有没有办法检测系统时钟是否已在 Windows 中向后更改? [英] Is there a way to detect if the system clock has been changed backwards in windows?

问题描述

在 Windows 机器上，有没有办法在不持续监视 WM_TIMECHANGE 消息的情况下找出时间是否已向后更改?

On a windows machine, is there a way to find out if the time has been changed backwards without continually monitoring for WM_TIMECHANGE messages?

例如，我想让我的应用程序在启动时做的第一件事是查看自我上次运行应用程序以来的时间是否已更改回来.

For example, I would like to make the first thing my application does on startup is see if the time has been changed back since I last run the application.

据我所知，查看更改的唯一方法是查看 WM_TIMECHANGE 消息，但只有在我的应用程序正在运行时才能看到.

As far as I can tell, the only way to see a change is to look at the WM_TIMECHANGE message, but I will only see that if my application is running.

推荐答案

是的.您可以阅读 Windows 事件日志 并查找系统时间的更改.(系统时间更改是自动记录的系统事件之一.)例如，我只是将系统时间调整了几秒钟，系统事件日志中出现以下内容:

Yes. You can read the Windows Event Logs and look for changes to system time. (System time changes are one of the system events that are automatically logged.) For example, I just tweaked my system time by a few seconds and the following appeared in the System Event log:

信息 10/21/2011 11:16:26 AM 内核通用 1 无

Information 10/21/2011 11:16:26 AM Kernel-General 1 None

系统时间已更改为 2011 - 10 - 21T16:16:26.000000000Z来自 2011 - 10 - 21T16:16:26.000000000Z.

The system time has changed to ‎2011‎-‎10‎-‎21T16:16:26.000000000Z from ‎2011‎-‎10‎-‎21T16:16:26.000000000Z.

您可以使用 Win32 API 访问事件日志 然后查询这些事件以确定时间是否确实改变了.此解决方案的优点在于它是内置的并且始终运行.无需通过自定义服务等监控事件.您只需查询操作系统的数据.

You can use the Win32 API to get access to the event logs then query for these events to determine if the time was indeed altered. What's great about this solution is that it's built-in and always running. No need to monitor events via a custom service etc. You just query the OS's data.

这仍然不是一个万无一失的解决方案，因为拥有管理员权限的人可以随意设置、清除日志等.但您肯定会对您的应用程序进行外行证明.系统事件日志不是普通 Windows 用户考虑的事情.

This is still not a bullet-proof solution since people with admin rights can chance settings, clear logs etc. But you would definitely layperson-proof your app. System event logs are not something regular Windows users think about.

该特定事件的 XML:(为了隐私和安全而去标识化)

The XML for that particular event: (de-identified for privacy & security)

  <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
  <Provider Name="Microsoft-Windows-Kernel-General" 
        Guid="{xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx}" /> 
  <EventID>1</EventID> 
  <Version>0</Version> 
  <Level>4</Level> 
  <Task>0</Task> 
  <Opcode>0</Opcode> 
  <Keywords>0x8000000000000010</Keywords> 
  <TimeCreated SystemTime="2011-10-21T16:16:26.001000000Z" /> 
  <EventRecordID>138478</EventRecordID> 
  <Correlation /> 
  <Execution ProcessID="40044" ThreadID="50016" /> 
  <Channel>System</Channel> 
  <Computer>xxxxx.xxxxxxxxx.org</Computer> 
  <Security UserID="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" /> 
  </System>
  <EventData>
  <Data Name="NewTime">2011-10-21T16:16:26.000000000Z</Data> 
  <Data Name="OldTime">2011-10-21T16:16:26.000000000Z</Data> 
  </EventData>
  </Event>

这篇关于有没有办法检测系统时钟是否已在 Windows 中向后更改?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！