How To Check Process Start Time in Windows?

One of the essential tasks to find out during application troubleshooting.

Did you ever wonder how to check for how long, particular process is running in Windows?

Lately, I was working on the Windows server and had to find out for how long the process is running.

After some research, I found you could easily find out process start time in Windows by using the Process Explorer tool.

This article will guide you on how to install & check process start time on Windows operating system.

• Download Process Explorer from Microsoft download page
• Extract the downloaded zip file

Now, you are ready to use Process Explorer

• Double click on procexp to open it, it will look like below

• Click on View >> Select Columns
• Click on Process Performance tab and select Start Time
• Click on Ok

• You will notice an additional column is added called Start Time in Process Explorer.

I hope this helps you with your application troubleshooting procedure. If you are looking to learn Windows server administration, then check out this Udemy course.

How to See PC Startup And Shutdown History in Windows 10

There are times when a user wants to know the startup and shutdown history of a computer. Mostly, system administrators need to know about the history for troubleshooting purposes. If multiple people use the computer, it may be a good security measure to check PC startup and shutdown times to make sure the PC is being used legitimately. In this article we will discuss two ways to keep track of your PC shutdown and startup times.

Using event logs to extract startup and shutdown times

Windows Event Viewer is a wonderful tool which saves all kinds of stuff that is happening in the computer. During each event, the event viewer logs an entry. The event viewer is handled by eventlog service that cannot be stopped or disabled manually, as it is a Windows core service. The event viewer also logs the start and stop times of the eventlog service. We can make use of those times to get an idea of when our computer was started or shut down.

The eventlog service events are logged with two event codes. The event ID 6005 indicates that the eventlog service was started, and the event ID 6009 indicates that the eventlog services were stopped. Let’s go through the complete process of extracting this information from the event viewer.

1. Open Event Viewer (press Win + R and type eventvwr ).

2. In the left pane, open Windows Logs -> System.

3. In the middle pane you will get a list of events that occurred while Windows was running. Our concern is to see only three events. Let’s first sort the event log with Event ID. Click on the Event ID label to sort the data with respect to the Event ID column.

4. If your event log is huge, then the sorting will not work. You can also create a filter from the actions pane on the right side. Just click on “Filter current log.”

5. Type 6005, 6006 in the Event IDs field labeled as . You can also specify the time period under Logged.

• Event ID 6005 will be labeled as “The event log service was started.” This is synonymous with system startup.
• Event ID 6006 will be labeled as “The event log service was stopped.” This is synonymous with system shutdown.

If you want to investigate the Event log further, you can go through the Event ID 6013 which will display the uptime of the computer, and Event ID 6009 indicates the processor information detected during boot time. Event ID 6008 will let you know that the system started after it was not shut down properly.

Using TurnedOnTimesView

TurnedOnTimesView is a simple, portable tool for analyzing the event log for startup and shutdown times. The utility can be used to view the list of shutdown and startup times of local computers or any remote computer connected to the network. Since it is a portable tool, you will only need to unzip and execute the TurnedOnTimesView.exe file. It will immediately list the startup time, shutdown time, duration of uptime between each startup and shutdown, shutdown reason and shutdown code.

Shutdown reason is usually associated with Windows Server machines where we have to give a reason if we are shutting down the server.

To view the startup and shutdown times of a remote computer, go to “Options -> Advanced Options” and select “Data source as Remote Computer.” Specify the IP address or name of the computer in the Computer Name field and Press the OK button. Now the list will show the details of the remote computer.

While you can always use the event viewer for detailed analysis of startup and shutdown times, TurnedOnTimesView serves the purpose with a very simple interface and to-the-point data. For what purpose do you monitor the startup and shutdown times of your computer? Which method do you prefer for monitoring?

Content Manager at Make Tech Easier. Enjoys Android, Windows, and tinkering with retro console emulation to breaking point.

The Core Technologies Blog

Our Software // Windows Services // 24×7 Operation

When did my Windows Service Start?

Here are four ways to determine when your windows service last started.

Solution #1: Search the Windows Event Logs with PowerShell

The Windows Event Logs hold a wealth of information about your computer’s activities. Indeed, a new record is added to the System event log whenever a windows service starts or stops.

The easiest way to find your service’s most recent start time is to use a specially crafted PowerShell command to search the System event log. For example, the following line will return the last time the “Print Spooler” service was started:

(Get-EventLog -LogName «System» -Source «Service Control Manager» -EntryType «Information» -Message «*Print Spooler service*running*» -Newest 1).TimeGenerated

Be sure to replace «Print Spooler» with the display name of the service you are investigating!

Solution #2: Search the Windows Event Logs using the Event Viewer

Instead of running a PowerShell command, you can also search the Event Log manually.

