How do I decode the "Faulting application start time" in a Windows event log entry?

windows time event-log event-viewer
12,679

Solution 1

In Powershell, issue the following command, replacing the hex sequence:

[datetime]::FromFileTime(0x01ccfe1e3e206d42)

9 March 2012, 19:58:33

The answer is in local time, to match times in Event Viewer (here in Finland we're 2 hours East of UTC in March). To show it in UTC time, add UTC to the method name:

[datetime]::FromFileTimeUTC(0x01ccfe1e3e206d42)

9 March 2012, 17:58:33

Solution 2

  1. In Powershell you could issue the following command:

    get-date 0x01ccfe1e3e206d42

    replace 0x01ccfe1e3e206d42 with the value you found in your eventlog.

  2. Alternatively you could switch to the Details tab of the event properties where you will find the CreationTime in a human readable format. E.g. 2012-01-12T13:33:38.171Z

Share:
12,679

Related videos on Youtube

raven
Author by

raven

Updated on September 18, 2022

Comments

  • raven
    raven almost 2 years

    An app I was running crashed and I wanted to know when it happened, so I opened up the Windows event viewer and looked for an entry. I found the entry, and then noticed one of the details of the entry is this:

    Faulting application start time: 0x01ccfe1e3e206d42

    Cool, I thought, because I also wanted to know how long the app was executing. How do I decipher that string of hex and convert it into a date and time?

  • zhaorufei
    zhaorufei almost 12 years
    The method 1 is incorrect, the time span is 1601 years. In method 2 the "CreationTime" is the time when the event being logged, but in Utc time, it's not the application start time, the time when the event being logged is shown in the "Date and Time" column, measured in local time.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

How to search string in Event Viewer XML Query?
Is there a log file for RDP connections (with system-name)
Why is the "Task category" drop down to filter a Windows event log disabled?
Application Event log exceeding maximum allowed count
How to set up Powershell where-object for filtering EventLog
Application error: fault address 0x00012afb (Expert)
Stop sync windows 2008 r2 clock
C++ windows time
How to write event log category
Windows EventLog - Event ID 0