Is there a way to extract actual call stack addresses from a Windows Performance Recorder trace (WPR)?

Question

According to https://randomascii.wordpress.com/2013/11/04/exporting-arbitrary-data-from-xperf-etl-files/, wpaexporter.exe should be the right tool to do so.

I manage to prepare a profile with the right data, but, unfortunately, wpaexporter keep trying to translate addresses, even if "-symbols" is not given to the command line, generating some useless

/<ModuleName.dll>!<Symbols disabled> 

warnings.

This is annoying because part of our application use some Delphi code that can not generate symbols in a Microsoft compatible format. With addresses, we would be able to find the Delphi symbols in the call stack using map files.

Is there a way to extract call stack addresses from a wpr trace ?

Answer 1

Yes. You can also use xperf.exe. Have you tried the actions option?

xperf -a stack should help here I expect.

You can see detailed info with xperf -help processing command.

Answer 2

Thanks, i completely missed processing options of xperf...

In the meantime, i found that LogParser (https://www.microsoft.com/en-us/download/details.aspx?id=24659) can also export an etl file to a csv (with actual values as well) :

LogParser.exe" "Select * from file.etl" -i:ETW -o:CSV -oTsFormat "HH:mm:ss.ln" > output_file.csv

From what i have seen so far, LogParser output might be more suitable for automatic parsing (only one line per event in the file, no header) while xperf output is more suitable for human processing (tabular representation).