I have a written an ETW provider which is used by my system to log opaque blobs of binary data using the TraceEvent API function. My system is essentially a high throughput event processing system and I want to be able to (cheaply) capture the serialised state of certain objects as they pass through the system. This will give me a replayablility feature so that at any time in the future I can replay an event trace and reproduce the exact sequence of events which brought about a particular state in the application.

我编写了一个 ETW 提供程序，我的系统使用它来使用 TraceEvent API 函数记录不透明的二进制数据 blob。我的系统本质上是一个高吞吐量的事件处理系统，我希望能够（便宜地）在某些对象通过系统时捕获它们的序列化状态。这将为我提供可重播性功能，以便在未来的任何时间我都可以重播事件跟踪并重现导致应用程序中特定状态的事件的确切顺序。

It is still in the early stages so at the moment my only control over the tracing is by using one of the tools such as logman or tracelog, which can create trace controllers to log the events to a trace file with an .etl extension. I know I could write a standalone controller which could consume the events in real time and write the events to file myself but I want to try to avoid that at this stage (call it laziness :)), but seriously why rewrite something that is already available?

它仍处于早期阶段，因此目前我对跟踪的唯一控制是使用 logman 或 tracelog 等工具之一，它们可以创建跟踪控制器以将事件记录到扩展名为 .etl 的跟踪文件中。我知道我可以编写一个独立的控制器，它可以实时使用事件并将事件写入自己的文件，但我想在这个阶段尽量避免这种情况（称之为懒惰:)），但认真地说，为什么要重写已经存在的东西可用的？

So, does anyone have any insight into the binary format of .etl files? I know something like tracedmp can read them and produce CSVs but that doesn't help with the binary portion. If I could read these files and parse out the blobs I have written then I would essentially have the replayability I am after, but I can't find anything on this file format.

那么，有没有人对 .etl 文件的二进制格式有任何了解？我知道像 tracedmp 这样的东西可以读取它们并生成 CSV，但这对二进制部分没有帮助。如果我可以读取这些文件并解析出我写的 blob，那么我基本上就会拥有我所追求的可重玩性，但是我在这种文件格式上找不到任何东西。

Thanks, Paul

谢谢，保罗