Where does windows 10 store "Boot Time"


  1. Posts : 54
    Windows 10 Pro
       #1

    Where does windows 10 store "Boot Time"


    Hi!

    If I type in cmd
    Code:
    systeminfo | find "Boot Time"
    It tells me the time when computer was rebooted. Where deos windows store this information? Any registry keys? I mean it can survive reboot so it must be stored somewhere else than RAM also.
      My Computer


  2. Posts : 18,034
    Win 10 Pro 64-bit v1909 - Build 18363 Custom ISO Install
       #2

    Hello @MakeW10Great,

    MakeW10Great said:
    If I type in cmd . . .
    Code:
    systeminfo | find "Boot Time"
    It tells me the time when computer was rebooted. Where does windows store this information? Any registry keys? I mean it can survive reboot so it must be stored somewhere else than RAM also.

    Have you seen this? => How to See Last BIOS Boot Time in Windows 10

    Just for information, if you wanted to find out the Timeout for the length of time that the Boot Menu shows for, then . . .

     MSConfig

    [1] Press the Win + R keys together to open the Run dialog box.
    [2] Type msconfig in the Run dialog box > Enter.
    [3] Click the Boot tab.

    Anyway, back to your question. Have a look at this . . .

    > How to See PC Startup And Shutdown History in Windows 10
    > Windows Boot History – To know the Computer starting & shutdown time

    I hope this helps.
      My Computer


  3. Posts : 17,086
    Windows 10 Home x64 Version 22H2 Build 19045.4894
       #3

    Event viewer
    Log - System
    Source - Kernel general
    EventID - 12

    Here's a zipped copy of an Event viewer, Custom view definition for it - Power - Restarts.zip
    - Unzip it then use the Import custom view item on the right-hand side of the Event viewer window.
    - During importation, you can choose any name you want for it. My name just reflects its position as one of a group of power-related Custom views I have.

    Denis
    Last edited by Try3; 25 Feb 2021 at 09:31.
      My Computer


  4. Posts : 1,807
    Windows 10 Pro 21H1 19043.1348
       #4

    MakeW10Great said:
    Hi!

    If I type in cmd
    Code:
    systeminfo | find "Boot Time"
    It tells me the time when computer was rebooted. Where deos windows store this information? Any registry keys? I mean it can survive reboot so it must be stored somewhere else than RAM also.


    Hi MakeW10Great. You could always use the Page File creation date/time.

    Code:
    dir /a:h c:\pagefile.sys

    Where does windows 10 store "Boot Time"-0225-page-file-creation-date.jpg
      My Computer


  5. Posts : 18,034
    Win 10 Pro 64-bit v1909 - Build 18363 Custom ISO Install
       #5

    Hello @MakeW10Great,

    I know this is for Win 7, but it will give you an idea => Boot Times - Monitor with Event Viewer

    I hope this helps.
      My Computer


  6. Posts : 3,300
    Win10
       #6

    To filter the startup times from System event log (where the startup times get logged; as descibed by Denis), you can also use the following command in powershell:

    Get-WinEvent -LogName system | Where { $_.Id -eq 12}
      My Computers


  7. Posts : 17,086
    Windows 10 Home x64 Version 22H2 Build 19045.4894
       #7

    The result can be obtained from the [very slow] systeminfo command or extracted from the EventViewer logs directly

    For a batch file based on the OP's original method, I suggest this
    Code:
    set UseExpresssion=cmd.exe /c "systeminfo.exe | find "Boot Time""
    For /F "tokens=* " %%X in (' %UseExpresssion% ') Do Set StartDTG=%%X
    Set StartDTG=%StartDTG:*          =%
    echo %StartDTG%
    Pause to check result

    For a Powershell script that directly queries the Event logs, I'd suggest this further development of das10's code because it returns just a single line result reporting when the computer was last started
    Code:
    Get-WinEvent -FilterHashtable @{
    LogName='System'
    ProviderName='Microsoft-Windows-Kernel-General'
    } | Where({ $_.Id -eq 12}) | Select-Object -First 1 | Format-List -Property TimeCreated
    Pause

    The PowerShell script is much quicker because it does not rely on the very slow systeminfo command.
    A batch file equivalent of this PS script would be based on the wevtutil command which was, for me, such a real pain to work with that I'd now always plump for PowerShell instead.
    wevtutil - SS64

    Denis
    Last edited by Try3; 25 Feb 2021 at 20:59.
      My Computer


  8. Posts : 54
    Windows 10 Pro
    Thread Starter
       #8

    Thanks for these additional sources. Will look into them later.

