C++/VB - win32_NTLogEventTimeGenerated is in GMT and not local in Vista/w2

Asked By tango

11-Nov-09 07:15 AM

(I posted this question to the microsoft.public.win32.programmer.wmi  but
it is not available anymore.  I do not know if this is the correct forum to
post this question...)

We are using the win32_NTLogEvent class to retrieve events and store them to
a database. We have noticed that in windows 2008 32bit and vista 32bit the
win32_NTLogEvent.TimeGenerated is returned in GMT with an offset value of
000. In earlier versions of windows, win32_NTLogEvent.TimeGenerated is
returned in localtime with an offset relative to GMT.
For Example these two are exactly the same date:
WinXP         TimeGenerated 10:00  GMT 120 (20091016100000.000000+120)
Vista/2008   TimeGenerated 08:00 GMT 000 (20091016080000.000000+000)

This, of course, creates inconsistency in data depending on the source OS.
We would like to know if this change is intentionate and if means of easily
recovering the local time instead have been provided.

Thank you very much,
Tango.

Win32 Networks Discussions

Windows XP
(1)

FileTimeToLocalFileTime
(1)

Vista
(1)

SystemTimeToFileTime
(1)

NTLogEvent
(1)

Database
(1)

TeamB
(1)

Intentionate
(1)

Remy Lebeau replied to tango

11-Nov-09 01:16 PM

Why not just have your code convert GMT values to local time whenever =
the offset is 0?  Look at SystemTimeToFileTime(), =
FileTimeToLocalFileTime(), and other related functions.

--=20
Remy Lebeau (TeamB)

tango replied to Remy Lebeau

23-Nov-09 05:37 AM

offset is 0?  Look at SystemTimeToFileTime(), FileTimeToLocalFileTime(), and
other related functions.

The problem is that we are retrieving remote data using WMI, we need to get
the local time for the eventlog message in the REMOTE computer, and I think
using the API we will bet the date in the local computer where we are
executing the WMI query.

For Example in a remote WinXP when we retrieve the EventLog message with
TimeGenerated 10:00 GMT 120 (20091016100000.000000+120)  we know there was
10:00 in the remote computer clock but when retrieving the same EventLog
message from a remote Vista/2008, the TimeGenerated will be 08:00 GMT 000
(20091016080000.000000+000) so we cannot get the "real remote time" where the
message was generated.

tango replied to tango

15-Jan-10 01:32 AM

I have not received any MSDN reply. I thought it was because a problem in the
nospam alias not being assigned but I am sure now it is assigned.

Impossible to get the sysuptime on windows 2000 C++ / VB

Impossible to get the sysuptime on windows 2000 C++ / VB Hello, My application is developped on visual c++ 6, uses the SnmpExtensionQuery value. But this function always returns the same bad value 4294967295 when it works on windows 2000, pack service 4. The same application works very well on windows XP. I've tried to use the SnmpSvcGetUpTime function of Snmpapi.dll library, the problem remains the same. The application works on windows XP and does not work on windows 2000. How can I do to get the correct value of sysuptime in using inetmib1.dll library on windows 2000? thanks VC Language Discussions Windows Server (1) FileTimeToLocalFileTime (1) Vista (1) FileTimeToSystemTime (1) SnmpSvcGetUpTime

UTC offset for MY when program runs in another time zone C++ / VB

time zone B? This must include adjustment for daylight / standard time. VB WinAPI Discussions Office XP (1) SystemTimeToTzSpecificLocalTime (1) Windows Server (1) Windows Vista (1) LocalFileTimeToFileTime (1) FileTimeToLocalFileTime (1) Office 2003 (1) Outlook (1) UTC is the same in NY as it is is, API support is only available on Vista and 2008, but the keys exist on XP?! Btw, it turns out the only element of the TZI that needs to be filled horror just re-occurred to me. Are the TZ names found here: HKLM \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Time Zones localized? I would certainly suspect so. And if so, there's looking for any specific name, is there? If anyone running a non-English version of Windows would care to look, I'd be very appreciative! - - .NET: It's About Trust! http: / / vfred.mvps.org Karl E. Peterson <karl@mvps.org> schrieb im Beitrag . . . Tashkent] On Windows 98 SE (HKLM \ . . . \ Windows \ CurrentVersion \ TimeZones) the entries look like this: \ TimeZones \ Afghanistan \ Display (GMT

file date / time C++ / VB

file date / time C++ / VB Hi Could someone please explain me how Windows handles the date and time of a file? What I mean is: Every file has 3 entries: -Creation time (Windows Explorer shows: Created: under File-> Properties) -Last Access time (showed as Accessed:) -Last Write time using GetFileTime() API. If I copy a file from folder A to folder B using Windows Explorer then I get the following: Source File: Created: Monday, July 9, 2007 Modified: Monday I am not sure what time value I must use. Regards Peter VB WinAPI Discussions FileTimeToLocalFileTime (1) Word (1) FileTimeToSystemTime (1) XP (1) FindFirstFileA (1) FindNextFileA (1) FtLastAccessTime (1) FtLastWriteTime (1) No, the "Creation" date is when you want a date for display the preferred option is to use the same as Windows Explorer does: the Modified Date. What's really weird is that as far as I kernel32" _ (ByRef lpFileTime As FILETIME, ByRef lpSystemTime As SYSTEMTIME) As Long Private Declare Function FileTimeToLocalFileTime Lib "kernel32" _ (ByRef lpFileTime As FILETIME, ByRef lpLocalFileTime As FILETIME) As Long Sub Main x = InStr(1, sName, vbNullChar) If x > 0 Then sName = Left$(sName, x - 1) x = FileTimeToLocalFileTime(fdata.ftLastAccessTime, uFT) x = FileTimeToSystemTime(uFT, uST) With uST Debug.Print sName, DateSerial(.wYear, .wMonth

Windows XP MFC program on Windows 7 issue C++ / VB

Windows XP MFC program on Windows 7 issue C++ / VB I have a Windows XP application written in MFC. Can it runs on Windows 7 (32-bit)? Can Windows XP device driver work on Windows 7 (32-bits)? My application uses some drivers which works