Appendix C. Sample session history (history.txt)
(note: this session history was made with the pre-release version of ComLog. The same commands would now produce a slightly different result.)
Sun Aug 4 04:31:09 2002
Microsoft(R) Windows NT(TM)
(C) Copyright 1985-1996 Microsoft Corp.
Sun Aug 4 04:31:09 2002
D:\commandlog>dir
Sun Aug 4 04:31:15 2002
Volume in drive D is D
Volume Serial Number is 0480-D01C
Directory of D:\commandlog
08/04/02 04:31a "<"DIR> .
08/04/02 04:31a "<"DIR> ..
08/04/02 04:26a 655,520 cmd.exe
08/04/02 04:20a 8,726 comlog.pl
08/04/02 04:10a 18,433 comlog.txt
05/13/02 02:42p 1,506 command logger.txt
02/11/02 11:47a 971 pseudo code.txt
08/04/02 04:28a 583 Shortcut to cmd.exe.lnk
05/30/02 02:04p 35 systempath.txt
07/21/02 03:27p 878 test.txt
12 File(s) 894,939 bytes
489,010,688 bytes free
Sun Aug 4 04:31:15 2002
D:\commandlog>echo "There is a copy of cm_.exe and history.txt in here, but we don't see it"
Sun Aug 4 04:32:02 2002
Sun Aug 4 04:32:02 2002
D:\commandlog>echo "That last message didn't echo because it contained the fobidden words"
Sun Aug 4 04:32:31 2002
"That last message didn't echo because it contained the fobidden words"
Sun Aug 4 04:32:31 2002
D:\commandlog>cd ..
Sun Aug 4 04:32:35 2002
Sun Aug 4 04:32:35 2002
D:\>dir
Sun Aug 4 04:32:36 2002
Volume in drive D is D
Volume Serial Number is 0480-D01C
Directory of D:\
08/04/02 04:31a "<"DIR> commandlog
06/25/02 12:57p "<"DIR> Dev
12/25/00 09:34p "<"DIR> downloads
08/04/02 04:20a "<"DIR> Log
08/04/02 04:21a "<"DIR> LogAgent 2.0
01/02/01 03:57p "<"DIR> movies
07/24/01 12:59p "<"DIR> Musique
08/04/02 02:42a "<"DIR> NONE
06/25/02 01:59p "<"DIR> NTRESKIT
08/04/02 02:59a 67,108,864 pagefile.sys
05/20/01 06:10a "<"DIR> Program Files
08/04/02 04:31a "<"DIR> TEMP
04/30/02 02:33p "<"DIR> Test
10/15/00 04:06p "<"DIR> VIRUSES
05/24/02 06:22p "<"DIR> WINNT
05/24/02 06:22p 92 WINNTdun.bat
16 File(s) 67,108,956 bytes
489,009,152 bytes free
Sun Aug 4 04:32:37 2002
D:\>ipconfig
Sun Aug 4 04:32:43 2002
Windows NT IP Configuration
Ethernet adapter DE5284:
IP Address. . . . . . . . . : 192.168.0.1
Subnet Mask . . . . . . . . : 255.255.0.0
Default Gateway . . . . . . : 192.168.0.1
PPP adapter NdisWan3:
IP Address. . . . . . . . . : 0.0.0.0
Subnet Mask . . . . . . . . : 0.0.0.0
Default Gateway . . . . . . :
Sun Aug 4 04:32:43 2002
D:\>net share
Sun Aug 4 04:32:47 2002
Share name Resource Remark
--------------------------------------------------------------------------------
IPC$ Remote IPC
C$ C:\ Default share
D$ D:\ Default share
G$ G:\ Default share
Log$ D:\Log
ADMIN$ D:\WINNT Remote Admin
Log D:\Log
The command completed successfully.
Sun Aug 4 04:32:47 2002
D:\>dir \log >> dirlog.txt
Sun Aug 4 04:33:52 2002
Sun Aug 4 04:33:52 2002
D:\>echo "The user see no display because he sent the output to a file"
Sun Aug 4 04:34:39 2002
"The user see no display because he sent the output to a file"
Sun Aug 4 04:34:39 2002
D:\>type dirlog.txt
Sun Aug 4 04:34:45 2002
Volume in drive D is D
Volume Serial Number is 0480-D01C
Directory of D:\log
08/04/02 04:20a "<"DIR> .
08/04/02 04:20a "<"DIR> ..
04/30/02 02:37p 3,819 adam.log
09/25/00 08:31p 373 bind.log
05/20/01 05:46a 6,917 getright.log
08/04/02 02:50a 131,546 IAMDB.RDB
09/25/00 08:31p 41 restart.log
08/04/02 04:20a 177 Scan Viruses.lnk
09/25/00 08:31p 36 shutdown.log
09/25/00 08:31p 104 startup.log
04/29/02 02:56p 218 test.bat
04/30/02 02:33p 3,721 test.txt
07/24/01 11:26a 5,553 ZALog.txt
14 File(s) 153,044 bytes
489,005,568 bytes free
Sun Aug 4 04:34:46 2002
D:\>dir
Sun Aug 4 04:34:51 2002
Volume in drive D is D
Volume Serial Number is 0480-D01C
Directory of D:\
08/04/02 04:31a "<"DIR> commandlog
06/25/02 12:57p "<"DIR> Dev
08/04/02 04:33a 886 dirlog.txt
12/25/00 09:34p "<"DIR> downloads
08/04/02 04:20a "<"DIR> Log
08/04/02 04:21a "<"DIR> LogAgent 2.0
01/02/01 03:57p "<"DIR> movies
07/24/01 12:59p "<"DIR> Musique
08/04/02 02:42a "<"DIR> NONE
06/25/02 01:59p "<"DIR> NTRESKIT
08/04/02 02:59a 67,108,864 pagefile.sys
05/20/01 06:10a "<"DIR> Program Files
08/04/02 04:31a "<"DIR> TEMP
04/30/02 02:33p "<"DIR> Test
10/15/00 04:06p "<"DIR> VIRUSES
05/24/02 06:22p "<"DIR> WINNT
05/24/02 06:22p 92 WINNTdun.bat
17 File(s) 67,109,842 bytes
489,004,544 bytes free
Sun Aug 4 04:34:51 2002
D:\>cd commandlog
Sun Aug 4 04:34:57 2002
Sun Aug 4 04:34:57 2002
D:\commandlog>dir
Sun Aug 4 04:34:59 2002
Volume in drive D is D
Volume Serial Number is 0480-D01C
Directory of D:\commandlog
08/04/02 04:31a "<"DIR> .
08/04/02 04:31a "<"DIR> ..
08/04/02 04:26a 655,520 cmd.exe
08/04/02 04:20a 8,726 comlog.pl
08/04/02 04:10a 18,433 comlog.txt
05/13/02 02:42p 1,506 command logger.txt
02/11/02 11:47a 971 pseudo code.txt
08/04/02 04:28a 583 Shortcut to cmd.exe.lnk
05/30/02 02:04p 35 systempath.txt
07/21/02 03:27p 878 test.txt
12 File(s) 900,833 bytes
489,003,520 bytes free
Sun Aug 4 04:34:59 2002
D:\commandlog>copy cmd.exe root.exe
Sun Aug 4 04:35:44 2002
1 file(s) copied.
Sun Aug 4 04:35:44 2002
D:\commandlog>exit
Sun Aug 4 04:35:50 2002
Appendix B. Sample session history (console)
Table of Contents