Public Service Announcement: Daylight Saving Time ends in most parts of the United States this weekend.

Windows 98/98/Me recorded the date and time at which Setup was run in the registry under HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion as a binary value named FirstInstallDateTime. What is the format of this data?

Take the binary value and treat it as a 32-bit little-endian value. The format of the value is basically DOS date/time format, except that the seconds are always 0 or 1 (usually 1), due to a programming error.

Exercise: What error would result in the seconds always being 0 or 1 (usually 1)?

Update: MrZebra guessed that the code did a logical OR instead of a bitwise OR:

wSeconds = actualSeconds || 0;

But it’s not clear why anybody would be writing actualSeconds | 0 in the first place.

Felix Kasza observed that the “seconds” field is the number of 2-second intervals, and guessed that somebody used the wrong arithmetic operator:

wSeconds = actualSeconds % 2; // should be "actualSeconds / 2"

That would explain why the value is always 0 or 1, but not why 1 predominates. The above mistake would result in the values 0 and 1 being used about evenly.

Falcon guessed that somebody wrote

wSeconds = actualSeconds && 0x3F; // should be "actualSeconds & 0x3F"

While this matches the “0 or 1, usually 1” results, it’s not clear why somebody would be taking the actual seconds and logical-AND’ing it with 0x3F in the first place. The actual seconds is already in the range 0 to 59. There’s no need to mask out the high bits; they are already zero.

Falcon tried again, and got the correct answer this time:

wSeconds = actualSeconds > 1; // should be "actualSeconds >> 1"

The code wanted to divide the number of seconds by 2 by using the right-shift operator, but forgetting to double the greater-than sign resulted in it being an arithmetic comparison, and the number of seconds is greater than one 96% of the time.