To find the event log record showing when your service was last started:

Open the Event Viewer from the Control Panel (search for it by name).

In the left-hand column, navigate to Windows Logs > System:

Click Find… on the right to bring up the Find window. Enter the name of the service and click the Find Next button to highlight the first matching record in the middle panel. We have entered Spooler, for the Windows Spooler service:

If necessary, keep clicking the Find Next button until a record saying that your service has “entered the running state” comes up. The Source should be Service Control Manager, and the time your service started will be displayed in the Logged value. The screenshot show that the Print Spooler service last started at 8:04:55 AM on January 7th 2017:

Solution #3: Figure out when the Service’s Process was Started

Each running windows service is backed by an underlying process. 99.9% of the time, that process was launched immediately when the service started. So finding the process start time will give us the service start time.

To find out when the service’s process was started:

Determine the process identifier (PID) of the service’s process using the SC command. For a service named MyService, run:

(Be sure to enclose the service name in quotes if it contains spaces.)

Here is the result for the Spooler service:

Make a note of the number on the PID line (1276 in the screenshot above).

Get-Process | select name, id, starttime | select-string

is the process identifier from step 1. The start time will come back in the result. Here is what we got for the spooler’s process (#1276):

Solution #4: Use the System Boot/Up Time (for Automatic Windows Services)

Most Windows Services start when your computer boots and run continuously, 24×7 in the background. For those services, the system boot time is a reasonable approximate.

You can run the built-in systeminfo command to discover when the system last started. Amongst the valuable information systeminfo returns, look for the “System Boot Time” line:

However, if you’re ever in a situation where you can’t remember the command to use, know that the Task Manager’s Performance tab shows how long the computer has been up (“Up time”). The system boot time is a simple calculation away.

So there are four easy ways to find out when your windows service started. Use whichever one best fits your situation. Good luck with your troubleshooting/investigation!

Java code to get service start time

Can anyone help me Java code to get Windows Service start time. Like how we get using Process Explorer.

Screenshots for enabling the service start time using Process Explorer

2 Answers 2

This is highly Windows-specific, so there is nothing built in to Java or its libraries for this. One possible approach is to use two external commands, sc and wmic to extract this information.

Use sc to get the process ID of the service you’re interested in, for example for service W32Time:

Parse out the PID value (1072) and then do

Buried in that mess is the CreationDate field (value 20160709170336.990827-420 ) which is what you want. The -420 appears to be a timezone offset in minutes.

You can implement a class that is able to run Windows command to query the Windows logs. This can be done in this fashion:

Using wmic you’ll be able to find the start time you want as stated above.

Unfortunately the sc won’t be able to provide you with this kind of information. Another way (not sure if it would work though) is to query the window’s event viewer for the logged event of a service starting (I think it’s eventId is 902). After getting the information you can parse the string to find information regarding the service you’re interested.

One word of warning though. If you’re planning to deploy your app on older Windows installation be careful as old Windows installations (XP etc. etc.) may not always contain a valid WMIC installation, meaning that the command would not be available.

How can I get the Windows system time with millisecond resolution?

How can I get the Windows system time with millisecond resolution?

If the above is not possible, then how can I get the operating system start time? I would like to use this value together with timeGetTime() in order to compute a system time with millisecond resolution.

Thank you in advance.

10 Answers 10

GetTickCount will not get it done for you.

Look into QueryPerformanceFrequency / QueryPerformanceCounter . The only gotcha here is CPU scaling though, so do your research.

Try this article from MSDN Magazine. It’s actually quite complicated.

This is an elaboration of the above comments to explain the some of the whys.

First, the GetSystemTime* calls are the only Win32 APIs providing the system’s time. This time has a fairly coarse granularity, as most applications do not need the overhead required to maintain a higher resolution. Time is (likely) stored internally as a 64-bit count of milliseconds. Calling timeGetTime gets the low order 32 bits. Calling GetSystemTime, etc requests Windows to return this millisecond time, after converting into days, etc and including the system start time.

There are two time sources in a machine: the CPU’s clock and an on-board clock (e.g., real-time clock (RTC), Programmable Interval Timers (PIT), and High Precision Event Timer (HPET)). The first has a resolution of around

0.5ns (2GHz) and the second is generally programmable down to a period of 1ms (though newer chips (HPET) have higher resolution). Windows uses these periodic ticks to perform certain operations, including updating the system time.

Applications can change this period via timerBeginPeriod; however, this affects the entire system. The OS will check / update regular events at the requested frequency. Under low CPU loads / frequencies, there are idle periods for power savings. At high frequencies, there isn’t time to put the processor into low power states. See Timer Resolution for further details. Finally, each tick has some overhead and increasing the frequency consumes more CPU cycles.