Recover the key from the time when the process was created

Thanks Wintermute!
2026-02-15 12:27:43 +01:00 · 2020-03-25 16:11:58 +09:00 · 2020-03-25 16:11:58 +09:00 · 16d806a2bb
commit 16d806a2bb
parent cd45ecd377
4 changed files with 63 additions and 197 deletions
--- a/Dalamud.Bootstrap/Windows/Process.cs
+++ b/Dalamud.Bootstrap/Windows/Process.cs
@ -155,6 +155,24 @@ namespace Dalamud.Bootstrap
            }
        }

+        /// <summary>
+        /// Returns a time when the process was started.
+        /// </summary>
+        public DateTime GetCreationTime()
+        {
+            unsafe
+            {
+                FileTime creationTime, exitTime, kernelTime, userTime;
+
+                if (Win32.GetProcessTimes(m_handle, &creationTime, &exitTime, &kernelTime, &userTime))
+                {
+                    ProcessException.ThrowLastOsError(GetPid());
+                }
+
+                return (DateTime)creationTime;
+            }
+        }
+
        private string[] ParseCommandLine(ReadOnlySpan<byte> commandLine)
        {
            unsafe
--- a/Dalamud.Bootstrap/Windows/Win32.cs
+++ b/Dalamud.Bootstrap/Windows/Win32.cs
@ -32,16 +32,17 @@ namespace Dalamud.Bootstrap.Windows

        [DllImport("kernel32", CallingConvention = CallingConvention.Winapi)]
        public static extern uint GetProcessId(SafeProcessHandle hProcess);
+
+        [DllImport("kernel32", CallingConvention = CallingConvention.Winapi, SetLastError = true)]
+        [return: MarshalAs(UnmanagedType.Bool)]
+        public static extern bool GetProcessTimes(SafeProcessHandle hProcess, FileTime* lpCreationTime, FileTime* lpExitTime, FileTime* lpKernelTime, FileTime* lpUserTime);
    }

    [StructLayout(LayoutKind.Sequential)]
-    internal partial struct NtStatus
+    internal struct NtStatus
    {
        public uint Value { get; }
-    }

-    internal partial struct NtStatus
-    {
        public NtStatus(uint value)
        {
            Value = value;
@ -70,6 +71,21 @@ namespace Dalamud.Bootstrap.Windows
        public override string ToString() => $"0x{Value:X8}";
    }

+    [StructLayout(LayoutKind.Sequential)]
+    internal struct FileTime
+    {
+        public uint LowDateTime;
+
+        public uint HighDateTime;
+
+        public static explicit operator DateTime(FileTime value)
+        {
+            var time = ((long)value.HighDateTime << 32) | value.LowDateTime;
+            
+            return DateTime.FromFileTime(time);
+        }
+    }
+
    [StructLayout(LayoutKind.Sequential)]
    internal struct UNICODE_STRING
    {