Author Topic: SYSTEM_TIME_OF_DAY_INFORMATION documented  (Read 3283 times)

guga

  • Moderator
  • Member
  • *****
  • Posts: 1196
  • Assembly is a state of art.
    • RosAsm
SYSTEM_TIME_OF_DAY_INFORMATION documented
« on: July 13, 2014, 09:43:46 PM »
SYSTEM_TIME_OF_DAY_INFORMATION documented by me

Code: [Select]
SYSTEM_TIME_OF_DAY_INFORMATION
structure
This structure contains information about the time your system was loaded

RosAsm Syntax:

There are 2 versions in RosAsm. One for Win2000 and below and other for newer versions. (WinXP and above)
The only differences is that on the winXP version there are 3 members added: Reserved, BootTimeBias, SleepTimeBias as described below

; for WinXP and above
[SYSTEM_TIME_OF_DAY_INFORMATION:
 SYSTEM_TIME_OF_DAY_INFORMATION.BootTime: Q$ 0
 SYSTEM_TIME_OF_DAY_INFORMATION.CurrentTime: Q$ 0
 SYSTEM_TIME_OF_DAY_INFORMATION.TimeZoneBias: Q$ 0
 SYSTEM_TIME_OF_DAY_INFORMATION.CurrentTimeZoneId: D$ 0
 SYSTEM_TIME_OF_DAY_INFORMATION.Reserved: D$ 0
 SYSTEM_TIME_OF_DAY_INFORMATION.BootTimeBias: Q$ 0
 SYSTEM_TIME_OF_DAY_INFORMATION.SleepTimeBias: Q$ 0]

; for Win2K and below
[SYSTEM_TIME_OF_DAY_INFORMATION_OLD_WIN2K:
 SYSTEM_TIME_OF_DAY_INFORMATION_OLD_WIN2K.BootTime: Q$ 0
 SYSTEM_TIME_OF_DAY_INFORMATION_OLD_WIN2K.CurrentTime: Q$ 0
 SYSTEM_TIME_OF_DAY_INFORMATION_OLD_WIN2K.TimeZoneBias: Q$ 0
 SYSTEM_TIME_OF_DAY_INFORMATION_OLD_WIN2K.CurrentTimeZoneId: D$ 0]

C Syntax:

typedef struct _SYSTEM_TIME_OF_DAY_INFORMATION { // Information Class 3
LARGE_INTEGER BootTime;
LARGE_INTEGER CurrentTime;
LARGE_INTEGER TimeZoneBias;
ULONG CurrentTimeZoneId;
; the following members are only available in WinXP and above
ULONG Reserved;
UINT64 BootTimeBias;
UINT64 SleepTimeBias;
} SYSTEM_TIME_OF_DAY_INFORMATION, *PSYSTEM_TIME_OF_DAY_INFORMATION;

Members
BootTime
The time when the system was booted in the standard time format (that is, the number of 100-nanosecond intervals since January 1, 1601).
CurrentTime
The current time of day in the standard time format.
TimeZoneBias
The difference, in 100-nanosecond units, between Coordinated Universal Time (UTC) and local time.
CurrentTimeZoneId
A numeric identifier for the current time zone.
Reserved
This member is reserved and should not be used. Default value is set to zero.
BootTimeBias
The difference, in 100-nanosecond units, between Coordinated Universal Time (UTC) and boot time.
SleepTimeBias
The difference, in 100-nanosecond units, between Coordinated Universal Time (UTC) and sleep time.

Remarks
None.

Example of usage:
For WinXP and above
Code: [Select]
[SYSTEM_TIME_OF_DAY_INFORMATION:
 SYSTEM_TIME_OF_DAY_INFORMATION.BootTime: Q$ 0
 SYSTEM_TIME_OF_DAY_INFORMATION.CurrentTime: Q$ 0
 SYSTEM_TIME_OF_DAY_INFORMATION.TimeZoneBias: Q$ 0
 SYSTEM_TIME_OF_DAY_INFORMATION.CurrentTimeZoneId: D$ 0
 SYSTEM_TIME_OF_DAY_INFORMATION.Reserved: D$ 0
 SYSTEM_TIME_OF_DAY_INFORMATION.BootTimeBias: Q$ 0
 SYSTEM_TIME_OF_DAY_INFORMATION.SleepTimeBias: Q$ 0]
[Size_of_SYSTEM_TIME_OF_DAY_INFORMATION 48]

call 'ntdll.NtQuerySystemInformation' &SYS_NFO_SYSTEM_TIMEOFDAY_INFORMATION, SYSTEM_TIME_OF_DAY_INFORMATION, Size_of_SYSTEM_TIME_OF_DAY_INFORMATION, 0

For Win2000 and below
Code: [Select]
[SYSTEM_TIME_OF_DAY_INFORMATION_OLD_WIN2K:
 SYSTEM_TIME_OF_DAY_INFORMATION_OLD_WIN2K.BootTime: Q$ 0
 SYSTEM_TIME_OF_DAY_INFORMATION_OLD_WIN2K.CurrentTime: Q$ 0
 SYSTEM_TIME_OF_DAY_INFORMATION_OLD_WIN2K.TimeZoneBias: Q$ 0
 SYSTEM_TIME_OF_DAY_INFORMATION_OLD_WIN2K.CurrentTimeZoneId: D$ 0]

[Size_of_SYSTEM_TIME_OF_DAY_INFORMATION_OLD_WIN2K 28]

call 'ntdll.NtQuerySystemInformation' &SYS_NFO_SYSTEM_TIMEOFDAY_INFORMATION, SYSTEM_TIME_OF_DAY_INFORMATION_OLD_WIN2K, Size_of_SYSTEM_TIME_OF_DAY_INFORMATION_OLD_WIN2K, 0
Coding in Assembly requires a mix of:
80% of brain, passion, intuition, creativity
10% of programming skills
10% of alcoholic levels in your blood.

My Code Sites:
http://rosasm.freeforums.org
http://winasm.tripod.com