How W32TM /NTPTE command works?How to display the current time with this?

StackOverflow https://stackoverflow.com/questions/14326210

Question

What I get so far is that w32tm /ntpte uses 2^32 slices starting from 1900/1/1 and ending at 2036/7/2 . And according to my calculations each period is approximately 1 second.The bad thing is that the periods are not consecutevly enumerated and everything is all about periods based on powers over 2. It uses NTP protocol (which documentation is not a not pleasant reading ) and I suppose to get an era and current timestamp and use 2^32 to calculate the desired date -but I have no idea how to get the current time stamp and what era to use . This guy here had some enlightenment , but I cant get the same results as in his examples.

Here's also a simple example:

c:\> w32tm /ntpte 256
0x014F37D494604000 - 109207 18:12:16.0000000 - 1.1.1900  20:12

I have no idea what are these hexes and the second number too , but will be interesting to know.Probably it will be not possible to calculate what I need with simple batch , so if there (in the whole universe) is someone who know how how this is implemented could use a script/ programming language for a illustrative example/explanation .

Was it helpful?

Solution

I did not manage to figure out what the hex number mean, but the second number is ANSI date, that is the number of days elapsed since 1st January 1601. The parameter is the number of seconds elapsed since 1900-01-01 00:00:00, but it has reverse byte order, the first byte is the least significant (1900-01-01 00:00:01 is encoded as 0x01000000). To have w32tm print out 15th January 2013 22:00 UTC, use this command:

w32tm /ntpte 0xe04fa0d4

or

w32tm /ntpte 3763314900

(conversion from hex to decimal is as if the byte order was normal).

EDIT: It seems that the hex value printed by w32tm is a 64-bit integer representing the number of 100-nanosecond intervals since 1st January 1601. From this article I know this is how Windows stores FILETIME.

EDIT2: After some more playing I found two another things:

  1. Parameter passed to w32tm /ntpte is really a 64-bit integer. As I wrote before, most significant 32-bits represent the number of seconds since 1900-01-01 00:00:00, while least significant 32-bits represent the fraction of second. The whole 64-bit number represents the number of 1/(2 to the power 32) second intervals since 1st January 1900. So 0x0000008000000000 is equal to 1/2 second after 1900-01-01 00:00:00.

  2. The hex value printed by w32tm /ntpte can be directly passed as a parameter to w32tm /ntte

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top