├── NTimetools.sln
├── README.md
├── nTimestomp
    ├── icon1.ico
    ├── nTimestomp.aps
    ├── nTimestomp.c
    ├── nTimestomp.rc
    ├── nTimestomp.vcxproj
    ├── nTimestomp.vcxproj.filters
    ├── nTimestomp.vcxproj.user
    ├── resource.h
    └── resource1.h
├── nTimestomp_v1.2_x64.exe
├── nTimeview
    ├── RCa14184
    ├── icon1.ico
    ├── nTimeview.aps
    ├── nTimeview.c
    ├── nTimeview.rc
    ├── nTimeview.vcxproj
    ├── nTimeview.vcxproj.filters
    ├── nTimeview.vcxproj.user
    ├── nTimeview1.aps
    ├── nTimeview1.rc
    ├── resource.h
    └── resource1.h
└── nTimeview_v1.0_x64.exe


/NTimetools.sln:
--------------------------------------------------------------------------------
 1 | ﻿
 2 | Microsoft Visual Studio Solution File, Format Version 12.00
 3 | # Visual Studio 14
 4 | VisualStudioVersion = 14.0.25420.1
 5 | MinimumVisualStudioVersion = 10.0.40219.1
 6 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "nTimeview", "NTimeview\NTimeview.vcxproj", "{220659AE-24BA-4F0C-AD77-8D2D4B5387FE}"
 7 | EndProject
 8 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "nTimestomp", "nTimestomp\nTimestomp.vcxproj", "{BDFD58BC-C440-471D-BD8B-6D55B20326F8}"
 9 | EndProject
10 | Global
11 | 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
12 | 		Debug|x64 = Debug|x64
13 | 		Debug|x86 = Debug|x86
14 | 		Release|x64 = Release|x64
15 | 		Release|x86 = Release|x86
16 | 	EndGlobalSection
17 | 	GlobalSection(ProjectConfigurationPlatforms) = postSolution
18 | 		{220659AE-24BA-4F0C-AD77-8D2D4B5387FE}.Debug|x64.ActiveCfg = Debug|x64
19 | 		{220659AE-24BA-4F0C-AD77-8D2D4B5387FE}.Debug|x64.Build.0 = Debug|x64
20 | 		{220659AE-24BA-4F0C-AD77-8D2D4B5387FE}.Debug|x86.ActiveCfg = Debug|Win32
21 | 		{220659AE-24BA-4F0C-AD77-8D2D4B5387FE}.Debug|x86.Build.0 = Debug|Win32
22 | 		{220659AE-24BA-4F0C-AD77-8D2D4B5387FE}.Release|x64.ActiveCfg = Release|x64
23 | 		{220659AE-24BA-4F0C-AD77-8D2D4B5387FE}.Release|x64.Build.0 = Release|x64
24 | 		{220659AE-24BA-4F0C-AD77-8D2D4B5387FE}.Release|x86.ActiveCfg = Release|Win32
25 | 		{220659AE-24BA-4F0C-AD77-8D2D4B5387FE}.Release|x86.Build.0 = Release|Win32
26 | 		{BDFD58BC-C440-471D-BD8B-6D55B20326F8}.Debug|x64.ActiveCfg = Debug|x64
27 | 		{BDFD58BC-C440-471D-BD8B-6D55B20326F8}.Debug|x64.Build.0 = Debug|x64
28 | 		{BDFD58BC-C440-471D-BD8B-6D55B20326F8}.Debug|x86.ActiveCfg = Debug|Win32
29 | 		{BDFD58BC-C440-471D-BD8B-6D55B20326F8}.Debug|x86.Build.0 = Debug|Win32
30 | 		{BDFD58BC-C440-471D-BD8B-6D55B20326F8}.Release|x64.ActiveCfg = Release|x64
31 | 		{BDFD58BC-C440-471D-BD8B-6D55B20326F8}.Release|x64.Build.0 = Release|x64
32 | 		{BDFD58BC-C440-471D-BD8B-6D55B20326F8}.Release|x86.ActiveCfg = Release|Win32
33 | 		{BDFD58BC-C440-471D-BD8B-6D55B20326F8}.Release|x86.Build.0 = Release|Win32
34 | 	EndGlobalSection
35 | 	GlobalSection(SolutionProperties) = preSolution
36 | 		HideSolutionNode = FALSE
37 | 	EndGlobalSection
38 | EndGlobal
39 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | nTimetools
 2 | ======================
 3 | nTimetools is a suite of console tools developed to work with timestamps in Windows. NTFS stores timestamps with 100-nanosecond level of precision. However, most live response forensic tools as well as timestomping tools are only able to provide up to 1 second level of precision. nTimetools (n is short for nano) comprises 2 tools that allow both forensic analysts as well as red teamers to modify and verify file timestamps up to 100-nanosecond precision.
 4 | 
 5 | 1.   **nTimeview allows forensic analysts to view the MACB timestamps of files on a live system.** It uses the undocumented NtQueryInformationFile API. As such, it works on NTFS/FAT and even mapped drives. It does not require privileged access. This is particularly useful in the case of mapped drives as the current user does not usually have privileged access on a mapped drive in enterprise settings. It is also oftentimes not possible to take the mapped drive offline due to other connected users.
 6 |   
 7 | ![image](https://limbenjamin.com/media/ntimetools.png)
 8 | 
 9 | 2.   **nTimestomp allows red teamers to timestomp MACB timestamps of files with 100-nanosecond level precision.** Forensic analysts are usually taught to spot 0s in the millisecond position as evidence that timestomping has occurred. nTimestomp will allow your files to blend in on cursory inspection. It uses the same undocumented NtSetInformationFile API which means privileged access is not neccessary and files on NTFS/FAT and mapped drives can also be timestomped.
10 |   
11 | ![image](https://limbenjamin.com/media/ntimetools2.png)
12 | 
13 | The syntax for nTimestomp is `nTimestomp.exe -F F:\VERSION-FOR508-18-2A.txt -M "1995-05-19 12:34:56.7890123" -A "1995-05-19 12:34:56.7890123" -C "1995-05-19 23:59:59.0000001" -B "1995-05-19 23:59:59.0000001"` The separator for the nanoseconds portion is a dot and not a colon. The date format is `YYYY-MM-DD`. Filename is a required argument, any combination of `-M -A -C -B` is accepted, current timestamp will be retained if that argument is not specified.
14 | 
15 | FAT does not keep track of metadata change time, hence the null value. The difference in timestamps is due to the level of precision of FAT timestamps. Also, creation timestamps on mounted drives cannot be modified to due API limitations.  
16 | 
17 | Downloads
18 | =========
19 | 
20 | [nTimeview_v1.0_64bit](https://limbenjamin.com/files/nTimeTools/nTimeview_v1.0_x64.exe) - SHA1() = 7b0506dca02e7a3dd9ba4fcbe4f4ff45008d31c8  
21 | [nTimestomp_v1.2_64bit](https://limbenjamin.com/files/nTimeTools/nTimestomp_v1.2_x64.exe) - SHA1() = 1175837865ab8282f1905b66c7417efdd8a56259   
22 | 
23 | 
24 | Q&A
25 | ===
26 | 
27 | Are there any similar tools out there?
28 | --------------------------------------
29 | Joakim Schicht (jschicht) has an excellent set of tools out there, MftRcrd and SetMace, that work with timestamps of up to 100-nanosecond precision. These tools work in a different way. The raw device is mounted and the MFT is parsed and read from. The advantage of doing so is that $FILE_NAME timestamps can also be read. This allows a more in-depth check for signs of timestomping. However, the downside of using raw device mounting is that it will only work on NTFS filesystems and it requires privileged access. For SetMace, due to restrictions placed in recent version of Windows on writing to a raw device, it will only work on non system drives.  
30 | 
31 | License?
32 | --------
33 | The software is distributed "as is". No warranty of any kind is expressed or implied. You use at your own risk. The author will not be liable for data loss, damages, loss of profits or any other kind of loss while using or misusing this software.  
34 | 
35 | The Licensee is allowed to freely redistribute the software subject to the following conditions.  
36 | 1.	The Software may be installed and used by the Licensee for any legal purpose.  
37 | 2.	The Licensee will not charge money or fees for the software product, except to cover distribution costs.  
38 | 3.  The Licensor retains all copyrights and other proprietary rights in and to the Software.  
39 | 4.	Use within the scope of this License is free of charge and no royalty or licensing fees shall be paid by the Licensee.  
40 | 
41 | Bugs or comments?
42 | -----------------
43 | Create an issue on [github](https://github.com/limbenjamin/nTimetools)
44 |   
45 | Changelog
46 | ---------
47 | nTimestomp v1.1 (10/02/19) - Modified help example to have only 7 digits for nanosecond field.  
48 | nTimestomp v1.2 (14/09/21) - Consistency in order of MACB arguments. Added flags for arguments.  
49 | 


