Issues running this under dotnet core on macosx / linux

[mcarlin]

I've been trying to get this running on macosx/linux via dotnet core 3.1 without much luck. Is this expected to work cross-platform? or does it need platform dependent libraries from windows ?

[mjsabby]

ETW is a Windows-specific technology. Are you looking to analyze ETW files on Linux/macOS?

[mcarlin]

Exactly. I want to analyze the resulting .etl file in a macOS or linux environment. Is this possible?

[andreesteve]

I have the same requirement. It seems there is a dependency on a win32 assembly.

Unhandled exception. System.DllNotFoundException: Unable to load shared library 'advapi32.dll' or one of its dependencies. In order to help diagnose loading problems, consider setting the LD_DEBUG environment variable: libadvapi32.dll: cannot open shared object file: No such file or directory
   at ETW2JSON.Etw.OpenTrace(EVENT_TRACE_LOGFILEW& Logfile)
   at ETW2JSON.Program.ConvertToJson(Utf8JsonWriter jsonWriter, IEnumerable`1 inputFiles, Action`1 reportError) in /home/andre/aur/etw2json/src/ETW2JSON/Program.cs:line 40
   at ETW2JSON.Program.Main(String[] args) in /home/andre/aur/etw2json/src/ETW2JSON/Program.cs:line 116
Aborted (core dumped)

I guess this project is a wrapper around the Win native code that reads the ETW format. @mjsabby do you know of any alternatives around reading the ETW file format in purely managed code? Thanks!

[mjsabby]

@andreesteve @mcarlin Do you control the ETL file generation or you're getting it from random sources? If you can control the generation, the layout can be reverse engineered, but each ETL file (depending on OS, etc.) can change the format. In practice they don't, but it can change.

Is there a reason you need it to be ETL? We have a file format called BTL which ETL + Compression + Index files for fast seeking if you control the generation of the files.