Convert Unix Millisecond Time In Powershell To Troubleshoot With Process Monitor

Pavol Kutaj

·

Follow

1 min read

·

Feb 20, 2021

--

Listen

Share

the case

• the question is, what is the easiest way of mapping the exact moment of user action to the capture done in process monitor. During the capture
• screen-capture what the affected application is doing
• screen-capture the timestamps on Current Millis ‐ Milliseconds since Unix Epoch
• run procmon (screen-capture not required here)
• the ideal looks as follows

• when watching the capture → map the currentmillis with the timestamp of procmon
• to do this, convert the currentmillis into your local time (see the script below)
• the procmon dump does this automatically in case you have customers that are elsewhere

1. CODE

• write a function where you pass the UNIX epoch timestamp and you receive a format that can be mapped to events in procmon with if not millisecond to at least decimals

• calling that

▶ getMillis 1582019437368
~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Datetime: 2020-02-18 09:50:37.368000
Clipping: 09:50:37.368000
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

2. sources

• Current Millis ‐ Milliseconds since Unix Epoch
• Powershell: Convert UNIX Timestamp to DateTimeMichls Tech Blog
• How do I filter procmon results on time-of-day? — Stack Overflow