XP's tracerpt missing data from compressed log files on NTFS volumes   

I've been using Global Logger tracing NT Kernel Events recently. To my
surprise, the same binary ETL log file yields different results after
being processed by tracerpt.exe of Vista (SP1) and XP (SP3).

Noticing the differences in the summary headers:

===== XP's tracerpt running on XP =====
Files Processed:
	.\dell-gx280-limitmem\08062037-fresh-webpages\global.etl
Total Buffers Processed 634
Total Events  Processed 44204
Total Events  Lost      0
Start Time               6  Aug 2008    20:34:09.593
End Time                 1  Jan 1601     8:00:13.823
Elapsed Time            -12862499635 sec
=====
===== Vista's tracerpt running on Vista =====
Files Processed:
	.\dell-gx280-limitmem\08062037-fresh-webpages\global.etl
Total Buffers Processed 1792
Total Events  Processed 129960
Total Events  Lost      0
Start Time              200886
End Time                160111
Elapsed Time            -12862499609 sec
=====

It seems XP's tracerpt is dropping buffers. But XP's tracerpt.exe
running on Vista doesn't drop buffers.

Using tracefmt.exe with system.tmf from Windows Server 2003 DDK
(3790.1830) reveals the same problem on XP, no problem on Vista.

However, when the log file is on a network share, even compressed, XP
does the right thing. Copying it to local storage, still OK. After the
log being compressed, the problem comes again.

Finally, I've found out XP's trace dump reporting mechanisms will drop
buffers if:
 1) the log file is locally stored, and
 2) it is compressed on an NTFS volume.

It's always OK on Vista.

date: Sat, 9 Aug 2008 23:04:02 -0700 (PDT)   author:   Quan Qiu