Wireshark · Wireshark-dev: Re: [Wireshark-dev] FILETIME

Wireshark-dev: Re: [Wireshark-dev] FILETIME

From: Guy Harris <guy@xxxxxxxxxxxx>

Date: Wed, 07 Feb 2007 10:28:18 -0800

Gerhard Gappmeier wrote:

is there a simple way to handle windows FILETIME?

Use the routine dissect_nt_64bit_time(), declared in<epan/dissectors/packet-windows-common.h>

What is FT_ABSOLUTE_TIME and FT_RELATIVE_TIME for?

FT_ABSOLUTE_TIME is for time values that represent a date and time, suchas a FILETIME; FT_RELATIVE_TIME is for time values that represent anamount of time since some unspecified point (e.g., "5 minutes from now").

Declare an FT_ABSOLUTE_TIME field and pass its hf_ value as the lastargument to dissect_nt_64bit_time().

Follow-Ups:
- Re: [Wireshark-dev] FILETIME
  - From: Gerhard Gappmeier

References:
- [Wireshark-dev] FILETIME
  - From: Gerhard Gappmeier

Prev by Date: [Wireshark-dev] First MSVC2005EE build - very smooth - thank you
Next by Date: Re: [Wireshark-dev] Dissector works with .pcap file but does not work with .pkt file
Previous by thread: [Wireshark-dev] FILETIME
Next by thread: Re: [Wireshark-dev] FILETIME
Index(es):
- Date
- Thread