I'm trying to get byte array from file, interpret it like uint64_t and then cast this uint to FILETIME
After googling around and debugging a bit I've stuck at following wrong working code.
uint64_t win_filetime = *(uint64_t*)(&(((char*)buf)[(int)FILETIME_OFFSET]));
//at this moment win_filetime = 0x01cb3f90e7b52500
where buf contains needed bytes at FILETIME_OFFSET
Then trying to cast t1 = *(FILETIME *)(&win_filetime); or
t1.dwLowDateTime = (DWORD)win_filetime;
t1.dwHighDateTime = (DWORD)(win_filetime >> 32);
to pass it to the function
tm FILETIME_to_time_t(const FILETIME *lpFileTime) {
time_t result;
SYSTEMTIME st;
struct tm tmp;
FileTimeToSystemTime(lpFileTime,&st);
memset(&tmp,0,sizeof(struct tm));
tmp.tm_mday = st.wDay;
tmp.tm_mon = st.wMonth - 1;
tmp.tm_year = st.wYear - 1900;
tmp.tm_sec = st.wSecond;
tmp.tm_min = st.wMinute;
tmp.tm_hour = st.wHour;
return tmp;
}
Function FILETIME_to_time_t() returns rubbish(i.e. year = 110)
Sample value from file: 0025B5E7903FCB0100 that HexWorkshop correctly parsing as 11:23:10 19.08.2010
Maybe there is lack of endianness conversion or another thing that I'm unable to spot now?
It seems your code is OK, it's just that the year shows 110 because you subtract 1900 in your code when populating the struct tm. That's standard though--struct tm is supposed to contain the year minus 1900. You just need to be careful when printing the value.