tracerpt

Event Trace Report Tool

C:\Windows\system32\tracerpt.exe /?

Output:


Microsoft r TraceRpt.Exe (10.0.19041.1741)

Usage:
  C:\Windows\system32\tracerpt.exe <[-l] <value [value [...]]>|-rt <session_name [session_name [...]]>> [options]

Options:
  -?                            Displays context sensitive help.
  -config <filename>            Settings file containing command options.
  -y                            Answer yes to all questions without prompting.
  -f <XML|HTML>                 Report format.
  -of <CSV|EVTX|XML>            Dump format, the default is XML.
  -en <ANSI|Unicode>            Output file encoding. Only allowed with CSV
                                output format.
  -df <filename>                Microsoft specific counting/reporting schema
                                file.
  -import <filename [filename [...]]> Event Schema import file.
  -int <filename>               Dump interpreted event structure into
                                specified file.
  -rts                          Report raw timestamp in event trace header. 
                                Can only be used with -o, not -report or
                                -summary.
  -tmf <filename>               Trace Message Format definition file
  -tp <value>                   TMF file search path.  Multiple paths can be
                                used, separated with ';'.
  -i <value>                    Specifies the provider image path.  The
                                matching PDB will be located in the Symbol
                                Server. Multiple paths can be used, separated
                                with ';'.
  -pdb <value>                  Specifies the symbol server path.  Multiple
                                paths can be used, separated with ';'.
  -gmt                          Convert WPP payload timestamps to GMT time
  -rl <value>                   System Report Level from 1 to 5, the default
                                value is 1.
  -summary [filename]           Summary report text file. Default is
                                summary.txt.
  -o [filename]                 Text output file. Default is dumpfile.xml.
  -report [filename]            Text output report file. Default is
                                workload.xml.
  -lr                           Less restrictive; use best effort for events
                                not matching event schema.
  -export [filename]            Event Schema export file. Default is
                                schema.man.
  [-l] <value [value [...]]>    Event Trace log file to process.
  -rt <session_name [session_name [...]]> Real-time Event Trace Session data
                                source.

Examples:
  tracerpt logfile1.etl logfile2.etl -o logdump.xml -of XML
  tracerpt logfile.etl -o logdmp.xml -of XML -lr -summary logdmp.txt -report logrpt.xml
  tracerpt logfile1.etl logfile2.etl -o -report
  tracerpt logfile.etl counterfile.blg -report logrpt.xml -df schema.xml
  tracerpt -rt "NT Kernel Logger" -o logfile.csv -of CSV

Return Code: 1

C:\Windows\system32\tracerpt.exe

c:\>ver
Microsoft Windows [Version 10.0.19045.2075]

File	Info
File Size	463360bytes
Creation Time	2022/07/08 08:48:55
LastWrite Time	2022/07/08 08:48:55
ProductVersion	10.0.19041.1
FileVersion	10.0.19041.1 (WinBuild.160101.0800)

Hash	Value
MD5	a29a93d4fec75038326c3c67c370dac5
SHA1	ddefa891c96e6cae7fa633f67eb12cee166e8a18
SHA224	8bb6611a6d667cb267fba0b5ff9705fec754d0375a0602cc53d0e095
SHA256	1a293579085a7fc68bb095ab64cac453d1844ae99f69f884fc5749c07bb49ff9
SHA384	acf8da875920adb9017c5ade99382ff32ed81a9529c3f89f30ef9a82c9bfd7edaf64689352aa2d30c8c8f5a93e260f7c
SHA512	360ae94926ee2c41ffbaa247ffd8ffa2d48629954b5a5b3824b0346847f7d453f262cc7dd7fa14b2714c189f1f04b3630c1bc54c20be11c34ece3211d3c1147b