 44 [2013/11/07 14:25:04.578677, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 44 [2013/11/07 14:25:04.578899, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 44 [2013/11/07 14:25:04.579099, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 44 [2013/11/07 14:25:04.579317, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 [2013/11/07 14:25:04.579523, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 16 [2013/11/07 14:25:04.579720, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 28 [2013/11/07 14:25:04.579939, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 28 [2013/11/07 14:25:04.580145, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 0 [2013/11/07 14:25:04.580362, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 28 [2013/11/07 14:25:04.580653, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 28, incoming data = 28 [2013/11/07 14:25:04.580905, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) PDU is in Little Endian format! [2013/11/07 14:25:04.581126, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x002c (44) auth_length : 0x0000 (0) call_id : 0x00000003 (3) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x00000014 (20) context_id : 0x0000 (0) opnum : 0x001d (29) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=20 [0000] 00 00 00 00 FB 01 00 00 00 00 00 00 7B 52 B0 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:04.583814, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) Processing packet type 0 [2013/11/07 14:25:04.584020, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1472(dcesrv_auth_request) Checking request auth. [2013/11/07 14:25:04.584245, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(2016, 5001) : sec_ctx_stack_ndx = 1 [2013/11/07 14:25:04.584597, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (2016, 5001) - sec_ctx_stack_ndx = 1 [2013/11/07 14:25:04.584827, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (7): SID[ 0]: S-1-5-21-1094127309-486540266-3527182606-1118 SID[ 1]: S-1-5-21-1094127309-486540266-3527182606-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-32-545 SID[ 6]: S-1-5-32-554 Privileges (0x 800000): Privilege[ 0]: SeChangeNotifyPrivilege Rights (0x 400): Right[ 0]: SeRemoteInteractiveLogonRight [2013/11/07 14:25:04.586075, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 2016 Primary group is 5001 and contains 6 supplementary groups Group[ 0]: 5001 Group[ 1]: 5012 Group[ 2]: 5032 Group[ 3]: 5010 Group[ 4]: 5067 Group[ 5]: 5052 [2013/11/07 14:25:04.586936, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1324(api_pipe_request) Requested \spoolss rpc service [2013/11/07 14:25:04.587150, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1356(api_rpcTNP) api_rpcTNP: \spoolss op 0x1d - api_rpcTNP: rpc command: SPOOLSS_CLOSEPRINTER [2013/11/07 14:25:04.587362, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1390(api_rpcTNP) api_rpc_cmds[29].fn == 0xb766a170 [2013/11/07 14:25:04.587572, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) spoolss_ClosePrinter: struct spoolss_ClosePrinter in: struct spoolss_ClosePrinter handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 000001fb-0000-0000-7b52-b0947f2c0000 [2013/11/07 14:25:04.588331, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[2] [0000] 00 00 00 00 FB 01 00 00 00 00 00 00 7B 52 B0 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:04.588856, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[2] [0000] 00 00 00 00 FB 01 00 00 00 00 00 00 7B 52 B0 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:04.589336, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[2] [0000] 00 00 00 00 FB 01 00 00 00 00 00 00 7B 52 B0 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:04.589708, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:25:04.589934, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) spoolss_ClosePrinter: struct spoolss_ClosePrinter out: struct spoolss_ClosePrinter handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:25:04.590739, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1417(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2013/11/07 14:25:04.590992, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (2016, 5001) - sec_ctx_stack_ndx = 0 [2013/11/07 14:25:04.591203, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 28 smbd_smb2_request_pending_queue: req->current_idx = 1 req->in.vector[0].iov_len = 0 req->in.vector[1].iov_len = 0 req->in.vector[2].iov_len = 64 req->in.vector[3].iov_len = 56 req->in.vector[4].iov_len = 44 req->out.vector[0].iov_len = 4 req->out.vector[1].iov_len = 0 req->out.vector[2].iov_len = 64 req->out.vector[3].iov_len = 8 req->out.vector[4].iov_len = 0 [2013/11/07 14:25:04.592619, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:128(smbd_smb2_ioctl_pipe_write_done) smbd_smb2_ioctl_pipe_write_done: