Microsoft (R) TraceFmt.Exe (10.0.19041.1)
Microsoft Corporation. All rights reserved.
Tracefmt formats the messages in trace logs (.etl files) and creates a text
file of the formatted trace messages. You can specify a TMF file with the
formatting instructions for WPP events, or you can specify an image file and
Tracefmt finds the private PDB file for that image and reads the formatting
instructions from the PDB file.
Usage:
tracefmt [<EtlFiles...>] | -rt [<SessionName>]
Parameters:
<EtlFiles...> - Format a ETW trace file (.etl). Can specify multiple files
separated by spaces.
-rt <SessionName> - Format messages from the named real-time trace session.
Default session name="NT Kernel Logger".
-tmf <TMFFiles> - Trace message format file. Default="Default.tmf".
-i <ImageFiles> - Finds PDBs for the images and creates TMFs.
Separate images with ';'.
-r <SymbolPath> - Path to private PDB symbol files. Default is
"%_NT_SYMBOL_PATH%" (if defined) or
srv*\\symbols\symbols otherwise.
-p <TmfPath> - TMF file directory. Without -i, it's an existing directory.
With -i, it's the path for the TMF that tracefmt creates.
-pdb <PdbPath> - Path to one more more PDB files. Multiple files should be
seperated by ';'.
-manpath <Path> - Path to one or more manifest repository folders. Manifests
will be automatically loaded from these folders as needed.
Multiple folders should be separated by ';'. The files in
the folder must be named GUID.man, using the provider's
decode GUID with no '{', '}', or '-' characters. (Use the
traceman tool to import manifests into the repository.)
-man ManFile - Path to an XML manifest from which to load decoding data
for manifest-based ETW events (TdhLoadManifest).
-bin DllFile - Path to a DLL file from which to load decoding data for
manifest-based ETW events (TdhLoadManifestFromBinary).
-h | /? - Displays help.
Options:
-o - Output file name, e.g. "FormattedData.txt".
-csv - Output in CSV format.
-csvheader - Adds columns headings to CSV file.
-hires - High resolution timestamp.
-utc | -gmt - Do not convert UTC timestamps to local time.
(Affects timestamps in event header and event content.)
-timeZoneSuffix - Include a suffix on timestamps with a known time zone.
-sortableTime - Use "yyyy-mm-ddThh:mm:ss" format for time stamps.
-noFileTimeUtc - Treat event content FILETIME values as having an unknown
time zone. (Default assumes FILETIME is always UTC.)
-display - Print formatted traces messages to console and output file.
-displayonly - Print formatted traces messages only to console (no output
file).
-nosummary - Suppress summary file.
-summaryonly - Suppress output file.
-noprefix - Omit the trace message prefix.
-ods - Send trace messages to the OutputDebugString.
-trace - Print tracefmt actions to the console as they occur.
-v - Verbose console output.
-cp <codepage> - Generated text files should use the specified encoding.
Valid codepage names include "utf8", "utf16", "ansi".
Default is the current ANSI code page.
-skipNoFormat - Filter out events without format strings.
-skipTmfWpp - Filter out TMF-based WPP events.
-preferJson - When possible, decode events as JSON.
TMF-based WPP will still decode as text.
-jsonMeta <flags> - Control which values to include in the JSON "meta" suffix.
Default is 0xff3f. Set to 0 to disable the "meta" suffix.
Values will often be omitted from suffix if zero or null.
Flags (in hex): provider=1, event=2, time=4, cpu=8,
pid=10, tid=20, id=40, version=80, channel=100, level=200,
opcode=400, task=800, keywords=1000, tags=2000,
activity=4000, relatedActivity=8000, ktime=10000,
utime=20000, ptime=40000, attribs=80000.
Default values:
<EtlFile> C:\Logfile.Etl
<SessionName> "NT Kernel Logger"
<OutputFile> FmtFile.txt (local directory)
<Summary file> FmtFile.sum (local directory)
<TMFFile> default.tmf (local directory)
<Prefix> "[%9!d!]%8!04X!.%3!04X!::%4!s! [%1!s!]"
<SymbolPath> %_NT_SYMBOL_PATH% or srv*\\symbols\symbols
Change Prefix by setting the TRACE_FORMAT_PREFIX environment variable.
If neither -tmf nor -p are specified, tracefmt uses the value of the
%TRACE_FORMAT_SEARCH_PATH% environment variable.