Just like knowing that a shrimps heart is located in it’s head area (thorax) you can file this tidbit under useless facts.
If you find yourself in a situation where you need to convert some Windows Update .ETL files into human readable format and the
Get-WindowsUpdateLog PowerShell cmdlet isn’t available for whatever reason, you can use TraceFmt.exe to do this for you.
The TraceFmt utility, available through both the Windows Software Development Kit (SDK) and Windows Driver Kit (WDK), takes the details in the trace logs and outputs a human-readable text file containing the formatted trace messages.
tracefmt.exe -o "%UserProfile%\Desktop\TraceFmt-WindowsUpdate.log" %SystemRoot%\Logs\WindowsUpdate\WindowsUpdate.20171002.085155.537.1.etl -r srv*%SystemDrive%\Symbols*https://msdl.microsoft.com/download/symbols
Setting log file to: C:\windows\logs\WindowsUpdate\WindowsUpdate.20171002.085155.537.1.etl Examining C:\Program Files (x86)\Windows Kits\10\bin\10.0.15063.0\x64\default.tmf for message formats, 3 found. Searching for TMF files on path: C:\Program Files (x86)\Windows Kits\10\bin\10.0.15063.0\x64 Logfile C:\windows\logs\WindowsUpdate\WindowsUpdate.20171002.085155.537.1.etl: OS version 10.0.14393 (Currently running on 10.0.14393) Start Time 2017-10-02-08:51:55.537 End Time 2017-10-02-09:01:57.790 Timezone is @tzres.dll,-112 (Bias is 300mins) BufferSize 4096 B Maximum File Size 128 MB Buffers Written 3 Logger Mode Settings (11002009) ( sequential newfile paged) ProcessorCount 1 Processing completed Buffers: 3, Events: 70, EventsLost: 0 :: Format Errors: 0, Unknowns: 7 Event traces dumped to C:\Users\perkinsjg\Desktop\TraceFmt-WindowsUpdate.log Event Summary dumped to C:\Users\perkinsjg\Desktop\TraceFmt-WindowsUpdate.log.sum
The TraceFmt generated log file will not be identical to the one generated by the Get-WindowsUpdateLog PowerShell cmdlet; but it’ll help in a pinch!
For now, I bid you Good Providence!