Process data in the xml file Procmon saved has "CreateTime". For a process starting from 2023/4/17 14:36:01, its CreateTime in the xml file is 133261869619355124. Regardless of whether this CreateTime is regarded as a nanosecond, millisecond or microsecond timestamp, it cannot correspond to its actual creation time.What is CreateTime?
Asked
Active
Viewed 19 times
0
-
If you spend any time working with windows times, you'll come to learn about ticks - the number of 100ns intervals since 01/01/0001. This looks like that. – Damien_The_Unbeliever Apr 17 '23 at 07:20
-
It's a [`FILETIME`](https://learn.microsoft.com/en-us/windows/win32/api/minwinbase/ns-minwinbase-filetime) value - the number or 100ns ticks since Jan 1st 1601. – Iridium Apr 17 '23 at 08:09