Hi,
I'm working on how to gt the boot time on Windows 7 and Windows 10 machines.
I'm succeeding to get it from WDI files (in c:\windows\system32\wdi\logfiles), using XPERF. But time to time, it's not possible. WDI files are corrupted, or some information are missing inside, and so on.
Then, I'm trying to get the boot time from event 100 in Microsoft-Windows-Diagnostics-Performance/Operational.
There are some fields which are very explicite, like boottime, mainpathboottime, bootstarttime or bootendtime.
But for others, I do not know exactly what they are.
Is there any official (Microsoft) description of all fields of the different events (mainly event 100, but I'm also interested by the others events 101, 102, 200, ...) of this journal (Microsoft-Windows-Diagnostics-Performance/Operational) ?
Also, I'm trying to find the correlation between the fields from event100 and the different subphases of the boot that I can see by XPERF in WDI files (PreSMSS, SMSSInit, WinlogonInit, ExplorerInit, PostExplorerPeriod, TraceTail)
Thanks a lot by advance