If you’ve been following my blog you know I use .logopen and .logclose quite a lot, mainly in PowerDbg. Using these pairs of commands you can save a log file that has all output from the debugger.
.logopen [Options] [FileName]
/t Appends the process ID with the current date and time to the log file name. This data is inserted after the file name and before the file name extension.
/u Writes the log file in Unicode format. If you omit this option, the debugger writes the log file in ASCII (ANSI) format.
/d Automatically chooses a file name based on the name of the target process or target computer and the state of the target. The file always has the .log file name extension.
.logclose closes the log file.
Let’s see some examples:
Now let’s suppose you want to save just the commands. To do that you should use:
Tip: With this command you can learn from others’ debugging sessions! Remember, when using this command the history is cumulative as you can see from the screenshots below.
Here you can see scripts that use logging.