ullTimeStamp = pRenderedValues[EvtSystemTimeCreated].FileTimeVal;
ft.dwHighDateTime = (DWORD)((ullTimeStamp >> 32) & 0xFFFFFFFF);
ft.dwLowDateTime = (DWORD)(ullTimeStamp & 0xFFFFFFFF);
FileTimeToSystemTime(&ft, &st);
ullNanoseconds = (ullTimeStamp % 10000000) * 100;
wprintf(L"TimeCreated SystemTime: %02d/%02d/%02d %02d:%02d:%02d.%I64u)\n",
st.wMonth, st.wDay, st.wYear, st.wHour, st.wMinute, st.wSecond, ullNanoseconds);
wprintf(L"EventRecordID: %I64u\n", pRenderedValues[EvtSystemEventRecordId].UInt64Val);
这是API中提到的用于时间转换的代码...
链接:https://learn.microsoft.com/en-us/windows/win32/wes/rendering-events
将 fileTime 转换为 sysTime 时我做错了什么
将系统时间转换为本地区域的系统时间可以解决该问题。
ullTimeStamp = pRenderedValues[EvtSystemTimeCreated].FileTimeVal;
ft.dwHighDateTime = (DWORD)((ullTimeStamp >> 32) & 0xFFFFFFFF);
ft.dwLowDateTime = (DWORD)(ullTimeStamp & 0xFFFFFFFF);
TIME_ZONE_INFORMATION lpTimeZone;
FileTimeToSystemTime(&ft, &st);
GetTimeZoneInformation(&lpTimeZone);
SystemTimeToTzSpecificLocalTime(&lpTimeZone, &st, &stLocal);