|Informative Information for the Uninformed
Next: Calculating Viable Opcode Windows Up: Locating Temporal Addresses Previous: InterruptTime   Contents
The SystemTime attribute is by far the most useful attribute when it comes to its temporal address qualities. The attribute itself is a 100 nanosecond timer that is measured from Jan. 1, 1601 which is stored as a _KSYSTEM_TIME structure like the InterruptTime attribute7.2. This means that it has an update period of 100 nanoseconds and has a scale that measures from Jan. 1, 1601. The scale is also measured relative to the timezone that the machine is using (with the exclusion of daylight savings time). If an attacker is able to obtain information about the system time on a target machine, it may be possible to make use of the SystemTime attribute as a valid temporal address for exploitation purposes.
This attribute is located at 0x7ffe0014 on all versions of