--------------------------------------------------------------------------------
/nTimestomp/icon1.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/limbenjamin/nTimetools/cce1415e208f171591c44b3fe869c42e7cc6f9df/nTimestomp/icon1.ico


--------------------------------------------------------------------------------
/nTimestomp/nTimestomp.aps:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/limbenjamin/nTimetools/cce1415e208f171591c44b3fe869c42e7cc6f9df/nTimestomp/nTimestomp.aps


--------------------------------------------------------------------------------
/nTimestomp/nTimestomp.c:
--------------------------------------------------------------------------------
  1 | // #######################################################################
  2 | // ############ HEADER FILES
  3 | // #######################################################################
  4 | #include <windows.h>
  5 | #include <stdio.h>
  6 | #include <inttypes.h>
  7 | #include <math.h>
  8 | 
  9 | typedef LONG NTSTATUS;
 10 | char* VERSION_NO = "1.1";
 11 | HANDLE file = NULL;
 12 | 
 13 | 
 14 | typedef struct _IO_STATUS_BLOCK {
 15 | 	union {
 16 | 		NTSTATUS Status;
 17 | 		PVOID Pointer;
 18 | 	};
 19 | 	ULONG_PTR Information;
 20 | } IO_STATUS_BLOCK, *PIO_STATUS_BLOCK;
 21 | 
 22 | typedef enum _FILE_INFORMATION_CLASS {
 23 | 	FileBasicInformation = 4,
 24 | 	FileStandardInformation = 5,
 25 | 	FilePositionInformation = 14,
 26 | 	FileEndOfFileInformation = 20,
 27 | } FILE_INFORMATION_CLASS, *PFILE_INFORMATION_CLASS;
 28 | 
 29 | typedef struct _FILE_BASIC_INFORMATION {
 30 | 	LARGE_INTEGER CreationTime;							// Created             
 31 | 	LARGE_INTEGER LastAccessTime;                       // Accessed    
 32 | 	LARGE_INTEGER LastWriteTime;                        // Modifed
 33 | 	LARGE_INTEGER ChangeTime;                           // Entry Modified
 34 | 	ULONG FileAttributes;
 35 | } FILE_BASIC_INFORMATION, *PFILE_BASIC_INFORMATION;
 36 | 
 37 | typedef NTSTATUS(WINAPI *pNtSetInformationFile)(HANDLE, PIO_STATUS_BLOCK, PVOID, ULONG, FILE_INFORMATION_CLASS);
 38 | typedef NTSTATUS(WINAPI *pNtQueryInformationFile)(HANDLE, PIO_STATUS_BLOCK, PVOID, ULONG, FILE_INFORMATION_CLASS);
 39 | 
 40 | HANDLE LoadFile(char *filename, FILE_BASIC_INFORMATION *fbi);
 41 | VOID RetrieveFileBasicInformation(char *filename, FILE_BASIC_INFORMATION *fbi);
 42 | DWORD SetFileMACE(HANDLE file, DWORD fileAttributes, char *mtimestamp, char *atimestamp, char *ctimestamp, char *btimestamp);
 43 | LARGE_INTEGER ParseDateTimeInput(char *inputstring);
 44 | VOID About();
 45 | VOID Usage();
 46 | 
 47 | // #######################################################################
 48 | // ############ FUNCTIONS
 49 | // #######################################################################
 50 | 
 51 | VOID About() {
 52 | 	printf("nTimestomp, Version %s\r\n", VERSION_NO);
 53 | 	printf("Copyright (C) 2019 Benjamin Lim\r\n");
 54 | 	printf("Available for free from https://limbenjamin.com/pages/ntimetools\r\n");
 55 | 	printf("\r\n");
 56 | }
 57 | 
 58 | VOID Usage() {
 59 | 	printf("\r\n");
 60 | 	printf("Usage: .\\nTimestomp.exe [Modified Date] [Last Access Date] [Last Write Date] [Creation Date]\r\n");
 61 | 	printf("Date Format: yyyy-mm-dd hh:mm:ss.ddddddd\r\n");
 62 | 	printf("\r\n");
 63 | }
 64 | 
 65 | HANDLE LoadFile(char *filename, FILE_BASIC_INFORMATION *fbi) {
 66 | 
 67 | 	HANDLE file = NULL;
 68 | 	HMODULE ntdll = NULL;
 69 | 
 70 | 	file = CreateFile(filename, GENERIC_READ | GENERIC_WRITE | FILE_WRITE_ATTRIBUTES, 0, NULL, OPEN_EXISTING, 0, NULL);
 71 | 	if (file == INVALID_HANDLE_VALUE) {
 72 | 		printf("Cannot open file: %S\r\n", filename);
 73 | 		Usage();
 74 | 		exit(1);
 75 | 	}
 76 | 
 77 | 	/* load ntdll and retrieve function pointer */
 78 | 	ntdll = GetModuleHandle(TEXT("ntdll.dll"));
 79 | 	if (ntdll == NULL) {
 80 | 		printf("Cannot load ntdll\r\n");
 81 | 		CloseHandle(file);
 82 | 		exit(1);
 83 | 	}
 84 | 	FreeLibrary(ntdll);
 85 | 
 86 | 	return file;
 87 | }
 88 | 
 89 | /* returns the handle on success or NULL on failure. this function opens a file and returns
 90 | the FILE_BASIC_INFORMATION on it. */
 91 | VOID RetrieveFileBasicInformation(HANDLE file, FILE_BASIC_INFORMATION *fbi) {
 92 | 
 93 | 	HMODULE ntdll = NULL;
 94 | 	pNtQueryInformationFile NtQueryInformationFile = NULL;
 95 | 	IO_STATUS_BLOCK iostatus;
 96 | 
 97 | 	/* load ntdll and retrieve function pointer */
 98 | 	ntdll = GetModuleHandle(TEXT("ntdll.dll"));
 99 | 	if (ntdll == NULL) {
100 | 		printf("Cannot load ntdll\r\n");
101 | 		CloseHandle(file);
102 | 		exit(1);
103 | 	}
104 | 
105 | 	/* retrieve current timestamps including file attributes which we want to preserve */
106 | 	NtQueryInformationFile = (pNtQueryInformationFile)GetProcAddress(ntdll, "NtQueryInformationFile");
107 | 	if (NtQueryInformationFile == NULL) {
108 | 		CloseHandle(file);
109 | 		exit(1);
110 | 	}
111 | 
112 | 	/* obtain the current file information including attributes */
113 | 	if (NtQueryInformationFile(file, &iostatus, fbi, sizeof(FILE_BASIC_INFORMATION), 4) < 0) {
114 | 		CloseHandle(file);
115 | 		exit(1);
116 | 	}
117 | 
118 | 	/* clean up */
119 | 	FreeLibrary(ntdll);
120 | 
121 | }
122 | 
123 | DWORD SetFileMACE(HANDLE file, DWORD fileAttributes, char *mtimestamp, char *atimestamp, char *ctimestamp, char *btimestamp) {
124 | 
125 | 	HMODULE ntdll = NULL;
126 | 	pNtSetInformationFile NtSetInformationFile = NULL;
127 | 	IO_STATUS_BLOCK iostatus;
128 | 
129 | 	FILE_BASIC_INFORMATION fbi;
130 | 	fbi.LastWriteTime = ParseDateTimeInput(mtimestamp);
131 | 	fbi.LastAccessTime = ParseDateTimeInput(atimestamp);
132 | 	fbi.ChangeTime = ParseDateTimeInput(ctimestamp);
133 | 	fbi.CreationTime = ParseDateTimeInput(btimestamp);
134 | 	
135 | 	fbi.FileAttributes = fileAttributes;
136 | 
137 | 	/* load ntdll and retrieve function pointer */
138 | 	ntdll = GetModuleHandle(TEXT("ntdll.dll"));
139 | 	if (ntdll == NULL) {
140 | 		printf("Cannot load ntdll\r\n");
141 | 		CloseHandle(file);
142 | 		exit(1);
143 | 	}
144 | 
145 | 	NtSetInformationFile = (pNtSetInformationFile)GetProcAddress(ntdll, "NtSetInformationFile");
146 | 	if (NtSetInformationFile == NULL) {
