I have a written an ETW provider which is used by my system to log opaque blobs of binary data using the TraceEvent API function. My system is essentially a high throughput event processing system and I want to be able to (cheaply) capture the serialised state of certain objects as they pass through the system. This will give me a replayablility feature so that at any time in the future I can replay an event trace and reproduce the exact sequence of events which brought about a particular state in the application.
It is still in the early stages so at the moment my only control over the tracing is by using one of the tools such as logman or tracelog, which can create trace controllers to log the events to a trace file with an .etl extension. I know I could write a standalone controller which could consume the events in real time and write the events to file myself but I want to try to avoid that at this stage (call it laziness :)), but seriously why rewrite something that is already available?
So, does anyone have any insight into the binary format of .etl files? I know something like tracedmp can read them and produce CSVs but that doesn't help with the binary portion. If I could read these files and parse out the blobs I have written then I would essentially have the replayability I am after, but I can't find anything on this file format.
Thanks, Paul