windows - Who changes the time? -


i aware of wm_timechange message in win32 api, possible find out application or process changing time?

i have application (windows xp) i'm logging events , time logged events changing unexpectedly.

i have checked: daylight savings adjustment turned off, , automatic syncing internet time server turned off.

is there process in windows os (except dst changes , ntp) set system time?

time changes saved windows event log, specifically, they're saved security log. now, isn't guaranteed work; admins can clear security log, it's way find pid , file name of process called setsystemtime.

this answer talks finding event in system log; however, should able find in security log looking event id 4616. i've added sample record here (with various bits redacted):

<event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <system>   <provider name="microsoft-windows-security-auditing" guid="{54849625-5478-4994-a5ba-3e3b0328c30d}" />    <eventid>4616</eventid>    <version>1</version>    <level>0</level>    <task>12288</task>    <opcode>0</opcode>    <keywords>0x8020000000000000</keywords>    <timecreated systemtime="2013-10-07t18:55:08.999738200z" />    <eventrecordid>29419283</eventrecordid>    <correlation />    <execution processid="4" threadid="5460" />    <channel>security</channel>    <computer>some computer id</computer>    <security />  </system> <eventdata>   <data name="subjectusersid">s-sid_redacted</data>    <data name="subjectusername">username</data>    <data name="subjectdomainname">domain</data>    <data name="subjectlogonid">0xbaddfood</data>    <data name="previoustime">2013-10-07t18:55:08.996254000z</data>    <data name="newtime">2013-10-07t18:55:09.000000000z</data>    <data name="processid">0xpid</data>    <data name="processname">c:\windows\system32\dllhost.exe</data>  </eventdata> </event>

note process name stored explicitly.


Comments

Post a Comment

Popular posts from this blog

c++ - CryptStringToBinary API behavior -

i seeing strange behavior cryptstringtobinary cryptography api. please see below code (config: x64 debug): #include "stdafx.h" #include <windows.h> #include <strsafe.h> #include <iostream> #include <exception> void main() { dword dwskip; dword dwflags; dword dwdatalen; //lpcwstr pszinput = l"jaaaaaecaaadzgaaakqaagdnnl1l56bwgfjdgr3rpxtqqqn6daw3usv2emkjym4t"; //this works fine lpcwstr pszinput = l"mytest"; //doesnt work, api returns false,error code 0x0000000d // determine size of byte array , allocate memory. if(! cryptstringtobinary( pszinput, _tcslen( pszinput ) + 1, crypt_string_base64, null, &dwdatalen, &dwskip, &dwflags ) ) { dword dw = getlasterror(); //0x0000000d: data invalid throw std::exception( "error computing byte length." ); } byte *pbytebyte = null; try { ...
Read more

java.util.scanner - How to read and add only numbers to array from a text file -

i'm learning java , have question regarding reading file want read numbers file contains strings well. here example of file: 66.56 "3 java 3-43 5-42 2.1 1 and here coding: public class test { public static void main (string [] args){ if (0 < args.length) { file x = new file(args[0]); try{ scanner in = new scanner( new fileinputstream(x)); arraylist<double> test = new arraylist<>(); while(in.hasnext()){ if(in.hasnextdouble()){ double f=in.nextdouble(); test.add(f);} else {in.next();} } catch(ioexception e) { system.err.println("exception during reading: " + e); } } my problem add 66.56,2.1 , 1 doesn't add 3 after "3 or ignores 3-43 , 5-42 can tell me how skip strings , add doubles here? thanks all said 3 ie; "3, 3-43 , 4-42 strings either u read string , split , check number @ " , - or put in space between characters , integers. jvm after compilation tre...
Read more

iphone - Three second countdown in cocos2d -

i trying have 3 second countdown display when level beat in game. did: -(void) gamesegmentbeat { [self pauseschedulerandactions]; // overlay game opaque background ccsprite *opaquebg = [ccsprite spritewithfile:@"background1.png"]; opaquebg.position = screencenter; [self addchild:opaquebg z:10000]; // these 3 labels 3 seconds cclabelttf *three = [cclabelttf labelwithstring:@"3" fontname:@"helvetica" fontsize:100]; three.position = ccp(screencenter.x, screencenter.y); cclabelttf *two = [cclabelttf labelwithstring:@"2" fontname:@"helvetica" fontsize:100]; two.position = ccp(screencenter.x, screencenter.y); cclabelttf *one = [cclabelttf labelwithstring:@"1" fontname:@"helvetica" fontsize:100]; one.position = ccp(screencenter.x, screencenter.y); // secondspast specified in update method secondspast = 0; if (secondspast == 1) { [self addchild:thr...
Read more