147 | 		CloseHandle(file);
148 | 		exit(1);
149 | 	}
150 | 
151 | 	if (NtSetInformationFile(file, &iostatus, &fbi, sizeof(FILE_BASIC_INFORMATION), FileBasicInformation) < 0) {
152 | 		CloseHandle(file);
153 | 		exit(1);
154 | 	}
155 | 
156 | 	/* clean up */
157 | 	printf("File timestamp successfully set\r\n");
158 | 	FreeLibrary(ntdll);
159 | 
160 | 	return 0;
161 | }
162 | 
163 | LARGE_INTEGER ParseDateTimeInput(char *inputstring) {
164 | 
165 | 	SYSTEMTIME systemtime = { 0 };
166 | 	LARGE_INTEGER nanoTime = { 0 };
167 | 	FILETIME filetime;
168 | 	LARGE_INTEGER dec = { 0 };
169 | 	LARGE_INTEGER res = { 0 };
170 | 
171 | 	if (sscanf_s(inputstring, "%hu-%hu-%hu %hu:%hu:%hu.%7d", &systemtime.wYear, &systemtime.wMonth, &systemtime.wDay, &systemtime.wHour, &systemtime.wMinute, &systemtime.wSecond, &dec.QuadPart) == 0) {
172 | 		printf("Wrong Date Format");
173 | 		CloseHandle(file);
174 | 		exit(1);
175 | 	}
176 | 
177 | 	/* sanitize input */
178 | 
179 | 	if (systemtime.wMonth < 1 || systemtime.wMonth > 12) {
180 | 		printf("Wrong Date Format");
181 | 		CloseHandle(file);
182 | 		exit(1);
183 | 	}
184 | 	if (systemtime.wDay < 1 || systemtime.wDay > 31) {
185 | 		printf("Wrong Date Format");
186 | 		CloseHandle(file);
187 | 		exit(1);
188 | 	}
189 | 	if (systemtime.wYear < 1601 || systemtime.wYear > 30827) {
190 | 		printf("Wrong Date Format");
191 | 		CloseHandle(file);
192 | 		exit(1);
193 | 	}
194 | 
195 | 	if (systemtime.wMinute < 0 || systemtime.wMinute > 59) {
196 | 		printf("Wrong Date Format");
197 | 		CloseHandle(file);
198 | 		exit(1);
199 | 	}
200 | 	if (systemtime.wSecond < 0 || systemtime.wSecond > 59) {
201 | 		printf("Wrong Date Format");
202 | 		CloseHandle(file);
203 | 		exit(1);
204 | 	}
205 | 
206 | 	systemtime.wMilliseconds = 0;
207 | 	if (SystemTimeToFileTime(&systemtime, &filetime) == 0) {
208 | 		printf("Invalid filetime\r\n");
209 | 		CloseHandle(file);
210 | 		exit(1);
211 | 	}
212 | 
213 | 	nanoTime.LowPart = filetime.dwLowDateTime;
214 | 	nanoTime.HighPart = filetime.dwHighDateTime;
215 | 
216 | 	res.QuadPart = nanoTime.QuadPart + dec.QuadPart;
217 | 
218 | 	return res;
219 | }
220 | 
221 | /* returns 0 on error, 1 on success. this function converts a LARGE_INTEGER to a SYSTEMTIME structure */
222 | DWORD ConvertLargeIntegerToLocalTime(SYSTEMTIME *localsystemtime, LARGE_INTEGER largeinteger) {
223 | 
224 | 	FILETIME filetime;
225 | 	FILETIME localfiletime;
226 | 	DWORD result = 0;
227 | 
228 | 	filetime.dwLowDateTime = largeinteger.LowPart;
229 | 	filetime.dwHighDateTime = largeinteger.HighPart;
230 | 
231 | 	if (FileTimeToSystemTime(&filetime, localsystemtime) == 0) {
232 | 		printf("Invalid filetime\r\n");
233 | 		exit(1);
234 | 	}
235 | 
236 | 	return 1;
237 | }
238 | 
239 | int main(int argc, char* argv[]) {
240 | 
241 | 	if (argc < 5) {
242 | 		Usage();
243 | 		exit(1);
244 | 	}
245 | 
246 | 	FILE_BASIC_INFORMATION fbi; 
247 | 	struct _SYSTEMTIME time = { 0 };
248 | 	wchar_t filename[4096] = { 0 };
249 | 	char str[256];
250 | 	CHAR lpVolumeNameBuffer[MAX_PATH + 1] = { 0 };
251 | 	CHAR lpFileSystemNameBuffer[MAX_PATH + 1] = { 0 };
252 | 	LARGE_INTEGER lpFileSizeHigh = { 0 };
253 | 
254 | 	About();
255 | 	MultiByteToWideChar(CP_ACP, 0, argv[1], -1, filename, 4096);
256 | 	file = LoadFile(filename, &fbi);
257 | 	GetVolumeInformationByHandleW(file, &lpVolumeNameBuffer, ARRAYSIZE(lpVolumeNameBuffer), 0, 0, 0, &lpFileSystemNameBuffer, ARRAYSIZE(lpVolumeNameBuffer));
258 | 	GetFileSizeEx(file, &lpFileSizeHigh);
259 | 
260 | 	printf("Filesystem type:		%S\r\n", lpFileSystemNameBuffer);
261 | 	printf("Filename:			%S\r\n", filename);
262 | 	printf("File size:			%d\r\n", lpFileSizeHigh.QuadPart);
263 | 	printf("\r\n");
264 | 
265 | 	SetFileMACE(file, fbi.FileAttributes, argv[2], argv[3], argv[4], argv[5]);
266 | 	RetrieveFileBasicInformation(file, &fbi);
267 | 
268 | 	printf("\r\n");
269 | 	ConvertLargeIntegerToLocalTime(&time, fbi.LastWriteTime);
270 | 	if (fbi.LastWriteTime.QuadPart != 0) {
271 | 		sprintf_s(str, 256, "%lld", fbi.LastWriteTime.QuadPart);
272 | 		printf("[M] Last Write Time:		%04d-%02d-%02d %02d:%02d:%02d.%7s UTC\r\n", time.wYear, time.wMonth, time.wDay, time.wHour, time.wMinute, time.wSecond, &str[11]);
273 | 	}
274 | 	else {
275 | 		printf("[M] Last Write Time:		%04d-%02d-%02d %02d:%02d:%02d.0000000 UTC\r\n", time.wYear, time.wMonth, time.wDay, time.wHour, time.wMinute, time.wSecond);
276 | 	}
277 | 	memset(&time, 0, sizeof(time));
278 | 
279 | 	ConvertLargeIntegerToLocalTime(&time, fbi.LastAccessTime);
280 | 	if (fbi.LastAccessTime.QuadPart != 0) {
281 | 		sprintf_s(str, 256, "%lld", fbi.LastAccessTime.QuadPart);
282 | 		printf("[A] Last Access Time:		%04d-%02d-%02d %02d:%02d:%02d.%7s UTC\r\n", time.wYear, time.wMonth, time.wDay, time.wHour, time.wMinute, time.wSecond, &str[11]);
283 | 	}
284 | 	else {
285 | 		printf("[A] Last Access Time:		%04d-%02d-%02d %02d:%02d:%02d.0000000 UTC\r\n", time.wYear, time.wMonth, time.wDay, time.wHour, time.wMinute, time.wSecond);
286 | 	}
287 | 	memset(&time, 0, sizeof(time));
288 | 
289 | 	ConvertLargeIntegerToLocalTime(&time, fbi.ChangeTime);
290 | 	if (fbi.ChangeTime.QuadPart != 0) {
291 | 		sprintf_s(str, 256, "%lld", fbi.ChangeTime.QuadPart);
292 | 		printf("[C] Metadata Change Time:	%04d-%02d-%02d %02d:%02d:%02d.%7s UTC\r\n", time.wYear, time.wMonth, time.wDay, time.wHour, time.wMinute, time.wSecond, &str[11]);
293 | 	}
294 | 	else {
295 | 		printf("[C] Metadata Change Time:	%04d-%02d-%02d %02d:%02d:%02d.0000000 UTC\r\n", time.wYear, time.wMonth, time.wDay, time.wHour, time.wMinute, time.wSecond);
296 | 	}
297 | 	memset(&time, 0, sizeof(time));
298 | 
299 | 	ConvertLargeIntegerToLocalTime(&time, fbi.CreationTime);
300 | 	if (fbi.CreationTime.QuadPart != 0) {
301 | 		sprintf_s(str, 256, "%lld", fbi.CreationTime.QuadPart);
302 | 		printf("[B] Creation Time:		%04d-%02d-%02d %02d:%02d:%02d.%7s UTC\n", time.wYear, time.wMonth, time.wDay, time.wHour, time.wMinute, time.wSecond, &str[11]);
303 | 	}
304 | 	else {
305 | 		printf("[B] Creation Time:		%04d-%02d-%02d %02d:%02d:%02d.0000000 UTC\n", time.wYear, time.wMonth, time.wDay, time.wHour, time.wMinute, time.wSecond);
306 | 	}
307 | 	printf("\r\n");
308 | 	CloseHandle(file);
309 | }


