Windows 注册表 16进制时间转换( Convert Reg_binary Time to a Datetime )

时间:2023-03-08 17:32:50
Windows 注册表 16进制时间转换( Convert Reg_binary Time to a Datetime )

背景:

  Windows注册表中,存在大量16进制的时间,以 reg_binary存储在注册表中。

  例如: 0D 6C A4 4B 37 C5 CE 01

  这种值日常报表中需要转换为适合人阅读的格式,实例如下:

function Convert-BinaryDateTime

{

    [CmdletBinding()]

    [Alias()]

    [OutputType([DateTime])]

    Param

    (

        # 16进制 bytes数组

        [Parameter(Mandatory=$true,

                   Position=0)]

        $bytes

    )

    [long]$filedate = (((((((

            [long]$bytes[7] * 256 +

            [long]$bytes[6]) * 256 +

            [long]$bytes[5]) * 256 +

            [long]$bytes[4]) * 256 +

            [long]$bytes[3]) * 256 +

            [long]$bytes[2]) * 256 +

            [long]$bytes[1]) * 256 +

            [long]$bytes[0])

     [DateTime]$returnDate = [datetime]::FromFileTime($filedate)

     #DateTime.FromFileTime($filedate)

     return $returnDate

}

Convert-BinaryDateTime -bytes ((Get-ItemProperty 'HKLM:\SOFTWARE\Microsoft\Microsoft Antimalware\Signature Updates').SignaturesLastUpdated)

2018年12月7日 10:33:12

参考巨硬:

https://social.technet.microsoft.com/wiki/contents/articles/20179.simple-class-to-convert-reg-binary-time-to-a-datetime-object-in-c.aspx