    I was interested where specifically systeminfo command finds Boot time.

    I found out it uses winmgmt service which seems to get it from C:\Windows\System32\wbem\Repository\OBJECTS.DATA.
    I found evidence in favor of this file because after I closed handle to this file in winmgmt service process systeminfo failed to respond.

    It seems that one way to get it is with query
    Code:
    SELECT LastBootUpTime FROM Win32_OperatingSystem
    Specification for that table seem to be here: https://docs.microsoft.com/en-us/win...peratingsystem

    I wonder if anyone has tryed to run UPDATE query on this table? Anything to keep in mind? How to (in what format) exactly specify this datetime in update query? Also does anyone know what causes it to be updated during shutdown? Any official way for that? Such as API call or something?
    Last edited by MakeW10Great; 26 Feb 2021 at 06:01.
      My Computer


  9. Posts : 1,254
    Windows 10 Pro
       #9

    Speaking as an amateur programmer.

    I believe the ultimate source of the boot time is memory in kernel address space and thus not directly accessible by applications. There is an undocumented API function to access this. At boot time this is written to various locations such as the event log and the WMI database. I don't believe that location has ever been officially documented.

    I am not that familiar with the WMI table mentioned but I assume the "datetime" field is the standard Windows datetime format. That is the number of tenths of a microsecond since 12:00:00 AM, Jan 1, 1601. This is a 64 bit value, least significant byte first. There are API functions to convert this to a more usable format. I believe this is in local time.

    Exactly what are you trying to accomplish?
      My Computer


  10. Posts : 3,300
    Win10
       #10

    As a sort of a reference point, I tried out the PS commands listed on this site (which deals with Renaming a Computer using Powershell to deal with WMI class objects)
    Rename Computer with WMI – CodeAndKeep.Com – Code and keep calm...

    However, and although I am no expert in powershell, the equivalent "Method" MemberType does not exist for "LastBootUpTime".
    The PS commands I tried were:
    Code:
    Get-WmiObject -Class Win32_OperatingSystem | Select LastBootUpTime
    to get the LastBootUpTime
    Code:
    Get-WmiObject -Class Win32_OperatingSystem | GM -MemberType Method
    to get the Mehods for the class, which showed:
    
    TypeName: System.Management.ManagementObject#root\cimv2\Win32_OperatingSystem
    
    Name                 MemberType Definition
    ----                 ---------- ----------
    Reboot               Method     System.Management.ManagementBaseObject Reboot()
    SetDateTime          Method     System.Management.ManagementBaseObject SetDateTime(System.String LocalDateTime)
    Shutdown             Method     System.Management.ManagementBaseObject Shutdown()
    Win32Shutdown        Method     System.Management.ManagementBaseObject Win32Shutdown(System.Int32 Flags, System.Int32 Reserved)
    Win32ShutdownTracker Method     System.Management.ManagementBaseObject Win32ShutdownTracker(System.UInt32 Timeout, System.String Comment, System.UInt32 ReasonCode, System.Int32 Flags)
    There is a "SetDateTime" Method in in the Win32_operatingSstem class but its "Definition" shows it can only be applied to the "LocalDateTime" item in that class (which it indeed does work).

    (These are a couple of WMI explorers I also tried to see if LastBootUpTime has a Method type which might enable changing the BootUp value - all this was academic, as I just wanted to see all the possibilities).
    Build queries and explore the windows WMI database with WMI Explorer - TechRepublic
    GitHub - vinaypamnani/wmie2
    Last edited by das10; 04 Mar 2021 at 12:21. Reason: corrections
      My Computers


 

  Related Discussions
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 17:21.
Find Us




Windows 10 Forums