48b91400000080f7ffff48b8bd427ae5d594bfd6488b0948f7e148b8cdcccccccccccccc48c1ea1748f7e24c8bea49c1ed02

直接在windbg中把执行内存修改为上面这一串字节序列，运行完成后r13中将包含当前时间戳，可使用如下代码转换成人类可阅读时间格式

/*代码BEGIN*/
#include <windows.h>
#include <stdint.h>
#include <stdio.h>

int main()
{
        // Example adjusted time value
    uint64_t adjustedTime = 0x9f4ce6f4;

        // Reverse the operations to get the original time
        uint64_t time = adjustedTime * 5L * 10000000L;

        // Split the 64-bit time into high and low parts
        FILETIME fileTime;
        fileTime.dwLowDateTime = (DWORD)(time & 0xFFFFFFFF);
        fileTime.dwHighDateTime = (DWORD)(time >> 32);

        // Optionally, convert FILETIME back to SYSTEMTIME for readable time
        SYSTEMTIME systemTime;
        FileTimeToSystemTime(&fileTime, &systemTime);

        // Print the SYSTEMTIME
        printf("Year: %d\n", systemTime.wYear);
        printf("Month: %d\n", systemTime.wMonth);
        printf("Day: %d\n", systemTime.wDay);
        printf("Hour: %d\n", systemTime.wHour);
        printf("Minute: %d\n", systemTime.wMinute);
        printf("Second: %d\n", systemTime.wSecond);
        printf("Milliseconds: %d\n", systemTime.wMilliseconds);

        return 0;
  

}
/*代码END*/