Check-given-daytime

From aldeid
Jump to navigation Jump to search

__time64 and __localtime64 functions

  • The __time64 function return the time as seconds elapsed since midnight, January 1, 1970, or -1 in the case of an error.
  • The __localtime64function converts a time value and correct for the local time zone. The fields of the structure type tm store the following values, each of which is an int (4 bytes):
Offset Field Description
0 tm_sec Seconds after minute (0 – 59).
4 tm_min Minutes after hour (0 – 59).
8 tm_hour Hours after midnight (0 – 23).
12 tm_mday Day of month (1 – 31).
16 tm_mon Month (0 – 11; January = 0).
20 tm_year Year (current year minus 1900).
24 tm_wday Day of week (0 – 6; Sunday = 0).
28 tm_yday Day of year (0 – 365; January 1 = 0).
32 tm_isdst Positive value if daylight saving time is in effect; 0 if daylight saving time is not in effect; negative value if status of daylight saving time is unknown. If the TZ environment variable is set, the C run-time library assumes rules appropriate to the United States for implementing the calculation of daylight-saving time (DST).

Examples

Day of week

The following example checks that the week of day is Friday: 

.text:00401460 CHECK_DayFriday proc near
.text:00401460
.text:00401460 Time            = qword ptr -8
.text:00401460
.text:00401460                 push    ebp
.text:00401461                 mov     ebp, esp
.text:00401463                 lea     eax, [ebp+Time]
.text:00401466                 sub     esp, 8
.text:00401469                 push    eax             ; Time
.text:0040146A                 call    __time64
.text:0040146F                 lea     ecx, [ebp+Time]
.text:00401472                 push    ecx             ; Time
.text:00401473                 call    __localtime64
.text:00401478                 add     esp, 8
.text:0040147B                 cmp     dword ptr [eax+18h], 5  ; offset 0x18 (24) is the week of day (5 = Friday)
.text:0040147F                 jnz     short loc_4014BB
.text:00401481                 push    esi
.text:00401482                 mov     esi, dword_519438
.text:00401488                 xor     ecx, ecx
.text:0040148A                 test    esi, esi
.text:0040148C                 jz      short loc_4014B1
.text:0040148E                 mov     edi, edi

Daytime

The following example checks that the time is 5pm: 

.text:004016F0 CHECK_Time_5PM  proc near
.text:004016F0
.text:004016F0 Time            = qword ptr -8
.text:004016F0
.text:004016F0                 push    ebp
.text:004016F1                 mov     ebp, esp
.text:004016F3                 lea     eax, [ebp+Time]
.text:004016F6                 sub     esp, 8
.text:004016F9                 push    eax             ; Time
.text:004016FA                 call    __time64
.text:004016FF                 lea     ecx, [ebp+Time]
.text:00401702                 push    ecx             ; Time
.text:00401703                 call    __localtime64
.text:00401708                 add     esp, 8
.text:0040170B                 cmp     dword ptr [eax+8], 11h  ; offset 8 is tm_hour: 5pm (0x11 = 17)
.text:0040170F                 jnz     short loc_40174B
.text:00401711                 push    esi
.text:00401712                 mov     esi, dword_519438
.text:00401718                 xor     ecx, ecx
.text:0040171A                 test    esi, esi
.text:0040171C                 jz      short loc_401741
.text:0040171E                 mov     edi, edi

Comments

Keywords: anti-reverse








Retrieved from "https://www.aldeid.com/w/index.php?title=Check-given-daytime&oldid=30912"