--------------------------------------------------------------------------------
/nTimestomp/nTimestomp.rc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/limbenjamin/nTimetools/cce1415e208f171591c44b3fe869c42e7cc6f9df/nTimestomp/nTimestomp.rc


--------------------------------------------------------------------------------
/nTimestomp/nTimestomp.vcxproj:
--------------------------------------------------------------------------------
  1 | ﻿<?xml version="1.0" encoding="utf-8"?>
  2 | <Project DefaultTargets="Build" ToolsVersion="14.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
  3 |   <ItemGroup Label="ProjectConfigurations">
  4 |     <ProjectConfiguration Include="Debug|Win32">
  5 |       <Configuration>Debug</Configuration>
  6 |       <Platform>Win32</Platform>
  7 |     </ProjectConfiguration>
  8 |     <ProjectConfiguration Include="Release|Win32">
  9 |       <Configuration>Release</Configuration>
 10 |       <Platform>Win32</Platform>
 11 |     </ProjectConfiguration>
 12 |     <ProjectConfiguration Include="Debug|x64">
 13 |       <Configuration>Debug</Configuration>
 14 |       <Platform>x64</Platform>
 15 |     </ProjectConfiguration>
 16 |     <ProjectConfiguration Include="Release|x64">
 17 |       <Configuration>Release</Configuration>
 18 |       <Platform>x64</Platform>
 19 |     </ProjectConfiguration>
 20 |   </ItemGroup>
 21 |   <ItemGroup>
 22 |     <ClCompile Include="nTimestomp.c" />
 23 |   </ItemGroup>
 24 |   <ItemGroup>
 25 |     <ClInclude Include="resource.h" />
 26 |     <ClInclude Include="resource1.h" />
 27 |   </ItemGroup>
 28 |   <ItemGroup>
 29 |     <ResourceCompile Include="nTimestomp.rc" />
 30 |   </ItemGroup>
 31 |   <ItemGroup>
 32 |     <Image Include="icon1.ico" />
 33 |   </ItemGroup>
 34 |   <PropertyGroup Label="Globals">
 35 |     <ProjectGuid>{BDFD58BC-C440-471D-BD8B-6D55B20326F8}</ProjectGuid>
 36 |     <Keyword>Win32Proj</Keyword>
 37 |     <RootNamespace>nTimestomp</RootNamespace>
 38 |     <WindowsTargetPlatformVersion>8.1</WindowsTargetPlatformVersion>
 39 |   </PropertyGroup>
 40 |   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
 41 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
 42 |     <ConfigurationType>Application</ConfigurationType>
 43 |     <UseDebugLibraries>true</UseDebugLibraries>
 44 |     <PlatformToolset>v140</PlatformToolset>
 45 |     <CharacterSet>Unicode</CharacterSet>
 46 |   </PropertyGroup>
 47 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
 48 |     <ConfigurationType>Application</ConfigurationType>
 49 |     <UseDebugLibraries>false</UseDebugLibraries>
 50 |     <PlatformToolset>v140</PlatformToolset>
 51 |     <WholeProgramOptimization>true</WholeProgramOptimization>
 52 |     <CharacterSet>Unicode</CharacterSet>
 53 |   </PropertyGroup>
 54 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
 55 |     <ConfigurationType>Application</ConfigurationType>
 56 |     <UseDebugLibraries>true</UseDebugLibraries>
 57 |     <PlatformToolset>v140</PlatformToolset>
 58 |     <CharacterSet>Unicode</CharacterSet>
 59 |   </PropertyGroup>
 60 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
 61 |     <ConfigurationType>Application</ConfigurationType>
 62 |     <UseDebugLibraries>false</UseDebugLibraries>
 63 |     <PlatformToolset>v140</PlatformToolset>
 64 |     <WholeProgramOptimization>true</WholeProgramOptimization>
 65 |     <CharacterSet>Unicode</CharacterSet>
 66 |   </PropertyGroup>
 67 |   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
 68 |   <ImportGroup Label="ExtensionSettings">
 69 |   </ImportGroup>
 70 |   <ImportGroup Label="Shared">
 71 |   </ImportGroup>
 72 |   <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
 73 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
 74 |   </ImportGroup>
 75 |   <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
 76 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
 77 |   </ImportGroup>
 78 |   <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
 79 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
 80 |   </ImportGroup>
 81 |   <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
 82 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
 83 |   </ImportGroup>
 84 |   <PropertyGroup Label="UserMacros" />
 85 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
 86 |     <LinkIncremental>true</LinkIncremental>
 87 |   </PropertyGroup>
 88 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
 89 |     <LinkIncremental>true</LinkIncremental>
 90 |   </PropertyGroup>
 91 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
 92 |     <LinkIncremental>false</LinkIncremental>
 93 |   </PropertyGroup>
 94 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
 95 |     <LinkIncremental>false</LinkIncremental>
 96 |   </PropertyGroup>
 97 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
 98 |     <ClCompile>
 99 |       <PrecompiledHeader>
100 |       </PrecompiledHeader>
101 |       <WarningLevel>Level3</WarningLevel>
102 |       <Optimization>Disabled</Optimization>
103 |       <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
104 |       <SDLCheck>true</SDLCheck>
105 |       <RuntimeLibrary>MultiThreaded</RuntimeLibrary>
106 |     </ClCompile>
107 |     <Link>
108 |       <SubSystem>Console</SubSystem>
109 |       <GenerateDebugInformation>true</GenerateDebugInformation>
110 |     </Link>
111 |   </ItemDefinitionGroup>
112 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
113 |     <ClCompile>
114 |       <PrecompiledHeader>
115 |       </PrecompiledHeader>
116 |       <WarningLevel>Level3</WarningLevel>
117 |       <Optimization>Disabled</Optimization>
118 |       <PreprocessorDefinitions>_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
119 |       <SDLCheck>true</SDLCheck>
120 |       <RuntimeLibrary>MultiThreaded</RuntimeLibrary>
121 |     </ClCompile>
122 |     <Link>
123 |       <SubSystem>Console</SubSystem>
124 |       <GenerateDebugInformation>true</GenerateDebugInformation>
125 |     </Link>
126 |   </ItemDefinitionGroup>
127 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
128 |     <ClCompile>
129 |       <WarningLevel>Level3</WarningLevel>
130 |       <PrecompiledHeader>
131 |       </PrecompiledHeader>
132 |       <Optimization>MaxSpeed</Optimization>
133 |       <FunctionLevelLinking>true</FunctionLevelLinking>
134 |       <IntrinsicFunctions>true</IntrinsicFunctions>
135 |       <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
136 |       <SDLCheck>true</SDLCheck>
137 |       <RuntimeLibrary>MultiThreaded</RuntimeLibrary>
138 |     </ClCompile>
139 |     <Link>
140 |       <SubSystem>Console</SubSystem>
141 |       <EnableCOMDATFolding>true</EnableCOMDATFolding>
142 |       <OptimizeReferences>true</OptimizeReferences>
143 |       <GenerateDebugInformation>true</GenerateDebugInformation>
144 |     </Link>
145 |   </ItemDefinitionGroup>
146 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
147 |     <ClCompile>
148 |       <WarningLevel>Level3</WarningLevel>
149 |       <PrecompiledHeader>
150 |       </PrecompiledHeader>
151 |       <Optimization>MaxSpeed</Optimization>
152 |       <FunctionLevelLinking>true</FunctionLevelLinking>
153 |       <IntrinsicFunctions>true</IntrinsicFunctions>
154 |       <PreprocessorDefinitions>NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
155 |       <SDLCheck>true</SDLCheck>
156 |       <RuntimeLibrary>MultiThreaded</RuntimeLibrary>
157 |     </ClCompile>
158 |     <Link>
159 |       <SubSystem>Console</SubSystem>
160 |       <EnableCOMDATFolding>true</EnableCOMDATFolding>
161 |       <OptimizeReferences>true</OptimizeReferences>
162 |       <GenerateDebugInformation>true</GenerateDebugInformation>
163 |     </Link>
164 |   </ItemDefinitionGroup>
165 |   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
166 |   <ImportGroup Label="ExtensionTargets">
167 |   </ImportGroup>
168 | </Project>