received 44 [2013/11/07 14:25:04.592831, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:149(smbd_smb2_ioctl_pipe_write_done) smbd_smb2_ioctl_pipe_write_done: issuing np_read_send of size 1024 [2013/11/07 14:25:04.593057, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) name: \spoolss len: 1024 [2013/11/07 14:25:04.593266, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:347(read_from_internal_pipe) read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 24. [2013/11/07 14:25:04.593510, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0030 (48) auth_length : 0x0000 (0) call_id : 0x00000003 (3) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00000018 (24) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=24 [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0010] 00 00 00 00 00 00 00 00 ........ [2013/11/07 14:25:04.594462, 3, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) free_pipe_context: destroying talloc pool of size 25 [2013/11/07 14:25:04.594567, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 48 bytes. There is no more data outstanding [2013/11/07 14:25:04.594647, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:178(smbd_smb2_ioctl_pipe_read_done) smbd_smb2_ioctl_pipe_read_done: np_read_recv nread = 48 is_data_outstanding = 0, status = NT_STATUS_OK [2013/11/07 14:25:04.594733, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl.c:291(smbd_smb2_request_ioctl_done) smbd_smb2_request_ioctl_done: smbd_smb2_ioctl_recv returned 48 status NT_STATUS_OK [2013/11/07 14:25:04.594816, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[48] dyn[yes:48] at ../source3/smbd/smb2_ioctl.c:358 [2013/11/07 14:25:04.594902, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/305/127 [2013/11/07 14:25:04.595100, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) smbd_smb2_request_incoming: idx[1] of 5 vectors [2013/11/07 14:25:04.595196, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) smb2_validate_sequence_number: clearing id 305 (position 305) from bitmap [2013/11/07 14:25:04.595280, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) smbd_smb2_request_dispatch: opcode[SMB2_OP_IOCTL] mid = 305 [2013/11/07 14:25:04.595377, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2013/11/07 14:25:04.595464, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) mid 305, CreditCharge: 1, NeededCharge: 1 [2013/11/07 14:25:04.595546, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl.c:394(smbd_smb2_ioctl_send) smbd_smb2_ioctl: ctl_code[0x0011c017] spoolss, fnum 1658646469 [2013/11/07 14:25:04.595634, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:59(smb2_ioctl_named_pipe) smbd_smb2_ioctl_send: np_write_send of size 44 [2013/11/07 14:25:04.595714, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 44 [2013/11/07 14:25:04.595805, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 44 [2013/11/07 14:25:04.595900, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 44 [2013/11/07 14:25:04.595981, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 [2013/11/07 14:25:04.596063, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 16 [2013/11/07 14:25:04.596142, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 28 [2013/11/07 14:25:04.596221, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 28 [2013/11/07 14:25:04.596303, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 0 [2013/11/07 14:25:04.596382, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 28 [2013/11/07 14:25:04.596552, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 28, incoming data = 28 [2013/11/07 14:25:04.596645, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) PDU is in Little Endian format! [2013/11/07 14:25:04.596733, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x002c (44) auth_length : 0x0000 (0) call_id : 0x00000003 (3) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x00000014 (20) context_id : 0x0000 (0) opnum : 0x001d (29) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=20 [0000] 00 00 00 00 83 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:04.597796, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) Processing packet type 0 [2013/11/07 14:25:04.597878, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1472(dcesrv_auth_request) Checking request auth. [2013/11/07 14:25:04.597961, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(2016, 5001) : sec_ctx_stack_ndx = 1 [2013/11/07 14:25:04.598050, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (2016, 5001) - sec_ctx_stack_ndx = 1 [2013/11/07 14:25:04.598146, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (7): SID[ 0]: S-1-5-21-1094127309-486540266-3527182606-1118 SID[ 1]: