Re: Coverting a Registry Time Stamp to a Unix Time Code
"Le Tubs" wrote:
What kind of software writes these timestamps? What is
the
original format of timestamps before they are written to
the
Registry?
Its norton antivirus, that writes these timestamps, as a
result I have
no idea what format these timestamps are in before they
are written to
the registery. Yes, my REG_BIN is actually REG_BINARY. If
your
wondering why we have a great deal of laptops & road
warrioirs and as
such we are trying to ensure that they have the updated
virus
defintions & have run a scan within a certian period of
time, before
they connect to the internal corporate network, otherwise
we ban them
from certian parts of the network.
First of all, I'd check whether NA provides more elegant way
to achieve your goals. Reverse engineering registry entries
looks like dirty hack, which is not guaranteed to work in
the future. Anyway, from sample value you provided in
original post it seems that NA stores there SYSTEMTIME
struct. I just can't think about anything else that could be
16 bytes long and represent time on Windows. There's always
an opportunity that besides timestamp there is something
else in that value. Only NA authors know for sure.
I just tried to interpret the bytes from original post as
SYSTEMTIME and it renders the date: "Sunday, 13 November
2006, 11:37:03". The date looks good, except that 13 Nov
2006 is Monday, not Sunday. So, my assumption regarding
SYSTEMTIME can be wrong.
In order to convert SYSTEMTIME into time_t do the reverse
operation of what described here:
KB167296 - "How To Convert a UNIX time_t to a Win32 FILETIME
or SYSTEMTIME"
http://support.microsoft.com/kb/167296/
HTH
Alex