You could try searching the file %SystemRoot%\system32\config\SysEvent.Evt for the last 6005 record. it contains. 

Event Type:    Information
Event Source:    EventLog
Event Category:    None
Event ID:    6005
Date:        17/01/2004
Time:        09:36:52
User:        N/A
Computer:    YOURSERVER
Description:
The Event log service was started.

[download]

Under most normal circumstances, that would tell you exactly when the machine was last booted.

Decoding the event logs without using the api's (which as far as I know) you can only reasonably get at with perl 5 .something is a PITA as they are variable length records, but using an hex editor, searching for x'75 17' will get you close to the record and then comparing that with the Eventvwr display for the same record, it shouldn't be too hard to work out the date/time format. It's probably one of documented MS time formats. A little unpacking of likely target would get you what you need.

Examine what is said, not who speaks.
"Efficiency is intelligent laziness." -David Dunham
"Think for yourself!" - Abigail

In reply to Re: Re: Re: Re: Need Advice: Date difference revisted by BrowserUk
in thread Need Advice: Date difference revisted by emilford

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.