S-1-5-21-1094127309-486540266-3527182606-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-32-545 SID[ 6]: S-1-5-32-554 Privileges (0x 800000): Privilege[ 0]: SeChangeNotifyPrivilege Rights (0x 400): Right[ 0]: SeRemoteInteractiveLogonRight [2013/11/07 14:25:04.598636, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 2016 Primary group is 5001 and contains 6 supplementary groups Group[ 0]: 5001 Group[ 1]: 5012 Group[ 2]: 5032 Group[ 3]: 5010 Group[ 4]: 5067 Group[ 5]: 5052 [2013/11/07 14:25:04.598974, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1324(api_pipe_request) Requested \spoolss rpc service [2013/11/07 14:25:04.599059, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1356(api_rpcTNP) api_rpcTNP: \spoolss op 0x1d - api_rpcTNP: rpc command: SPOOLSS_CLOSEPRINTER [2013/11/07 14:25:04.599144, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1390(api_rpcTNP) api_rpc_cmds[29].fn == 0xb766a170 [2013/11/07 14:25:04.599227, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) spoolss_ClosePrinter: struct spoolss_ClosePrinter in: struct spoolss_ClosePrinter handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000183-0000-0000-7b52-aa947f2c0000 [2013/11/07 14:25:04.599517, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[4] [0000] 00 00 00 00 83 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:04.599669, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[4] [0000] 00 00 00 00 83 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:04.599818, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[4] [0000] 00 00 00 00 83 01 00 00 00 00 00 00 7B 52 AA 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:04.599966, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:25:04.600048, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) spoolss_ClosePrinter: struct spoolss_ClosePrinter out: struct spoolss_ClosePrinter handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:25:04.600368, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1417(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2013/11/07 14:25:04.600518, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (2016, 5001) - sec_ctx_stack_ndx = 0 [2013/11/07 14:25:04.600602, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 28 smbd_smb2_request_pending_queue: req->current_idx = 1 req->in.vector[0].iov_len = 0 req->in.vector[1].iov_len = 0 req->in.vector[2].iov_len = 64 req->in.vector[3].iov_len = 56 req->in.vector[4].iov_len = 44 req->out.vector[0].iov_len = 4 req->out.vector[1].iov_len = 0 req->out.vector[2].iov_len = 64 req->out.vector[3].iov_len = 8 req->out.vector[4].iov_len = 0 [2013/11/07 14:25:04.601119, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:128(smbd_smb2_ioctl_pipe_write_done) smbd_smb2_ioctl_pipe_write_done: received 44 [2013/11/07 14:25:04.601201, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:149(smbd_smb2_ioctl_pipe_write_done) smbd_smb2_ioctl_pipe_write_done: issuing np_read_send of size 1024 [2013/11/07 14:25:04.601305, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) name: \spoolss len: 1024 [2013/11/07 14:25:04.601390, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:347(read_from_internal_pipe) read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 24. [2013/11/07 14:25:04.601483, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0030 (48) auth_length : 0x0000 (0) call_id : 0x00000003 (3) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00000018 (24) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=24 [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0010] 00 00 00 00 00 00 00 00 ........ [2013/11/07 14:25:04.602466, 3, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) free_pipe_context: destroying talloc pool of size 25 [2013/11/07 14:25:04.602578, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 48 bytes. There is no more data outstanding [2013/11/07 14:25:04.602659, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:178(smbd_smb2_ioctl_pipe_read_done) smbd_smb2_ioctl_pipe_read_done: np_read_recv nread = 48 is_data_outstanding = 0, status = NT_STATUS_OK [2013/11/07 14:25:04.602744, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl.c:291(smbd_smb2_request_ioctl_done) smbd_smb2_request_ioctl_done: smbd_smb2_ioctl_recv returned 48 status NT_STATUS_OK [2013/11/07 14:25:04.602827, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[48] dyn[yes:48] at ../source3/smbd/smb2_ioctl.c:358 [2013/11/07 14:25:04.602912, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/306/127 [2013/11/07 14:25:04.603100, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) smbd_smb2_request_incoming: idx[1] of 5 vectors [2013/11/07 14:25:04.603198, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) smb2_validate_sequence_number: clearing id 306 (position 306) from