--------------------------------------------------------------------------------
/nTimestomp/nTimestomp.vcxproj.filters:
--------------------------------------------------------------------------------
 1 | ﻿<?xml version="1.0" encoding="utf-8"?>
 2 | <Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
 3 |   <ItemGroup>
 4 |     <Filter Include="Source Files">
 5 |       <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
 6 |       <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
 7 |     </Filter>
 8 |     <Filter Include="Header Files">
 9 |       <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
10 |       <Extensions>h;hh;hpp;hxx;hm;inl;inc;xsd</Extensions>
11 |     </Filter>
12 |     <Filter Include="Resource Files">
13 |       <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
14 |       <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
15 |     </Filter>
16 |   </ItemGroup>
17 |   <ItemGroup>
18 |     <ClCompile Include="nTimestomp.c">
19 |       <Filter>Source Files</Filter>
20 |     </ClCompile>
21 |   </ItemGroup>
22 |   <ItemGroup>
23 |     <ClInclude Include="resource.h">
24 |       <Filter>Header Files</Filter>
25 |     </ClInclude>
26 |     <ClInclude Include="resource1.h">
27 |       <Filter>Header Files</Filter>
28 |     </ClInclude>
29 |   </ItemGroup>
30 |   <ItemGroup>
31 |     <ResourceCompile Include="nTimestomp.rc">
32 |       <Filter>Resource Files</Filter>
33 |     </ResourceCompile>
34 |   </ItemGroup>
35 |   <ItemGroup>
36 |     <Image Include="icon1.ico">
37 |       <Filter>Resource Files</Filter>
38 |     </Image>
39 |   </ItemGroup>
40 | </Project>


--------------------------------------------------------------------------------
/nTimestomp/nTimestomp.vcxproj.user:
--------------------------------------------------------------------------------
 1 | ﻿<?xml version="1.0" encoding="utf-8"?>
 2 | <Project ToolsVersion="14.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
 3 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
 4 |     <LocalDebuggerCommandArguments>C:\test.txt "2014-12-30 09:04:05.1111111" "2014-12-30 09:04:04.2222222" "2014-12-30 09:04:03.3333333" "2014-12-30 09:04:02.4444474"</LocalDebuggerCommandArguments>
 5 |     <DebuggerFlavor>WindowsLocalDebugger</DebuggerFlavor>
 6 |   </PropertyGroup>
 7 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
 8 |     <LocalDebuggerCommandArguments>C:\test.txt "2014-12-30 09:04:05.1111111" "2014-12-30 09:04:04.2222222" "2014-12-30 09:04:03.3333333" "2014-12-30 09:04:02.4444474"</LocalDebuggerCommandArguments>
 9 |     <DebuggerFlavor>WindowsLocalDebugger</DebuggerFlavor>
10 |   </PropertyGroup>
11 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
12 |     <LocalDebuggerCommandArguments>C:\test.txt "2014-12-30 09:04:05.1111111" "2014-12-30 09:04:04.2222222" "2014-12-30 09:04:03.3333333" "2014-12-30 09:04:02.4444474"</LocalDebuggerCommandArguments>
13 |     <DebuggerFlavor>WindowsLocalDebugger</DebuggerFlavor>
14 |   </PropertyGroup>
15 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
16 |     <LocalDebuggerCommandArguments>C:\test.txt "2014-12-30 09:04:05.1111111" "2014-12-30 09:04:04.2222222" "2014-12-30 09:04:03.3333333" "2014-12-30 09:04:02.4444474"</LocalDebuggerCommandArguments>
17 |     <DebuggerFlavor>WindowsLocalDebugger</DebuggerFlavor>
18 |   </PropertyGroup>
19 | </Project>


--------------------------------------------------------------------------------
/nTimestomp/resource.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/limbenjamin/nTimetools/cce1415e208f171591c44b3fe869c42e7cc6f9df/nTimestomp/resource.h


--------------------------------------------------------------------------------
/nTimestomp/resource1.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/limbenjamin/nTimetools/cce1415e208f171591c44b3fe869c42e7cc6f9df/nTimestomp/resource1.h


--------------------------------------------------------------------------------
/nTimestomp_v1.2_x64.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/limbenjamin/nTimetools/cce1415e208f171591c44b3fe869c42e7cc6f9df/nTimestomp_v1.2_x64.exe


--------------------------------------------------------------------------------
/nTimeview/RCa14184:
--------------------------------------------------------------------------------
 1 | # l i n e   1 " C : \ \ w o r k s p a c e \ \ N T i m e v i e w \ \ N T i m e v i e w \ \ n T i m e v i e w 1 . r c "  
 2 |  # l i n e   1  
 3 |  / /   M i c r o s o f t   V i s u a l   C + +   g e n e r a t e d   r e s o u r c e   s c r i p t .  
 4 |  / /  
 5 |  # i n c l u d e   " r e s o u r c e . h "  
 6 |  # l i n e   5  
 7 |  # d e f i n e   A P S T U D I O _ R E A D O N L Y _ S Y M B O L S  
 8 |  / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / /  
 9 |  / /  
10 |  / /   G e n e r a t e d   f r o m   t h e   T E X T I N C L U D E   2   r e s o u r c e .  
11 |  / /  
12 |  # i n c l u d e   " w i n r e s . h "  
13 |  # l i n e   1 2  
14 |  / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / /  
15 |  # u n d e f   A P S T U D I O _ R E A D O N L Y _ S Y M B O L S  
16 |  # l i n e   1 5  
17 |  / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / /  
18 |  / /   E n g l i s h   ( U n i t e d   S t a t e s )   r e s o u r c e s  
19 |  # l i n e   1 8  
20 |  # i f   ! d e f i n e d ( A F X _ R E S O U R C E _ D L L )   | |   d e f i n e d ( A F X _ T A R G _ E N U )  
21 |  L A N G U A G E   9 ,   1  
22 |  # l i n e   2 1  
23 |  # i f d e f   A P S T U D I O _ I N V O K E D  
24 |  / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / /  
25 |  / /  
26 |  / /   T E X T I N C L U D E  
27 |  / /  
28 |  # l i n e   2 7  
29 |  1   T E X T I N C L U D E  
30 |  B E G I N  
31 |  " r e s o u r c e . h \ 0 "  
32 |  E N D  
33 |  # l i n e   3 2  
34 |  2   T E X T I N C L U D E      
35 |  B E G I N  
36 |  " # i n c l u d e   " " w i n r e s . h " " \ r \ n "  
37 |  " \ 0 "  
38 |  E N D  
39 |  # l i n e   3 8  
40 |  3   T E X T I N C L U D E      
41 |  B E G I N  
42 |  " \ r \ n "  
43 |  " \ 0 "  
44 |  E N D  
45 |  # l i n e   4 4  
46 |  # e n d i f         / /   A P S T U D I O _ I N V O K E D  
47 |  # l i n e   4 6  
48 |  # e n d i f         / /   E n g l i s h   ( U n i t e d   S t a t e s )   r e s o u r c e s  
49 |  / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / /  
50 |  # l i n e   5 1  
51 |  # i f n d e f   A P S T U D I O _ I N V O K E D  
52 |  / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / /  
53 |  / /  
54 |  / /   G e n e r a t e d   f r o m   t h e   T E X T I N C L U D E   3   r e s o u r c e .  
55 |  / /  
56 |  # l i n e   5 8  
57 |  / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / /  
58 |  # e n d i f         / /   n o t   A P S T U D I O _ I N V O K E D  
59 |  


