I'm looking in HKLM/SOFTWARE/Microsoft/Windows NT/CurrentVersion and there are two registry keys
InstallDate
InstallTime
The two have different dates, one in April '16 and one in July '16. Resources online show that InstallDate is usually how you derive the installation time for a Windows OS, so what does the InstallTime reflect differently?
(as per my answer on reddit)
Can confirm the existence of the key but not sure what yours is showing.
My installDate is in august, which I think is when I installed the anniversary update
My installTime translates to 1970 epoch and I haven't done anything more than update the winnt_cv regripper plugin to translate the date the same way as installDate
It turns out that InstallDate is a unix timestamp, while InstallTime is a Windows Date/time timestamp. If you use the correct decoding they come out to the same date.
Strange of Microsoft to use the two date formats but that makes a lot more sense now.
It turns out that InstallDate is a unix timestamp, while InstallTime is a Windows Date/time timestamp. If you use the correct decoding they come out to the same date.
Strange of Microsoft to use the two date formats but that makes a lot more sense now.
Yep
if you add
" if ($name eq "InstallTime"){
my @t = unpack("VV",$data);
$data = gmtime(getTime($t[0],$t[1]))." (UTC)";
}
"
to winnt_cv regripper plugin it comes out as the same date for me.
With the correct parsing are you still getting different dates?
It turns out that InstallDate is a unix timestamp, while InstallTime is a Windows Date/time timestamp. If you use the correct decoding they come out to the same date.
Strange of Microsoft to use the two date formats but that makes a lot more sense now.
Yep
if you add
" if ($name eq "InstallTime"){
my @t = unpack("VV",$data);
$data = gmtime(getTime($t[0],$t[1]))." (UTC)";
}
"to winnt_cv regripper plugin it comes out as the same date for me.
With the correct parsing are you still getting different dates?
The dates align with the correct parsing. ) Thanks a lot for your help.
I hate windows 10…
Maybe this was the easiest way to put together "parts" of the OS using different date formats from different (program) sources ?!
I've updated the winnt_cv regripper plugin and pushed it to my github.
I've created a pull request with the developer so hopefully it'll be absorbed into the official repo.
In the meantime you can get it
I'm looking in HKLM/SOFTWARE/Microsoft/Windows NT/CurrentVersion and there are two registry keys
InstallDate
InstallTimeThe two have different dates, one in April '16 and one in July '16. Resources online show that InstallDate is usually how you derive the installation time for a Windows OS, so what does the InstallTime reflect differently?
On my Windows 10 system, I don't see two keys, I see two values. Big difference. If they were keys, the time stamps would be the key LastWrite times.
Yep Values, Key and Subkeys remain as per previous versions, just the addition of the new value; both should match just are in different date formats