tracerpt.exe
- File Path:
C:\windows\SysWOW64\tracerpt.exe - Description: Event Trace Report Tool
Hashes
| Type | Hash |
|---|---|
| MD5 | C1A8175D03884045F1D266D3D8B902DC |
| SHA1 | 2127A270AD7F03D63E84972D8DD566D9F73BA481 |
| SHA256 | 6FE97C56D75DBB59CEB78D88BEE42E0667FA28126A2063B6098A24DC5FBE95E6 |
| SHA384 | F2022A45BBFBEBB31D15F0984C99ED5E63A69CCC341F533F7A98AC1B71EABDD6AB7768C793625D790A01E0F5A987C379 |
| SHA512 | 08D8E6883832C4EFFA4ECE8A6B0AA1E1179EBC6D044A3FB927C3744B6B66D478E2191776086917900E79BD247762F643AB3FBACD2C4D37FBC6DD27147762D837 |
| SSDEEP | 6144:uKPD2R+7vYI1M88iM8U5qWgkzpTz+6HiViTtEtJF6WEqQGGp:BD25I1Mie0XkNTq6CViTtEtJFxQGGp |
Signature
- Status: The file C:\windows\SysWOW64\tracerpt.exe is not digitally signed. You cannot run this script on the current system. For more information about running scripts and setting execution policy, see about_Execution_Policies at http://go.microsoft.com/fwlink/?LinkID=135170
- Serial: ``
- Thumbprint: ``
- Issuer:
- Subject:
File Metadata
- Original Filename: TraceRpt.Exe.MUI
- Product Name: Microsoft Windows Operating System
- Company Name: Microsoft Corporation
- File Version: 6.3.9600.16384 (winblue_rtm.130821-1623)
- Product Version: 6.3.9600.16384
- Language: English (United States)
- Legal Copyright: Microsoft Corporation. All rights reserved.
Additional Info*
*The information below is copied from MicrosoftDocs, which is maintained by Microsoft. Available under CC BY 4.0 license.
tracerpt
The tracerpt command parses Event Trace Logs, log files generated by Performance Monitor, and real-time Event Trace providers. It also generates dump files, report files, and report schemas.
Syntax
tracerpt <[-l] <value [value [...]]>|-rt <session_name [session_name [...]]>> [options]
Parameters
| Parameters | Description |
|---|---|
-config <filename> |
Specifies which settings file to load, which includes your command options. |
| -y | Specifies to answer yes to all questions, without prompting. |
-f <XML | HTML> |
Specifies the report file format. |
-of <CSV | EVTX | XML> |
Specifies the dump file format. The default is *XML. |
-df <filename> |
Specifies to create a Microsoft-specific counting/reporting schema file. |
-int <filename> |
Specifies to dump the interpreted event structure to the specified file. |
| -rts | Specifies to add the report raw timestamp in the event trace header. Can only be used with -o. It’s not supported with -report or -summary. |
-tmf <filename> |
Specifies which Trace Message Format definition file to use. |
-tp <value> |
Specifies the TMF file search path. Multiple paths may be used, separated by a semicolon (;). |
-i <value> |
Specifies the provider image path. The matching PDB will be located in the Symbol Server. Multiple paths can be used, separated by a semicolon (;). |
-pdb <value> |
Specifies the symbol server path. Multiple paths can be used, separated by a semicolon (;). |
| -gmt | Specifies to convert WPP payload timestamps to Greenwich Mean Time. |
-rl <value> |
Specifies the System Report Level from 1 to 5. Default is 1. |
| -summary [filename] | Specifies to create a summary report text file. The filename, if not specified, is summary.txt. |
| -o [filename] | Specifies to create a text output file. The filename, if not specified, is dumpfile.xml. |
| -report [filename] | Specifies to create a text output report file. The filename, if not specified, is workload.xml. |
| -lr | Specifies to be less restrictive. This uses best efforts for events that don’t match the events schema. |
| -export [filename] | Specifies to create an Event Schema export file. The filename, if not specified, is schema.man. |
[-l] <value [value […]]> |
Specifies the Event Trace log file to process. |
-rt <session_name [session_name […]]> |
Specifies the Real-time Event Trace Session data sources. |
| -? | Displays help at the command prompt. |
Examples
To create a report based on the two event logs logfile1.etl and logfile2.etl, and to create the dump file logdump.xml in XML format, type:
tracerpt logfile1.etl logfile2.etl -o logdump.xml -of XML
To create a report based on the event log logfile.etl, to create the dump file logdmp.xml in XML format, to use best efforts to identify events not in the schema, and to produce a summary report file logdump.txt and a report file, logrpt.xml, type:
tracerpt logfile.etl -o logdmp.xml -of XML -lr -summary logdmp.txt -report logrpt.xml
To use the two event logs logfile1.etl and logfile2.etl to produce a dump file, and to report file with the default filenames, type:
tracerpt logfile1.etl logfile2.etl -o -report
To use the event log logfile.etl and the performance log counterfile.blg to produce the report file logrpt.xml and the Microsoft-specific XML schema file schema.xml, type:
tracerpt logfile.etl counterfile.blg -report logrpt.xml -df schema.xml
To read the real-time Event Trace Session NT Kernel Logger and to produce the dump file logfile.csv in CSV format, type:
tracerpt -rt NT Kernel Logger -o logfile.csv -of CSV
Additional References
MIT License. Copyright (c) 2020-2021 Strontic.