bitmap [2013/11/07 14:25:04.603281, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) smbd_smb2_request_dispatch: opcode[SMB2_OP_IOCTL] mid = 306 [2013/11/07 14:25:04.603382, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2013/11/07 14:25:04.603470, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) mid 306, CreditCharge: 1, NeededCharge: 1 [2013/11/07 14:25:04.603551, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl.c:394(smbd_smb2_ioctl_send) smbd_smb2_ioctl: ctl_code[0x0011c017] spoolss, fnum 1638331504 [2013/11/07 14:25:04.603638, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:59(smb2_ioctl_named_pipe) smbd_smb2_ioctl_send: np_write_send of size 44 [2013/11/07 14:25:04.603718, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 44 [2013/11/07 14:25:04.603800, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 44 [2013/11/07 14:25:04.603879, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 44 [2013/11/07 14:25:04.603960, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 [2013/11/07 14:25:04.604041, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 16 [2013/11/07 14:25:04.604120, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 28 [2013/11/07 14:25:04.604199, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 28 [2013/11/07 14:25:04.604282, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 0 [2013/11/07 14:25:04.604360, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 28 [2013/11/07 14:25:04.604484, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 28, incoming data = 28 [2013/11/07 14:25:04.604567, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) PDU is in Little Endian format! [2013/11/07 14:25:04.604665, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x002c (44) auth_length : 0x0000 (0) call_id : 0x00000003 (3) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x00000014 (20) context_id : 0x0000 (0) opnum : 0x001d (29) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=20 [0000] 00 00 00 00 00 02 00 00 00 00 00 00 7B 52 B0 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:04.605747, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) Processing packet type 0 [2013/11/07 14:25:04.605829, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1472(dcesrv_auth_request) Checking request auth. [2013/11/07 14:25:04.605911, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(2016, 5001) : sec_ctx_stack_ndx = 1 [2013/11/07 14:25:04.606000, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (2016, 5001) - sec_ctx_stack_ndx = 1 [2013/11/07 14:25:04.606082, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (7): SID[ 0]: S-1-5-21-1094127309-486540266-3527182606-1118 SID[ 1]: S-1-5-21-1094127309-486540266-3527182606-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-32-545 SID[ 6]: S-1-5-32-554 Privileges (0x 800000): Privilege[ 0]: SeChangeNotifyPrivilege Rights (0x 400): Right[ 0]: SeRemoteInteractiveLogonRight [2013/11/07 14:25:04.606559, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 2016 Primary group is 5001 and contains 6 supplementary groups Group[ 0]: 5001 Group[ 1]: 5012 Group[ 2]: 5032 Group[ 3]: 5010 Group[ 4]: 5067 Group[ 5]: 5052 [2013/11/07 14:25:04.606905, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1324(api_pipe_request) Requested \spoolss rpc service [2013/11/07 14:25:04.606990, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1356(api_rpcTNP) api_rpcTNP: \spoolss op 0x1d - api_rpcTNP: rpc command: SPOOLSS_CLOSEPRINTER [2013/11/07 14:25:04.607075, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1390(api_rpcTNP) api_rpc_cmds[29].fn == 0xb766a170 [2013/11/07 14:25:04.607158, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) spoolss_ClosePrinter: struct spoolss_ClosePrinter in: struct spoolss_ClosePrinter handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000200-0000-0000-7b52-b0947f2c0000 [2013/11/07 14:25:04.607447, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[1] [0000] 00 00 00 00 00 02 00 00 00 00 00 00 7B 52 B0 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:04.607608, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[1] [0000] 00 00 00 00 00 02 00 00 00 00 00 00 7B 52 B0 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:04.607771, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[1] [0000] 00 00 00 00 00 02 00 00 00 00 00 00 7B 52 B0 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:04.607919, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:25:04.608001, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) spoolss_ClosePrinter: struct spoolss_ClosePrinter out: struct spoolss_ClosePrinter handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:25:04.608319, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1417(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2013/11/07 