libmem Consider using registry keys to get Windows boot time (getting rid of NtQuerySystemInformation, which is unstable)

Consider using registry keys to get Windows boot time (getting rid of NtQuerySystemInformation, which is unstable)

Open rdbo opened this issue 2 years ago • 3 comments

Check modified time of: HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\Memory Management\PrefetchParameters\BootId may be a better indicator than using the NT API

Feb 07 '23 19:02 rdbo

https://learn.microsoft.com/en-us/windows/win32/api/winreg/nf-winreg-regqueryinfokeya

LastWriteTime is useful here

Feb 07 '23 20:02 rdbo

Another way would be to create a static variable in process.c that stores the Windows boot time from the GetTickCount/GetTickCount64 functions.

Feb 11 '23 19:02 rdbo

Another possibility: use Unix timestamps across all platforms instead of boot-relative time

Jan 03 '24 20:01 rdbo

libmem libmem copied to clipboard

Consider using registry keys to get Windows boot time (getting rid of NtQuerySystemInformation, which is unstable)

libmem
libmem copied to clipboard