lekv/md_created.py

## md_created.py
#!/usr/bin/python

import sys
from collections import namedtuple
from datetime import datetime
from struct import Struct

MDRawHeader = namedtuple("MDRawHeader", "signature version stream_count \
                         stream_directory_rva checksum time_date_stamp flags")

minidump = sys.argv[1]

s = Struct("IIIiIIQ")
data = open(minidump, 'rb').read(s.size)
header = MDRawHeader(*s.unpack_from(data))
created = datetime.utcfromtimestamp(header.time_date_stamp)
print "Minidump was created at: %s UTC (%s)" % (created, header.time_date_stamp)
	#!/usr/bin/python

	import sys
	from collections import namedtuple
	from datetime import datetime
	from struct import Struct

	MDRawHeader = namedtuple("MDRawHeader", "signature version stream_count \
	stream_directory_rva checksum time_date_stamp flags")

	minidump = sys.argv[1]

	s = Struct("IIIiIIQ")
	data = open(minidump, 'rb').read(s.size)
	header = MDRawHeader(*s.unpack_from(data))
	created = datetime.utcfromtimestamp(header.time_date_stamp)
	print "Minidump was created at: %s UTC (%s)" % (created, header.time_date_stamp)