14:25:04.608452, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (2016, 5001) - sec_ctx_stack_ndx = 0 [2013/11/07 14:25:04.608549, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 28 smbd_smb2_request_pending_queue: req->current_idx = 1 req->in.vector[0].iov_len = 0 req->in.vector[1].iov_len = 0 req->in.vector[2].iov_len = 64 req->in.vector[3].iov_len = 56 req->in.vector[4].iov_len = 44 req->out.vector[0].iov_len = 4 req->out.vector[1].iov_len = 0 req->out.vector[2].iov_len = 64 req->out.vector[3].iov_len = 8 req->out.vector[4].iov_len = 0 [2013/11/07 14:25:04.609031, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:128(smbd_smb2_ioctl_pipe_write_done) smbd_smb2_ioctl_pipe_write_done: received 44 [2013/11/07 14:25:04.609113, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:149(smbd_smb2_ioctl_pipe_write_done) smbd_smb2_ioctl_pipe_write_done: issuing np_read_send of size 1024 [2013/11/07 14:25:04.609196, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) name: \spoolss len: 1024 [2013/11/07 14:25:04.609300, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:347(read_from_internal_pipe) read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 24. [2013/11/07 14:25:04.609423, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0030 (48) auth_length : 0x0000 (0) call_id : 0x00000003 (3) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00000018 (24) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=24 [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0010] 00 00 00 00 00 00 00 00 ........ [2013/11/07 14:25:04.610385, 3, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) free_pipe_context: destroying talloc pool of size 25 [2013/11/07 14:25:04.610486, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 48 bytes. There is no more data outstanding [2013/11/07 14:25:04.610566, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:178(smbd_smb2_ioctl_pipe_read_done) smbd_smb2_ioctl_pipe_read_done: np_read_recv nread = 48 is_data_outstanding = 0, status = NT_STATUS_OK [2013/11/07 14:25:04.610651, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl.c:291(smbd_smb2_request_ioctl_done) smbd_smb2_request_ioctl_done: smbd_smb2_ioctl_recv returned 48 status NT_STATUS_OK [2013/11/07 14:25:04.610733, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[48] dyn[yes:48] at ../source3/smbd/smb2_ioctl.c:358 [2013/11/07 14:25:04.610818, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/307/127 [2013/11/07 14:25:04.610990, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) smbd_smb2_request_incoming: idx[1] of 5 vectors [2013/11/07 14:25:04.611076, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) smb2_validate_sequence_number: clearing id 307 (position 307) from bitmap [2013/11/07 14:25:04.611158, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) smbd_smb2_request_dispatch: opcode[SMB2_OP_IOCTL] mid = 307 [2013/11/07 14:25:04.611255, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2013/11/07 14:25:04.611353, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1796(smbd_smb2_request_verify_creditcharge) mid 307, CreditCharge: 1, NeededCharge: 1 [2013/11/07 14:25:04.611435, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl.c:394(smbd_smb2_ioctl_send) smbd_smb2_ioctl: ctl_code[0x0011c017] spoolss, fnum 1873038992 [2013/11/07 14:25:04.611522, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:59(smb2_ioctl_named_pipe) smbd_smb2_ioctl_send: np_write_send of size 44 [2013/11/07 14:25:04.611602, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 44 [2013/11/07 14:25:04.611683, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 44 [2013/11/07 14:25:04.611762, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 44 [2013/11/07 14:25:04.611843, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:51(fill_rpc_header) fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 [2013/11/07 14:25:04.611925, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 16 [2013/11/07 14:25:04.612018, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 28 [2013/11/07 14:25:04.612098, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 28 [2013/11/07 14:25:04.612189, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 0 [2013/11/07 14:25:04.612269, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:243(write_to_internal_pipe) write_to_pipe: data_left = 28 [2013/11/07 14:25:04.616440, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:139(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 28, incoming data = 28 [2013/11/07 14:25:04.616537, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1614(process_complete_pdu) PDU is in Little Endian format! [2013/11/07 14:25:04.616626, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x002c (44) auth_length : 0x0000 (0) call_id : 0x00000003 (3) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x00000014 (20) context_id : 0x0000 (0) opnum : 0x001d (29) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=20 [0000] 00 00 00 00 0A 02 00 00 00 00 00 00 7B 52 B0 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:04.617818, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu) Processing packet type 0 [2013/11/07 14:25:04.617901, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1472(dcesrv_auth_request) Checking request auth. [2013/11/07 14:25:04.617995, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:216(push_sec_ctx) push_sec_ctx(2016, 5001) : sec_ctx_stack_ndx = 1 [2013/11/07 14:25:04.618097, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:316(set_sec_ctx) setting sec ctx (2016, 5001) - sec_ctx_stack_ndx = 1 [2013/11/07 14:25:04.618219, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (7): SID[ 0]: S-1-5-21-1094127309-486540266-3527182606-1118 SID[ 1]: S-1-5-21-1094127309-486540266-3527182606-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-32-545 SID[ 6]: S-1-5-32-554 Privileges (0x 800000): Privilege[ 0]: SeChangeNotifyPrivilege Rights (0x 400): Right[ 0]: SeRemoteInteractiveLogonRight [2013/11/07 14:25:04.618734, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/auth/token_util.c:528(debug_unix_user_token) UNIX token of user 2016 Primary group is 5001 and contains 6 supplementary groups Group[ 0]: 5001 Group[ 1]: 5012 Group[ 2]: 5032 Group[ 3]: 5010 Group[ 4]: 5067 Group[ 5]: 5052 [2013/11/07 14:25:04.619099, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1324(api_pipe_request) Requested \spoolss rpc service [2013/11/07 14:25:04.619185, 4, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1356(api_rpcTNP) api_rpcTNP: \spoolss op 0x1d - api_rpcTNP: rpc command: SPOOLSS_CLOSEPRINTER [2013/11/07 14:25:04.619280, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1390(api_rpcTNP) api_rpc_cmds[29].fn == 0xb766a170 [2013/11/07 14:25:04.619365, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) spoolss_ClosePrinter: struct spoolss_ClosePrinter in: struct spoolss_ClosePrinter handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000020a-0000-0000-7b52-b0947f2c0000 [2013/11/07 14:25:04.619646, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0A 02 00 00 00 00 00 00 7B 52 B0 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:04.619799, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0A 02 00 00 00 00 00 00 7B 52 B0 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:04.619948, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:337(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0A 02 00 00 00 00 00 00 7B 52 B0 94 ........ ....{R.. [0010] 7F 2C 00 00 .,.. [2013/11/07 14:25:04.620095, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:386(close_policy_hnd) Closed policy [2013/11/07 14:25:04.620187, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:333(ndr_print_function_debug) spoolss_ClosePrinter: struct spoolss_ClosePrinter out: struct spoolss_ClosePrinter handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2013/11/07 14:25:04.624578, 5, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1417(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2013/11/07 14:25:04.624680, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/sec_ctx.c:424(pop_sec_ctx) pop_sec_ctx (2016, 5001) - sec_ctx_stack_ndx = 0 [2013/11/07 14:25:04.624766, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:248(write_to_internal_pipe) write_to_pipe: data_used = 28 smbd_smb2_request_pending_queue: req->current_idx = 1 req->in.vector[0].iov_len = 0 req->in.vector[1].iov_len = 0 req->in.vector[2].iov_len = 64 req->in.vector[3].iov_len = 56 req->in.vector[4].iov_len = 44 req->out.vector[0].iov_len = 4 req->out.vector[1].iov_len = 0 req->out.vector[2].iov_len = 64 req->out.vector[3].iov_len = 8 req->out.vector[4].iov_len = 0 [2013/11/07 14:25:04.625276, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:128(smbd_smb2_ioctl_pipe_write_done) smbd_smb2_ioctl_pipe_write_done: received 44 [2013/11/07 14:25:04.625390, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:149(smbd_smb2_ioctl_pipe_write_done) smbd_smb2_ioctl_pipe_write_done: issuing np_read_send of size 1024 [2013/11/07 14:25:04.625485, 6, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:285(read_from_internal_pipe) name: \spoolss len: 1024 [2013/11/07 14:25:04.625568, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:347(read_from_internal_pipe) read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 24. [2013/11/07 14:25:04.625665, 1, pid=11391, effective(2016, 5001), real(2016, 0)] ../librpc/ndr/ndr.c:296(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0030 (48) auth_length : 0x0000 (0) call_id : 0x00000003 (3) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00000018 (24) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=24 [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0010] 00 00 00 00 00 00 00 00 ........ [2013/11/07 14:25:04.626606, 3, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:122(free_pipe_context) free_pipe_context: destroying talloc pool of size 25 [2013/11/07 14:25:04.626711, 10, pid=11391, effective(2016, 5001), real(2016, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 48 bytes. There is no more data outstanding [2013/11/07 14:25:04.626791, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl_named_pipe.c:178(smbd_smb2_ioctl_pipe_read_done) smbd_smb2_ioctl_pipe_read_done: np_read_recv nread = 48 is_data_outstanding = 0, status = NT_STATUS_OK [2013/11/07 14:25:04.626877, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_ioctl.c:291(smbd_smb2_request_ioctl_done) smbd_smb2_request_ioctl_done: smbd_smb2_ioctl_recv returned 48 status NT_STATUS_OK [2013/11/07 14:25:04.626959, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[48] dyn[yes:48] at ../source3/smbd/smb2_ioctl.c:358 [2013/11/07 14:25:04.627045, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/308/127 [2013/11/07 14:25:04.627239, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) smbd_smb2_request_incoming: idx[1] of 5 vectors [2013/11/07 14:25:04.627326, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) smb2_validate_sequence_number: clearing id 308 (position 308) from bitmap [2013/11/07 14:25:04.627421, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) smbd_smb2_request_dispatch: opcode[SMB2_OP_CLOSE] mid = 308 [2013/11/07 14:25:04.627539, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2013/11/07 14:25:04.627632, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_close.c:185(smbd_smb2_close) smbd_smb2_close: spoolss - fnum 2125638432 [2013/11/07 14:25:04.627726, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap.c:187(dbwrap_check_lock_order) check lock order 1 for /var/run/samba/smbXsrv_open_global.tdb [2013/11/07 14:25:04.627808, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) lock order: 1:/var/run/samba/smbXsrv_open_global.tdb 2: 3: [2013/11/07 14:25:04.627905, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) Locking key 77E530F9 [2013/11/07 14:25:04.627998, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap_tdb.c:143(db_tdb_fetch_locked_internal) Allocated locked data 0x0xb7ac4e58 [2013/11/07 14:25:04.628093, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) Unlocking key 77E530F9 [2013/11/07 14:25:04.628186, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor) release lock order 1 for /var/run/samba/smbXsrv_open_global.tdb [2013/11/07 14:25:04.628266, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) lock order: 1: 2: 3: [2013/11/07 14:25:04.628373, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/files.c:525(file_free) freed files structure 2125638432 (5 used) [2013/11/07 14:25:04.632557, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[60] dyn[no:0] at ../source3/smbd/smb2_close.c:139 [2013/11/07 14:25:04.632646, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/309/127 [2013/11/07 14:25:04.635732, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) smbd_smb2_request_incoming: idx[1] of 5 vectors [2013/11/07 14:25:04.635823, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) smb2_validate_sequence_number: clearing id 309 (position 309) from bitmap [2013/11/07 14:25:04.635907, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) smbd_smb2_request_dispatch: opcode[SMB2_OP_CLOSE] mid = 309 [2013/11/07 14:25:04.635999, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2013/11/07 14:25:04.636112, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_close.c:185(smbd_smb2_close) smbd_smb2_close: spoolss - fnum 1658646469 [2013/11/07 14:25:04.636203, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap.c:187(dbwrap_check_lock_order) check lock order 1 for /var/run/samba/smbXsrv_open_global.tdb [2013/11/07 14:25:04.636284, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) lock order: 1:/var/run/samba/smbXsrv_open_global.tdb 2: 3: [2013/11/07 14:25:04.636370, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) Locking key 3C672C94 [2013/11/07 14:25:04.636499, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap_tdb.c:143(db_tdb_fetch_locked_internal) Allocated locked data 0x0xb7cf7d08 [2013/11/07 14:25:04.636592, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) Unlocking key 3C672C94 [2013/11/07 14:25:04.636694, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor) release lock order 1 for /var/run/samba/smbXsrv_open_global.tdb [2013/11/07 