--------------------------------------------------------------------------------
/nTimeview/icon1.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/limbenjamin/nTimetools/cce1415e208f171591c44b3fe869c42e7cc6f9df/nTimeview/icon1.ico


--------------------------------------------------------------------------------
/nTimeview/nTimeview.aps:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/limbenjamin/nTimetools/cce1415e208f171591c44b3fe869c42e7cc6f9df/nTimeview/nTimeview.aps


--------------------------------------------------------------------------------
/nTimeview/nTimeview.c:
--------------------------------------------------------------------------------
  1 | // #######################################################################
  2 | // ############ HEADER FILES
  3 | // #######################################################################
  4 | #include <windows.h>
  5 | #include <stdio.h>
  6 | #include <winternl.h>
  7 | #include <inttypes.h>
  8 | #include <math.h>
  9 | 
 10 | typedef LONG NTSTATUS;
 11 | char* VERSION_NO = "1.0";
 12 | 
 13 | typedef struct _FILE_BASIC_INFORMATION {
 14 | 	LARGE_INTEGER CreationTime;							// Created             
 15 | 	LARGE_INTEGER LastAccessTime;                       // Accessed    
 16 | 	LARGE_INTEGER LastWriteTime;                        // Modifed
 17 | 	LARGE_INTEGER ChangeTime;                           // Entry Modified
 18 | 	ULONG FileAttributes;
 19 | } FILE_BASIC_INFORMATION, *PFILE_BASIC_INFORMATION;
 20 | 
 21 | 
 22 | 
 23 | typedef NTSTATUS(WINAPI *pNtQueryInformationFile)(HANDLE, PIO_STATUS_BLOCK, PVOID, ULONG, FILE_INFORMATION_CLASS);
 24 | 
 25 | HANDLE RetrieveFileBasicInformation(char *filename, FILE_BASIC_INFORMATION *fbi);
 26 | DWORD ConvertLargeIntegerToLocalTime(SYSTEMTIME *localsystemtime, LARGE_INTEGER largeinteger);
 27 | VOID About();
 28 | VOID Usage();
 29 | 
 30 | // #######################################################################
 31 | // ############ FUNCTIONS
 32 | // #######################################################################
 33 | 
 34 | VOID About() {
 35 | 	printf("nTimeview, Version %s\r\n", VERSION_NO);
 36 | 	printf("Copyright (C) 2019 Benjamin Lim\r\n");
 37 | 	printf("Available for free from https://limbenjamin.com/pages/ntimetools\r\n");
 38 | 	printf("\r\n");
 39 | }
 40 | 
 41 | VOID Usage() {
 42 | 	printf("\r\n");
 43 | 	printf("Usage: .\\nTimeview.exe [Filename]\r\n");
 44 | 	printf("\r\n");
 45 | }
 46 | 
 47 | /* returns the handle on success or NULL on failure. this function opens a file and returns
 48 | the FILE_BASIC_INFORMATION on it. */
 49 | HANDLE RetrieveFileBasicInformation(char *filename, FILE_BASIC_INFORMATION *fbi) {
 50 | 	
 51 | 	HANDLE file = NULL;
 52 | 	HMODULE ntdll = NULL;
 53 | 	pNtQueryInformationFile NtQueryInformationFile = NULL;
 54 | 	IO_STATUS_BLOCK iostatus;
 55 | 
 56 | 	file = CreateFile(filename, GENERIC_READ, 0, NULL, OPEN_EXISTING, 0, NULL);
 57 | 	if (file == INVALID_HANDLE_VALUE) {
 58 | 		printf("Cannot open file: %S\r\n", filename);
 59 | 		Usage();
 60 | 		exit(1);
 61 | 	}
 62 | 
 63 | 	/* load ntdll and retrieve function pointer */
 64 | 	ntdll = GetModuleHandle(TEXT("ntdll.dll"));
 65 | 	if (ntdll == NULL) {
 66 | 		printf("Cannot load ntdll\r\n");
 67 | 		CloseHandle(file);
 68 | 		exit(1);
 69 | 	}
 70 | 
 71 | 	/* retrieve current timestamps including file attributes which we want to preserve */
 72 | 	NtQueryInformationFile = (pNtQueryInformationFile)GetProcAddress(ntdll, "NtQueryInformationFile");
 73 | 	if (NtQueryInformationFile == NULL) {
 74 | 		CloseHandle(file);
 75 | 		exit(1);
 76 | 	}
 77 | 	
 78 | 	/* obtain the current file information including attributes */
 79 | 	if (NtQueryInformationFile(file, &iostatus, fbi, sizeof(FILE_BASIC_INFORMATION), 4) < 0) {
 80 | 		CloseHandle(file);
 81 | 		exit(1);
 82 | 	}
 83 | 
 84 | 	/* clean up */
 85 | 	FreeLibrary(ntdll);
 86 | 
 87 | 	return file;
 88 | }
 89 | 
 90 | /* returns 0 on error, 1 on success. this function converts a LARGE_INTEGER to a SYSTEMTIME structure */
 91 | DWORD ConvertLargeIntegerToLocalTime(SYSTEMTIME *localsystemtime, LARGE_INTEGER largeinteger) {
 92 | 
 93 | 	FILETIME filetime;
 94 | 	FILETIME localfiletime;
 95 | 	DWORD result = 0;
 96 | 
 97 | 	filetime.dwLowDateTime = largeinteger.LowPart;
 98 | 	filetime.dwHighDateTime = largeinteger.HighPart;
 99 | 
100 | 	if (FileTimeToSystemTime(&filetime, localsystemtime) == 0) {
101 | 		printf("Invalid filetime\r\n");
102 | 		exit(1);
103 | 	}
104 | 
105 | 	return 1;
106 | }
107 | 
108 | int main(int argc, char* argv[]) {
109 | 	HANDLE file = NULL;
110 | 	struct _FILE_BASIC_INFORMATION fbi = { 0 };
111 | 	struct _SYSTEMTIME time = { 0 };
112 | 	wchar_t filename[4096] = { 0 };
113 | 	char str[256];
114 | 	CHAR lpVolumeNameBuffer[MAX_PATH + 1] = { 0 };
115 | 	CHAR lpFileSystemNameBuffer[MAX_PATH + 1] = { 0 };
116 | 	LARGE_INTEGER lpFileSizeHigh = { 0 };
117 | 
118 | 	About();
119 | 	MultiByteToWideChar(CP_ACP, 0, argv[1], -1, filename, 4096);
120 | 	file = RetrieveFileBasicInformation(filename, &fbi);
121 | 	GetVolumeInformationByHandleW(file, &lpVolumeNameBuffer, ARRAYSIZE(lpVolumeNameBuffer), 0, 0, 0, &lpFileSystemNameBuffer, ARRAYSIZE(lpVolumeNameBuffer));
122 | 	GetFileSizeEx(file, &lpFileSizeHigh);
123 | 
124 | 	printf("Filesystem type:		%S\r\n", lpFileSystemNameBuffer);
125 | 	printf("Filename:			%S\r\n", filename);
126 | 	printf("File size:			%d\r\n", lpFileSizeHigh.QuadPart);
127 | 	printf("\r\n");
128 | 
129 | 	ConvertLargeIntegerToLocalTime(&time, fbi.LastWriteTime);
130 | 	if (fbi.LastWriteTime.QuadPart != 0) {
131 | 		sprintf_s(str, 256, "%lld", fbi.LastWriteTime.QuadPart);
132 | 		printf("[M] Last Write Time:		%04d-%02d-%02d %02d:%02d:%02d.%7s UTC\r\n", time.wYear, time.wMonth, time.wDay, time.wHour, time.wMinute, time.wSecond, &str[11]);
133 | 	}else {
134 | 		printf("[M] Last Write Time:		%04d-%02d-%02d %02d:%02d:%02d.0000000 UTC\r\n", time.wYear, time.wMonth, time.wDay, time.wHour, time.wMinute, time.wSecond);
135 | 	}
136 | 	memset(&time, 0, sizeof(time));
137 | 
138 | 	ConvertLargeIntegerToLocalTime(&time, fbi.LastAccessTime);
139 | 	if (fbi.LastAccessTime.QuadPart != 0) {
140 | 		sprintf_s(str, 256, "%lld", fbi.LastAccessTime.QuadPart);
141 | 		printf("[A] Last Access Time:		%04d-%02d-%02d %02d:%02d:%02d.%7s UTC\r\n", time.wYear, time.wMonth, time.wDay, time.wHour, time.wMinute, time.wSecond, &str[11]);
142 | 	} else {
143 | 		printf("[A] Last Access Time:		%04d-%02d-%02d %02d:%02d:%02d.0000000 UTC\r\n", time.wYear, time.wMonth, time.wDay, time.wHour, time.wMinute, time.wSecond);
144 | 	}
145 | 	memset(&time, 0, sizeof(time));
146 | 
147 | 	ConvertLargeIntegerToLocalTime(&time, fbi.ChangeTime);
148 | 	if (fbi.ChangeTime.QuadPart != 0) {
149 | 		sprintf_s(str, 256, "%lld", fbi.ChangeTime.QuadPart);
150 | 		printf("[C] Metadata Change Time:	%04d-%02d-%02d %02d:%02d:%02d.%7s UTC\r\n", time.wYear, time.wMonth, time.wDay, time.wHour, time.wMinute, time.wSecond, &str[11]);
151 | 	} else {
152 | 		printf("[C] Metadata Change Time:	%04d-%02d-%02d %02d:%02d:%02d.0000000 UTC\r\n", time.wYear, time.wMonth, time.wDay, time.wHour, time.wMinute, time.wSecond);
153 | 	}
154 | 	memset(&time, 0, sizeof(time));
155 | 
156 | 	ConvertLargeIntegerToLocalTime(&time, fbi.CreationTime);
157 | 	if (fbi.CreationTime.QuadPart != 0) {
158 | 		sprintf_s(str, 256, "%lld", fbi.CreationTime.QuadPart);
159 | 		printf("[B] Creation Time:		%04d-%02d-%02d %02d:%02d:%02d.%7s UTC\n", time.wYear, time.wMonth, time.wDay, time.wHour, time.wMinute, time.wSecond, &str[11]);
160 | 	} else {
161 | 		printf("[B] Creation Time:		%04d-%02d-%02d %02d:%02d:%02d.0000000 UTC\n", time.wYear, time.wMonth, time.wDay, time.wHour, time.wMinute, time.wSecond);
162 | 	}
163 | 	printf("\r\n");
164 | 	CloseHandle(file);
165 | }


