REGDIR's timestamps

May 20, 2008
10,625
81
Syracuse, NY, USA
Two more things about REGDIR's timestamps ...

1. Any time in 00:00 - 09:59 appears with only one '0' in the hour. That's not my chosen format and I don't see it anywhere else. For example,
Code:
v:\> regdir /t HKCU | grep " 8:55" | head /n 1
2012-06-07  8:55                  Trust Database
2. Assuming I was correct (in another thread) in pointing out that all subkeys show the timestamp of their parent key, then timestamps during standard time differ by one hour from the ones I get with my KEYTIMES or @KEYTIME plugins. For example,
Code:
v:\> echo %@keytime[HKCU\AppEvents]
2013-01-25,12:51:33

v:\> regdir /s1 /t HKCU\AppEvents | grep EventLabels
2013-01-25 13:51    EventLabels
I use the following on the FILETIME from RegQueryKeyInfo.
Code:
BOOL FileTimeToLocalSystemTime(LPFILETIME pft, LPSYSTEMTIME pstLocal)
{
    SYSTEMTIME st;
    if ( FileTimeToSystemTime(pft, &st) && SystemTimeToTzSpecificLocalTime(NULL, &st, pstLocal) )
        return TRUE;
    return FALSE;
}
WCHAR *DateString(SYSTEMTIME *pst)
{
    static WCHAR buf[32];
    GetDateFormat(LOCALE_USER_DEFAULT, DATE_SHORTDATE, pst, NULL, buf, 32);
    return buf;
}

WCHAR *TimeString(SYSTEMTIME *pst)
{
    static WCHAR buf[32];
    GetTimeFormat(LOCALE_USER_DEFAULT,  0, pst, NULL, buf, 16);
    return buf;
}