Share via

Event timestamp in UTC

Shane 46 Reputation points
2022-04-22T18:36:27.127+00:00

Looking at the documentation for the EVENT_HEADER structure, the TimeStamp member's documentation is as follows:

Contains the time that the event occurred. The resolution is system time unless the ProcessTraceMode member of EVENT_TRACE_LOGFILE contains the PROCESS_TRACE_MODE_RAW_TIMESTAMP flag, in which case the resolution depends on the value of the Wnode.ClientContext member of EVENT_TRACE_PROPERTIES at the time the controller created the session.

My ProcessTraceMode is set to PROCESS_TRACE_MODE_EVENT_RECORD, so I expect the resolution of the TimeStamp to be system time.

My question is, is the TimeStamp guaranteed to be a UTC timestamp?

If it is not guaranteed to be a UTC timestamp, how can I convert it to a UTC timestamp?

Windows development Windows API - Win32
Developer technologies C++
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Jeanine Zhang-MSFT 11,356 Reputation points Microsoft External Staff
    2022-04-25T02:10:23.937+00:00

    Hi,

    Welcome to Microsoft Q&A!

    According to the Doc: TimeStamp

    TimeStamp data type is the same as that of the FILETIME structure.

    To convert a FILETIME structure into a time that is easy to display to a user, use the FileTimeToSystemTime function.

    You could try to use FileTimeToSystemTime function to convert a file time to system time format. System time is based on Coordinated Universal Time (UTC).

    Best Regards,

    Jeanine

    If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.