Welcome!

By registering with us, you'll be able to discuss, share and private message with other members of our community.

SignUp Now!

REGDIR's timestamps

May
12,930
170
Two more things about REGDIR's timestamps ...

1. Any time in 00:00 - 09:59 appears with only one '0' in the hour. That's not my chosen format and I don't see it anywhere else. For example,
Code:
v:\> regdir /t HKCU | grep " 8:55" | head /n 1
2012-06-07  8:55                  Trust Database

2. Assuming I was correct (in another thread) in pointing out that all subkeys show the timestamp of their parent key, then timestamps during standard time differ by one hour from the ones I get with my KEYTIMES or @KEYTIME plugins. For example,
Code:
v:\> echo %@keytime[HKCU\AppEvents]
2013-01-25,12:51:33

v:\> regdir /s1 /t HKCU\AppEvents | grep EventLabels
2013-01-25 13:51    EventLabels

I use the following on the FILETIME from RegQueryKeyInfo.
Code:
BOOL FileTimeToLocalSystemTime(LPFILETIME pft, LPSYSTEMTIME pstLocal)
{
    SYSTEMTIME st;
    if ( FileTimeToSystemTime(pft, &st) && SystemTimeToTzSpecificLocalTime(NULL, &st, pstLocal) )
        return TRUE;
    return FALSE;
}
WCHAR *DateString(SYSTEMTIME *pst)
{
    static WCHAR buf[32];
    GetDateFormat(LOCALE_USER_DEFAULT, DATE_SHORTDATE, pst, NULL, buf, 32);
    return buf;
}

WCHAR *TimeString(SYSTEMTIME *pst)
{
    static WCHAR buf[32];
    GetTimeFormat(LOCALE_USER_DEFAULT,  0, pst, NULL, buf, 16);
    return buf;
}
 
Back
Top