Skip to content

Instantly share code, notes, and snippets.

@williballenthin

williballenthin/parse_windows_timestamp.py

Created April 4, 2013 18:56
Show Gist options
  • Star 1 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save williballenthin/5313118 to your computer and use it in GitHub Desktop.
Save williballenthin/5313118 to your computer and use it in GitHub Desktop.
Download ZIP
Parse a hex encoded Windows timestamp into a readable ISO formatted timestamp.
Raw
parse_windows_timestamp.py
def parse_windows_timestamp(hex_str):
"""
@type hex_str: str
@param hex_str: A string that contains a hex encoded QWORD (8 bytes) that are a Windows timestamp.
@rtype: str
@return: A string that contains an ISO formatted timestamp.
"""
import struct, binascii
from datetime import datetime
return datetime.utcfromtimestamp(float(struct.unpack_from("<Q", binascii.unhexlify(hex_str.replace(" ", "")))[0]) * 1e-7 - 11644473600).isoformat("T")
if __name__ == "__main__":
import sys
print(parse_windows_timestamp(sys.argv[1]))
@williballenthin
Copy link
Author

Sample output:

/tmp  » python parse_windows_timestamp.py "F8 8D 74 E3 04 1F CE 01"
2013-03-12T09:35:09.671988

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment