Re: Re: Re: Need Advice: Date difference revisted

The only way something like this would work is if there is a Windows file that is written to whenever the system is rebooted. Again, the systems are locked down, so I have few options for finding the system uptime on Windows. The only thing I've found so far that gives any indications is the 'net statistics' command. I know this is a pain in the a$$. When I can use Perl 5 I do. If I had the option, I'd be able to write this in no time. With Perl 4, however, I'm a bit stuck. I appreciate the responses guys. How difficult do you think it'd be to write my own date difference subroutines? I'd imagine it's quite involved since there's an entire module dedicated to this alone.

Comment on Re: Re: Re: Need Advice: Date difference revisted

Replies are listed 'Best First'.
Re: Re: Re: Re: Need Advice: Date difference revisted by BrowserUk (Patriarch) on Mar 10, 2004 at 07:04 UTC
You could try searching the file %SystemRoot%\system32\config\SysEvent.Evt for the last 6005 record. it contains. `Event Type: Information Event Source: EventLog Event Category: None Event ID: 6005 Date: 17/01/2004 Time: 09:36:52 User: N/A Computer: YOURSERVER Description: The Event log service was started.` [download] Under most normal circumstances, that would tell you exactly when the machine was last booted. Decoding the event logs without using the api's (which as far as I know) you can only reasonably get at with perl 5 .something is a PITA as they are variable length records, but using an hex editor, searching for x'75 17' will get you close to the record and then comparing that with the Eventvwr display for the same record, it shouldn't be too hard to work out the date/time format. It's probably one of documented MS time formats. A little unpacking of likely target would get you what you need. Examine what is said, not who speaks. "Efficiency is intelligent laziness." -David Dunham "Think for yourself!" - Abigail	[reply] [d/l]
Re^4: Need Advice: Date difference revisted (files) by tye (Sage) on Mar 10, 2004 at 05:33 UTC
Checking, it appears that C:/pagefile.sys is just such a file. "$ENV{WINDIR}/System32/config/SAM.LOG" also works if you don't make lots of SAM changes (like on a domain controller). - tye	[reply]
Re: Re^4: Need Advice: Date difference revisted (files) by emilford (Friar) on Mar 10, 2004 at 13:06 UTC
I will look into the pagefile.sys and see if that will work. I am, however, a bit concerned with using file modification dates as a source for determining a reboot date. It'd be just my luck to find out that the file is modified other than during reboot time and all my conversions are a bit skewed.	[reply]
Re: Re: Re: Re: Need Advice: Date difference revisted by ysth (Canon) on Mar 10, 2004 at 04:19 UTC
When I try "net statistics server" or "net statistics workstation" the only date I see is earlier this afternoon, and I last rebooted several days ago. This is Win XP Pro. Anyway, if all you need is to test if a date is more than 15 days ago, its not that complicated. Where is your perl4 from? Is it available as a binary distribution?	[reply]
Re: Re: Re: Re: Re: Need Advice: Date difference revisted by emilford (Friar) on Mar 10, 2004 at 13:03 UTC
'net statistics' may very well work differently on Win XP Pro. I ran it on NT 4.0 and Windows 2000 and each time the output provided a line that said "Statistics Since {some date} {some time}". This line was set to the current date and time when the box was rebooted. Either way WinXP is not a concern. That's a recent Windows OS. We don't do recent where I am at, as you can tell by the old Perl 4 install. ;-)	[reply]


P is for Practical
	PerlMonks