No, the right DateTime format is the number of nanoseconds since 01/01/1960 (Special microsoft DateTime format)
What I find strange that I see nothing the ZWT Keygen for Windows 7 and in the KMService.exe for Office 2010 about using a DateTime. However I found these functions in sppsvc.exe from Windows 8: Code: signed int __userpurge sub_48743C<eax>(wchar_t *a1<esi>, int lpFileTime) { signed int result; // eax@4 struct _SYSTEMTIME SystemTime; // [sp+4h] [bp-14h]@3 unsigned int v4; // [sp+14h] [bp-4h]@1 int v5; // [sp+18h] [bp+0h]@1 v4 = (unsigned int)&v5 ^ __security_cookie; if ( !*(_DWORD *)(lpFileTime + 4) && !*(_DWORD *)lpFileTime || !FileTimeToSystemTime((const FILETIME *)lpFileTime, &SystemTime) || (result = sub_47C6CE(a1, 0x104u, L"%4d/%02d/%02d", SystemTime.wYear, SystemTime.wMonth, SystemTime.wDay), result < 0) ) { result = sub_47C6CE(a1, 0x104u, L"0000/00/000"); if ( result < 0 ) { result = 0; *a1 = 0; } } return result; } Code: signed int __stdcall sub_68380D(unsigned int a1, int a2, SYSTEMTIME *a3) { int v3; // ebx@1 wchar_t v4; // ax@11 __int16 v5; // cx@13 unsigned __int16 v6; // dx@16 unsigned __int16 v7; // dx@18 int v8; // esi@20 DWORD v9; // eax@25 SYSTEMTIME *v10; // edi@33 struct _FILETIME FileTime; // [sp+Ch] [bp-3Ch]@24 SYSTEMTIME *lpSystemTime; // [sp+14h] [bp-34h]@1 __int64 v14; // [sp+18h] [bp-30h]@27 int v15; // [sp+20h] [bp-28h]@12 __int64 v16; // [sp+24h] [bp-24h]@28 struct _SYSTEMTIME SystemTime; // [sp+2Ch] [bp-1Ch]@24 wchar_t Str; // [sp+3Ch] [bp-Ch]@20 __int16 v19; // [sp+3Eh] [bp-Ah]@20 __int16 v20; // [sp+40h] [bp-8h]@20 unsigned int v21; // [sp+44h] [bp-4h]@1 int v22; // [sp+48h] [bp+0h]@1 v21 = (unsigned int)&v22 ^ __security_cookie; v3 = 0; lpSystemTime = a3; if ( !a2 || !a3 ) return -2147024809; if ( a1 ) { if ( *(_WORD *)a2 == 43 || *(_WORD *)a2 == 45 ) { if ( a1 != 6 || (v4 = *(_WORD *)(a2 + 2), v4 < 0x30u) || (v15 = 57, v4 > 0x39u) || (v5 = *(_WORD *)(a2 + 4), (unsigned __int16)v5 < 0x30u) || (unsigned __int16)v5 > 0x39u || *(_WORD *)(a2 + 6) != 58 || (v6 = *(_WORD *)(a2 + 8), v6 < 0x30u) || v6 > (unsigned __int16)v15 || (v7 = *(_WORD *)(a2 + 10), v7 < 0x30u) || v7 > 0x39u || (Str = v4, v20 = 0, v19 = v5, v15 = wtoi(&Str), Str = *(_WORD *)(a2 + 8), v19 = *(_WORD *)(a2 + 10), v8 = wtoi(&Str), (unsigned int)v15 > 0xE) || (unsigned int)v8 > 0x3B || v15 == 14 && v8 ) return -2147181022; GetLocalTime(&SystemTime); *(_DWORD *)&SystemTime.wHour = 0; *(_DWORD *)&SystemTime.wSecond = 0; if ( SystemTimeToFileTime(&SystemTime, &FileTime) && (SystemTime.wHour = v15, SystemTime.wMinute = v8, SystemTimeToFileTime(&SystemTime, (LPFILETIME)&v14)) && (v14 -= *(_QWORD *)&FileTime, SystemTimeToFileTime(lpSystemTime, (LPFILETIME)&v16)) && (*(_WORD *)a2 != 43 ? (v16 -= v14) : (v16 += v14), FileTimeToSystemTime((const FILETIME *)&v16, &SystemTime)) ) { v10 = lpSystemTime; *(_DWORD *)&lpSystemTime->wYear = *(_DWORD *)&SystemTime; v10 = (SYSTEMTIME *)((char *)v10 + 4); *(_DWORD *)&v10->wYear = *(_DWORD *)&SystemTime.wDayOfWeek; v10 = (SYSTEMTIME *)((char *)v10 + 4); *(_DWORD *)&v10->wYear = *(_DWORD *)&SystemTime.wHour; *(_DWORD *)&v10->wDayOfWeek = *(_DWORD *)&SystemTime.wSecond; } else { v9 = GetLastError(); v3 = v9; if ( (signed int)v9 > 0 ) v3 = (unsigned __int16)v9 | 0x80070000; } } else { if ( *(_WORD *)a2 != 90 && *(_WORD *)a2 != 122 || a1 > 1 ) return -2147181022; } } return v3; } Code: int __stdcall sub_4CBCFC(int a1, const SYSTEMTIME *lpSystemTime, int a3) { int v3; // esi@1 int v4; // eax@2 int v5; // ecx@4 struct _FILETIME FileTime; // [sp+4h] [bp-8h]@1 v3 = 0; if ( SystemTimeToFileTime(lpSystemTime, &FileTime) ) { if ( CompareFileTime(&FileTime, (const FILETIME *)(**(_DWORD **)(a1 + 4) + 32)) < 0 ) { v5 = **(_DWORD **)(a1 + 4); *(_DWORD *)(v5 + 32) = FileTime.dwLowDateTime; *(_DWORD *)(v5 + 36) = FileTime.dwHighDateTime; } } else { v4 = GetLastError(); v3 = sub_45C459(v4); sub_45C823(v3); } sub_45C8A3(v3); return v3; } Code: DWORD __cdecl sub_57EAA5() { DWORD result; // eax@3 DWORD v1; // ecx@4 LARGE_INTEGER PerformanceCount; // [sp+8h] [bp-14h]@4 struct _FILETIME SystemTimeAsFileTime; // [sp+10h] [bp-Ch]@1 DWORD v4; // [sp+18h] [bp-4h]@4 SystemTimeAsFileTime.dwLowDateTime = 0; SystemTimeAsFileTime.dwHighDateTime = 0; if ( __security_cookie != -1153374642 && __security_cookie & 0xFFFF0000 ) { result = ~__security_cookie; dword_77AE44 = ~__security_cookie; } else { GetSystemTimeAsFileTime(&SystemTimeAsFileTime); v4 = SystemTimeAsFileTime.dwLowDateTime ^ SystemTimeAsFileTime.dwHighDateTime; v4 = GetCurrentProcessId() ^ SystemTimeAsFileTime.dwLowDateTime ^ SystemTimeAsFileTime.dwHighDateTime; v4 ^= GetCurrentThreadId(); v4 ^= (unsigned int)&v4 ^ GetTickCount(); QueryPerformanceCounter(&PerformanceCount); result = PerformanceCount.LowPart ^ PerformanceCount.HighPart; v1 = PerformanceCount.LowPart ^ PerformanceCount.HighPart ^ v4; if ( v1 == -1153374642 || !(__security_cookie & 0xFFFF0000) ) v1 = -1153374641; __security_cookie = v1; dword_77AE44 = ~v1; } return result; } Use the function FileTimeToSystemTime to express time as the number of nanoseconds that have elapsed since January 1, 1601. The function writes the result to a FILETIME type and converts it to a human-readable SYSTEMTIME type. Note that this function accepts both types as pointers: BOOL WINAPI FileTimeToSystemTime( __in const FILETIME* pFT, __out SYSTEMTIME* pST );
In ZWT, DateTime is used like this: It receive the client request and extract datetime (endian format) from the request. ex: 16A1D138F886CD01 -> 01CD86F838D1A116 Then, it add it to the response stream and begin to compute the hash for it ...
@CODYQX4 I know I gave you this before. However since nobody is supplying you with any source for the RPC calls, I have given you that link back. Maybe you should rip out from that source what ever you need to code for yourself the RPC calls.
RPC with IDL is designed only to work with C or C++. I would write com object stubs in c/c++ and then call then from .net.