--------------------------------------------------------------------------------
/nTimeview/nTimeview.rc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/limbenjamin/nTimetools/cce1415e208f171591c44b3fe869c42e7cc6f9df/nTimeview/nTimeview.rc


--------------------------------------------------------------------------------
/nTimeview/nTimeview.vcxproj:
--------------------------------------------------------------------------------
  1 | ﻿<?xml version="1.0" encoding="utf-8"?>
  2 | <Project DefaultTargets="Build" ToolsVersion="14.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
  3 |   <ItemGroup Label="ProjectConfigurations">
  4 |     <ProjectConfiguration Include="Debug|Win32">
  5 |       <Configuration>Debug</Configuration>
  6 |       <Platform>Win32</Platform>
  7 |     </ProjectConfiguration>
  8 |     <ProjectConfiguration Include="Release|Win32">
  9 |       <Configuration>Release</Configuration>
 10 |       <Platform>Win32</Platform>
 11 |     </ProjectConfiguration>
 12 |     <ProjectConfiguration Include="Debug|x64">
 13 |       <Configuration>Debug</Configuration>
 14 |       <Platform>x64</Platform>
 15 |     </ProjectConfiguration>
 16 |     <ProjectConfiguration Include="Release|x64">
 17 |       <Configuration>Release</Configuration>
 18 |       <Platform>x64</Platform>
 19 |     </ProjectConfiguration>
 20 |   </ItemGroup>
 21 |   <ItemGroup>
 22 |     <ClCompile Include="nTimeview.c" />
 23 |   </ItemGroup>
 24 |   <ItemGroup>
 25 |     <ClInclude Include="resource.h" />
 26 |     <ClInclude Include="resource1.h" />
 27 |   </ItemGroup>
 28 |   <ItemGroup>
 29 |     <ResourceCompile Include="nTimeview1.rc" />
 30 |   </ItemGroup>
 31 |   <ItemGroup>
 32 |     <Image Include="icon1.ico" />
 33 |   </ItemGroup>
 34 |   <PropertyGroup Label="Globals">
 35 |     <ProjectGuid>{220659AE-24BA-4F0C-AD77-8D2D4B5387FE}</ProjectGuid>
 36 |     <Keyword>Win32Proj</Keyword>
 37 |     <RootNamespace>nTimeview</RootNamespace>
 38 |     <WindowsTargetPlatformVersion>8.1</WindowsTargetPlatformVersion>
 39 |     <ProjectName>nTimeview</ProjectName>
 40 |   </PropertyGroup>
 41 |   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
 42 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
 43 |     <ConfigurationType>Application</ConfigurationType>
 44 |     <UseDebugLibraries>true</UseDebugLibraries>
 45 |     <PlatformToolset>v140</PlatformToolset>
 46 |     <CharacterSet>Unicode</CharacterSet>
 47 |   </PropertyGroup>
 48 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
 49 |     <ConfigurationType>Application</ConfigurationType>
 50 |     <UseDebugLibraries>false</UseDebugLibraries>
 51 |     <PlatformToolset>v140</PlatformToolset>
 52 |     <WholeProgramOptimization>true</WholeProgramOptimization>
 53 |     <CharacterSet>Unicode</CharacterSet>
 54 |   </PropertyGroup>
 55 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
 56 |     <ConfigurationType>Application</ConfigurationType>
 57 |     <UseDebugLibraries>true</UseDebugLibraries>
 58 |     <PlatformToolset>v140</PlatformToolset>
 59 |     <CharacterSet>Unicode</CharacterSet>
 60 |   </PropertyGroup>
 61 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
 62 |     <ConfigurationType>Application</ConfigurationType>
 63 |     <UseDebugLibraries>false</UseDebugLibraries>
 64 |     <PlatformToolset>v140</PlatformToolset>
 65 |     <WholeProgramOptimization>true</WholeProgramOptimization>
 66 |     <CharacterSet>Unicode</CharacterSet>
 67 |   </PropertyGroup>
 68 |   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
 69 |   <ImportGroup Label="ExtensionSettings">
 70 |   </ImportGroup>
 71 |   <ImportGroup Label="Shared">
 72 |   </ImportGroup>
 73 |   <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
 74 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
 75 |   </ImportGroup>
 76 |   <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
 77 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
 78 |   </ImportGroup>
 79 |   <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
 80 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
 81 |   </ImportGroup>
 82 |   <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
 83 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
 84 |   </ImportGroup>
 85 |   <PropertyGroup Label="UserMacros" />
 86 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
 87 |     <LinkIncremental>true</LinkIncremental>
 88 |   </PropertyGroup>
 89 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
 90 |     <LinkIncremental>true</LinkIncremental>
 91 |   </PropertyGroup>
 92 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
 93 |     <LinkIncremental>false</LinkIncremental>
 94 |   </PropertyGroup>
 95 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
 96 |     <LinkIncremental>false</LinkIncremental>
 97 |   </PropertyGroup>
 98 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
 99 |     <ClCompile>
100 |       <PrecompiledHeader>
101 |       </PrecompiledHeader>
102 |       <WarningLevel>Level3</WarningLevel>
103 |       <Optimization>Disabled</Optimization>
104 |       <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
105 |       <SDLCheck>true</SDLCheck>
106 |       <RuntimeLibrary>MultiThreaded</RuntimeLibrary>
107 |     </ClCompile>
108 |     <Link>
109 |       <SubSystem>Console</SubSystem>
110 |       <GenerateDebugInformation>true</GenerateDebugInformation>
111 |     </Link>
112 |   </ItemDefinitionGroup>
113 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
114 |     <ClCompile>
115 |       <PrecompiledHeader>
116 |       </PrecompiledHeader>
117 |       <WarningLevel>Level3</WarningLevel>
118 |       <Optimization>Disabled</Optimization>
119 |       <PreprocessorDefinitions>_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
120 |       <SDLCheck>true</SDLCheck>
121 |       <RuntimeLibrary>MultiThreaded</RuntimeLibrary>
122 |     </ClCompile>
123 |     <Link>
124 |       <SubSystem>Console</SubSystem>
125 |       <GenerateDebugInformation>true</GenerateDebugInformation>
126 |     </Link>
127 |   </ItemDefinitionGroup>
128 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
129 |     <ClCompile>
130 |       <WarningLevel>Level3</WarningLevel>
131 |       <PrecompiledHeader>
132 |       </PrecompiledHeader>
133 |       <Optimization>MaxSpeed</Optimization>
134 |       <FunctionLevelLinking>true</FunctionLevelLinking>
135 |       <IntrinsicFunctions>true</IntrinsicFunctions>
136 |       <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
137 |       <SDLCheck>true</SDLCheck>
138 |       <RuntimeLibrary>MultiThreaded</RuntimeLibrary>
139 |     </ClCompile>
140 |     <Link>
141 |       <SubSystem>Console</SubSystem>
142 |       <EnableCOMDATFolding>true</EnableCOMDATFolding>
143 |       <OptimizeReferences>true</OptimizeReferences>
144 |       <GenerateDebugInformation>true</GenerateDebugInformation>
145 |     </Link>
146 |   </ItemDefinitionGroup>
147 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
148 |     <ClCompile>
149 |       <WarningLevel>Level3</WarningLevel>
150 |       <PrecompiledHeader>
151 |       </PrecompiledHeader>
152 |       <Optimization>MaxSpeed</Optimization>
153 |       <FunctionLevelLinking>true</FunctionLevelLinking>
154 |       <IntrinsicFunctions>true</IntrinsicFunctions>
155 |       <PreprocessorDefinitions>NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
156 |       <SDLCheck>true</SDLCheck>
157 |       <RuntimeLibrary>MultiThreaded</RuntimeLibrary>
158 |     </ClCompile>
159 |     <Link>
160 |       <SubSystem>Console</SubSystem>
161 |       <EnableCOMDATFolding>true</EnableCOMDATFolding>
162 |       <OptimizeReferences>true</OptimizeReferences>
163 |       <GenerateDebugInformation>true</GenerateDebugInformation>
164 |     </Link>
165 |   </ItemDefinitionGroup>
166 |   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
167 |   <ImportGroup Label="ExtensionTargets">
168 |   </ImportGroup>
169 | </Project>