14:25:04.636774, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) lock order: 1: 2: 3: [2013/11/07 14:25:04.636880, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/files.c:525(file_free) freed files structure 1658646469 (4 used) [2013/11/07 14:25:04.636987, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[60] dyn[no:0] at ../source3/smbd/smb2_close.c:139 [2013/11/07 14:25:04.637072, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/310/127 [2013/11/07 14:25:04.638300, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) smbd_smb2_request_incoming: idx[1] of 5 vectors [2013/11/07 14:25:04.638390, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) smb2_validate_sequence_number: clearing id 310 (position 310) from bitmap [2013/11/07 14:25:04.638520, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) smbd_smb2_request_dispatch: opcode[SMB2_OP_CLOSE] mid = 310 [2013/11/07 14:25:04.638613, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2013/11/07 14:25:04.638709, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_close.c:185(smbd_smb2_close) smbd_smb2_close: spoolss - fnum 1638331504 [2013/11/07 14:25:04.638798, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap.c:187(dbwrap_check_lock_order) check lock order 1 for /var/run/samba/smbXsrv_open_global.tdb [2013/11/07 14:25:04.638879, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) lock order: 1:/var/run/samba/smbXsrv_open_global.tdb 2: 3: [2013/11/07 14:25:04.638965, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) Locking key C405B9A3 [2013/11/07 14:25:04.639054, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap_tdb.c:143(db_tdb_fetch_locked_internal) Allocated locked data 0x0xb7cf7bc8 [2013/11/07 14:25:04.639147, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) Unlocking key C405B9A3 [2013/11/07 14:25:04.639230, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor) release lock order 1 for /var/run/samba/smbXsrv_open_global.tdb [2013/11/07 14:25:04.639310, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) lock order: 1: 2: 3: [2013/11/07 14:25:04.639410, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/files.c:525(file_free) freed files structure 1638331504 (3 used) [2013/11/07 14:25:04.639526, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[60] dyn[no:0] at ../source3/smbd/smb2_close.c:139 [2013/11/07 14:25:04.639613, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/311/127 [2013/11/07 14:25:04.642003, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:3256(smbd_smb2_request_incoming) smbd_smb2_request_incoming: idx[1] of 5 vectors [2013/11/07 14:25:04.642096, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:620(smb2_validate_sequence_number) smb2_validate_sequence_number: clearing id 311 (position 311) from bitmap [2013/11/07 14:25:04.642180, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:1894(smbd_smb2_request_dispatch) smbd_smb2_request_dispatch: opcode[SMB2_OP_CLOSE] mid = 311 [2013/11/07 14:25:04.642272, 4, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/uid.c:384(change_to_user) Skipping user change - already user [2013/11/07 14:25:04.642360, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_close.c:185(smbd_smb2_close) smbd_smb2_close: spoolss - fnum 1873038992 [2013/11/07 14:25:04.642449, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap.c:187(dbwrap_check_lock_order) check lock order 1 for /var/run/samba/smbXsrv_open_global.tdb [2013/11/07 14:25:04.642542, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) lock order: 1:/var/run/samba/smbXsrv_open_global.tdb 2: 3: [2013/11/07 14:25:04.642628, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) Locking key 4FA9A405 [2013/11/07 14:25:04.642715, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap_tdb.c:143(db_tdb_fetch_locked_internal) Allocated locked data 0x0xb7ac4e58 [2013/11/07 14:25:04.642807, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key) Unlocking key 4FA9A405 [2013/11/07 14:25:04.642890, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor) release lock order 1 for /var/run/samba/smbXsrv_open_global.tdb [2013/11/07 14:25:04.642969, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) lock order: 1: 2: 3: [2013/11/07 14:25:04.643070, 5, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/files.c:525(file_free) freed files structure 1873038992 (2 used) [2013/11/07 14:25:04.643175, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex) smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[60] dyn[no:0] at ../source3/smbd/smb2_close.c:139 [2013/11/07 14:25:04.643259, 10, pid=11391, effective(2016, 5001), real(2016, 0)] ../source3/smbd/smb2_server.c:873(smb2_set_operation_credit) smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 386/512, total granted/max/low/range 127/8192/312/127