pack, Win32 registry & binary data

Discussion in 'Perl Misc' started by woof, Dec 1, 2003.

  1. woof

    woof Guest

    I need an example on how to collect and process REG_BINARY data
    in a Win32 registry. The registry value in question reads:

    TimeOfLastScan REG_BINARY 21 0a 1e 0d 00 1e 00 00

    It appears to be 8 bytes... an unsigned long ("L")?

    Reading strings seems easy enough as in
    my $parent = $rkeyNorton->{"CurrentVersion//Parent"};

    I did try and read this binary value with (cvKey set to CurrentVersion);

    (my $gvtimeOfLastScan, my $type) = $cvKey->GetValue("TimeOfLastScan");

    But have been unable to feed localtime() anything that gets
    me my date string. I know I'm not packing this correctly.

    Thanks.
     
    woof, Dec 1, 2003
    #1
    1. Advertising

  2. woof

    Jay Tilton Guest

    (woof) wrote:

    : I need an example on how to collect and process REG_BINARY data
    : in a Win32 registry. The registry value in question reads:
    :
    : TimeOfLastScan REG_BINARY 21 0a 1e 0d 00 1e 00 00

    [snip]

    : But have been unable to feed localtime() anything that gets
    : me my date string. I know I'm not packing this correctly.

    There's no guarantee that a sensible date can be backed out from the binary
    value. The function that creates the binary value is not yet known to be
    symmetric. If we assume that the function is symmetric, we should state
    that assumption.

    The problem is one of determining what function creates the binary value
    from a date. We have one binary value, but we have no idea what date it
    represents. If we knew that date, we might have a starting point on
    figuring out the function. Even better would be a bunch of binary values
    and the date each represents.

    It's a complete WAG, but each octet of the binary value might stand for a
    different numeric portion of the date/time.

    year 0x21 => 33 (Assuming a 1970 epoch, 1970 + 33 = 2003)
    month 0x0a => 10 (October? November?)
    day 0x1e => 30 (30th? 31st?)
    hour 0x0d => 13 (1 pm)
    minutes 0x00 => 0 :)00)
    seconds 0x1e => 30 :)30)
    ? 0x00 => 0
    ? 0x00 => 0
     
    Jay Tilton, Dec 1, 2003
    #2
    1. Advertising

  3. Hi Woof,

    Win32 has a number of data/time formats, more than one of which is 64 bits long.

    Ole's DATE type is a 64 bit floating-point number, containing the number of days since the DATE epoch, which is Midnight on the morning of Dec 30, 1899. The fractional part is therefore the time of day.

    Win32's FILETIME is a 64 bit integer, specifying the number or 100 nanosecond intervals since the January 1, 1601.

    MS CRT's _time_64_t is a 64 bit integer, but the value given here puts it in the future, as it is in seconds since the C epoch.

    QueryPerformanceCounter returns a 64-bit integer... but the frequency and base change from machine to machine, and boot to boot.

    My guess is that you have a something else altogether though, as that number doesn't seem to unpack to a recent time using any of the above.



    Neither of these will go into Perl's localtime function, but any can be made into a date string without too much trouble. If you have a FILETIME you can use Win32API::Time to unpack it.

    Cheers,
    Ben Liddicott


    "woof" <> wrote in message news:...
    > I need an example on how to collect and process REG_BINARY data
    > in a Win32 registry. The registry value in question reads:
    >
    > TimeOfLastScan REG_BINARY 21 0a 1e 0d 00 1e 00 00
    >
    > It appears to be 8 bytes... an unsigned long ("L")?
    >
    > Reading strings seems easy enough as in
    > my $parent = $rkeyNorton->{"CurrentVersion//Parent"};
    >
    > I did try and read this binary value with (cvKey set to CurrentVersion);
    >
    > (my $gvtimeOfLastScan, my $type) = $cvKey->GetValue("TimeOfLastScan");
    >
    > But have been unable to feed localtime() anything that gets
    > me my date string. I know I'm not packing this correctly.
     
    Ben Liddicott, Dec 2, 2003
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. HK
    Replies:
    1
    Views:
    3,721
    Cowboy \(Gregory A. Beamer\)
    Apr 1, 2004
  2. Tim Jones
    Replies:
    0
    Views:
    405
    Tim Jones
    Jan 31, 2004
  3. Andrey

    simpleJSON pack binary data

    Andrey, Jul 22, 2007, in forum: Python
    Replies:
    1
    Views:
    352
    Marc 'BlackJack' Rintsch
    Jul 22, 2007
  4. Collin Miller
    Replies:
    10
    Views:
    686
    Roger Pack
    Jul 9, 2010
  5. Alexander Farber

    pack 'C3U*' not same as pack 'C3(xC)*'

    Alexander Farber, Jun 23, 2005, in forum: Perl Misc
    Replies:
    2
    Views:
    169
    Ilmari Karonen
    Jun 23, 2005
Loading...

Share This Page