--------------------------------------------------------------------------------
/nTimeview/nTimeview.vcxproj.filters:
--------------------------------------------------------------------------------
 1 | ﻿<?xml version="1.0" encoding="utf-8"?>
 2 | <Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
 3 |   <ItemGroup>
 4 |     <Filter Include="Source Files">
 5 |       <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
 6 |       <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
 7 |     </Filter>
 8 |     <Filter Include="Header Files">
 9 |       <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
10 |       <Extensions>h;hh;hpp;hxx;hm;inl;inc;xsd</Extensions>
11 |     </Filter>
12 |     <Filter Include="Resource Files">
13 |       <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
14 |       <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
15 |     </Filter>
16 |   </ItemGroup>
17 |   <ItemGroup>
18 |     <ClCompile Include="nTimeview.c">
19 |       <Filter>Source Files</Filter>
20 |     </ClCompile>
21 |   </ItemGroup>
22 |   <ItemGroup>
23 |     <ClInclude Include="resource1.h">
24 |       <Filter>Header Files</Filter>
25 |     </ClInclude>
26 |     <ClInclude Include="resource.h">
27 |       <Filter>Header Files</Filter>
28 |     </ClInclude>
29 |   </ItemGroup>
30 |   <ItemGroup>
31 |     <ResourceCompile Include="nTimeview1.rc">
32 |       <Filter>Resource Files</Filter>
33 |     </ResourceCompile>
34 |   </ItemGroup>
35 |   <ItemGroup>
36 |     <Image Include="icon1.ico">
37 |       <Filter>Resource Files</Filter>
38 |     </Image>
39 |   </ItemGroup>
40 | </Project>


--------------------------------------------------------------------------------
/nTimeview/nTimeview.vcxproj.user:
--------------------------------------------------------------------------------
 1 | ﻿<?xml version="1.0" encoding="utf-8"?>
 2 | <Project ToolsVersion="14.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
 3 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
 4 |     <LocalDebuggerCommandArguments>C:\bootTel.dat</LocalDebuggerCommandArguments>
 5 |     <DebuggerFlavor>WindowsLocalDebugger</DebuggerFlavor>
 6 |   </PropertyGroup>
 7 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
 8 |     <LocalDebuggerCommandArguments>C:\bootTel.dat</LocalDebuggerCommandArguments>
 9 |     <DebuggerFlavor>WindowsLocalDebugger</DebuggerFlavor>
10 |   </PropertyGroup>
11 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
12 |     <LocalDebuggerCommandArguments>C:\bootTel.dat</LocalDebuggerCommandArguments>
13 |     <DebuggerFlavor>WindowsLocalDebugger</DebuggerFlavor>
14 |   </PropertyGroup>
15 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
16 |     <LocalDebuggerCommandArguments>C:\bootTel.dat</LocalDebuggerCommandArguments>
17 |     <DebuggerFlavor>WindowsLocalDebugger</DebuggerFlavor>
18 |   </PropertyGroup>
19 | </Project>


--------------------------------------------------------------------------------
/nTimeview/nTimeview1.aps:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/limbenjamin/nTimetools/cce1415e208f171591c44b3fe869c42e7cc6f9df/nTimeview/nTimeview1.aps


--------------------------------------------------------------------------------
/nTimeview/nTimeview1.rc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/limbenjamin/nTimetools/cce1415e208f171591c44b3fe869c42e7cc6f9df/nTimeview/nTimeview1.rc


--------------------------------------------------------------------------------
/nTimeview/resource.h:
--------------------------------------------------------------------------------
 1 | //{{NO_DEPENDENCIES}}
 2 | // Microsoft Visual C++ generated include file.
 3 | // Used by nTimeview1.rc
 4 | 
 5 | // Next default values for new objects
 6 | // 
 7 | #ifdef APSTUDIO_INVOKED
 8 | #ifndef APSTUDIO_READONLY_SYMBOLS
 9 | #define _APS_NEXT_RESOURCE_VALUE        101
10 | #define _APS_NEXT_COMMAND_VALUE         40001
11 | #define _APS_NEXT_CONTROL_VALUE         1001
12 | #define _APS_NEXT_SYMED_VALUE           101
13 | #endif
14 | #endif
15 | 


--------------------------------------------------------------------------------
/nTimeview/resource1.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/limbenjamin/nTimetools/cce1415e208f171591c44b3fe869c42e7cc6f9df/nTimeview/resource1.h


--------------------------------------------------------------------------------
/nTimeview_v1.0_x64.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/limbenjamin/nTimetools/cce1415e208f171591c44b3fe869c42e7cc6f9df/nTimeview_v1.0_x64.exe


--------------------------------------------------------------------------------