The Official Radare2 Book | страница 28

Currently supported timestamp output modes are:

[0x00404888]> pt?

|Usage: pt [dn] print timestamps

| pt. print current time

| pt print UNIX time (32 bit `cfg.bigendian`) Since January 1, 1970

| ptd print DOS time (32 bit `cfg.bigendian`) Since January 1, 1980

| pth print HFS time (32 bit `cfg.bigendian`) Since January 1, 1904

| ptn print NTFS time (64 bit `cfg.bigendian`) Since January 1, 1601

For example, you can 'view' the current buffer as timestamps in the ntfs time:

[0x08048000]> e cfg.bigendian = false

[0x08048000]> pt 4

29:04:32948 23:12:36 +0000

[0x08048000]> e cfg.bigendian = true

[0x08048000]> pt 4

20:05:13001 09:29:21 +0000

As you can see, the endianness affects the result. Once you have printed a timestamp, you can grep the output, for example, by year:

[0x08048000]> pt ~1974 | wc -l

15

[0x08048000]> pt ~2022

27:04:2022 16:15:43 +0000

The default date format can be configured using the cfg.datefmt variable. Formatting rules for it follow the well known strftime(3) format. Check the manpage for more details, but these are the most important:

%a The abbreviated name of the day of the week according to the current locale.

%A The full name of the day of the week according to the current locale.

%d The day of the month as a decimal number (range 01 to 31).

%D Equivalent to %m/%d/%y. (Yecch—for Americans only).

%H The hour as a decimal number using a 24-hour clock (range 00 to 23).

%I The hour as a decimal number using a 12-hour clock (range 01 to 12).

%m The month as a decimal number (range 01 to 12).

%M The minute as a decimal number (range 00 to 59).

%p Either "AM" or "PM" according to the given time value.

%s The number of seconds since the Epoch, 1970-01-01 00:00:00 +0000 (UTC). (TZ)