Hmm. Now, about 8 hours later (no reboot), it shows:
System booted: 2006-03-06 10:50:29.127
That’s a variation of 1.3 seconds in 8 hours. Expected behavior?
Ken
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Ken Cross
Sent: Thursday, March 09, 2006 1:54 PM
To: Windows File Systems Devs Interest List
Subject: RE: [ntfsd] System Boot Time
Pete:
Hmm … you could be right. This is typical of what I get from the driver
(with a few seconds between each one):
System booted: 2006-03-06 10:50:28.858
System booted: 2006-03-06 10:50:28.857
System booted: 2006-03-06 10:50:28.855
System booted: 2006-03-06 10:50:28.848
System booted: 2006-03-06 10:50:28.840
System booted: 2006-03-06 10:50:28.839
System booted: 2006-03-06 10:50:28.847
System booted: 2006-03-06 10:50:28.852
After observing the first few, I thought it was simply moving back in time.
But then it recovers!
I hadn’t anticipated a variation of that much (+/- 10 ms, or 20 ms range),
but that seems to be the case.
Good catch. Sorry for the false alarm.
Ken
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Peter Scott
Sent: Thursday, March 09, 2006 1:00 PM
To: Windows File Systems Devs Interest List
Subject: RE: [ntfsd] System Boot Time
Ken,
Right, but correct me if I am wrong in what you are trying to accomplish
here.
To get the time of system boot:
-
KeQuerySystemTime() to get current time of system -> CurrTime
-
KeQueryTickCount() to get number of counts since boot time -> CountTime
-
Translated( Count Time) - CurrTime = Time of boot.
If the CurrTime varies by ± 10mS then the time of boot will also vary by ±
10mS; depending on when you grabbed the current time and at what IRQL you
are running the calculations at. I could even imagine larger differences if
you are running this calculation at PASSIVE level and you are getting a time
slice every, say 10 or more mS.
I am probably missing something with your issue …
Pete
Kernel Drivers
Windows Filesystem and Device Driver Consulting
www.KernelDrivers.com
(303)546-0300
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Ken Cross
Sent: Thursday, March 09, 2006 10:40 AM
To: Windows File Systems Devs Interest List
Subject: RE: [ntfsd] System Boot Time
Pete:
Same results with either counter.
Surely, the boot time is available somewhere in the kernel? One wonders
where…
Ken
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Peter Scott
Sent: Thursday, March 09, 2006 12:12 PM
To: Windows File Systems Devs Interest List
Subject: RE: [ntfsd] System Boot Time
Ken,
Also, remember that even though KeQuerySystemTime() returns the number of
100 nS units since 1/1/1601 it is updated every 10 mS, or so. Thus I could
see that if you were to try and figure out when the system was booted based
on this value and one retrieved through KeQueryTickCount(), which is much
more accurate, you could get varying times of when the system booted.
Pete
Kernel Drivers
Windows Filesystem and Device Driver Consulting
www.KernelDrivers.com
(303)546-0300
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Ken Cross
Sent: Thursday, March 09, 2006 9:27 AM
To: Windows File Systems Devs Interest List
Subject: RE: [ntfsd] System Boot Time
Yes, as I said, I’ve tried KeQueryTickCount (with KeQueryTimeIncrement of
course) but it slowly goes backwards in time. Annoying…
Ken
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Jay
Sent: Thursday, March 09, 2006 9:18 AM
To: Windows File Systems Devs Interest List
Subject: Re: [ntfsd] System Boot Time
Isn’t KeQueryTickCount the same as GetTickCount but 64 bits and therefore
not wrapping “ever”? Chk builds start these off at 49 day for coverage of
wrapping right?
Oh I see. GetTickCount runs slower.
You need to multiply by KeQueryTimeIncrement.
I assume you got that?
Still no good?
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/Kernel_r/hh
/Kernel_r/k105_a6a22896-6f3e-4e58-b443-4a06ff67b0ce.xml.asp
GetTickCount64 in Vista:
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/sysinfo/bas
e/gettickcount64.asp
Subject: Re: System Boot Time
Ken Cross wrote:
> NTFSD Folk:
>
> GetTickCount (user mode) gives milliseconds since system start, but is
only
> good for 49.7 days.
>
> KeQueryInterruptTime or KeQueryTickCount (kernel mode) gives time since
> system start, but they don’t seem to be very accurate – when combined
with
> KeQuerySystemTime, the boot time continues to go back in time!
>
> Ken
Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=17
You are currently subscribed to ntfsd as: xxxxx@comcast.net
To unsubscribe send a blank email to xxxxx@lists.osr.com
Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=17
You are currently subscribed to ntfsd as: xxxxx@kerneldrivers.com
To unsubscribe send a blank email to xxxxx@lists.osr.com
Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=17
You are currently subscribed to ntfsd as: xxxxx@comcast.net
To unsubscribe send a blank email to xxxxx@lists.osr.com
Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=17
You are currently subscribed to ntfsd as: xxxxx@kerneldrivers.com
To unsubscribe send a blank email to xxxxx@lists.osr.com
Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=17
You are currently subscribed to ntfsd as: xxxxx@comcast.net
To unsubscribe send a blank email to xxxxx@lists.osr.com
Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=17
You are currently subscribed to ntfsd as: xxxxx@comcast.net
To unsubscribe send a blank email to xxxxx@lists.osr.com
