OSRLogoOSRLogoOSRLogo x Seminar Ad

Everything Windows Driver Development

GoToHomePage xLoginx

    Thu, 14 Mar 2019     118020 members


  Online Dump Analyzer
OSR Dev Blog
The NT Insider
The Basics
File Systems
ListServer / Forum
  Express Links
  · The NT Insider Digital Edition - May-June 2016 Now Available!
  · Windows 8.1 Update: VS Express Now Supported
  · HCK Client install on Windows N versions
  · There's a WDFSTRING?
  · When CAN You Call WdfIoQueueP...ously

Who Owns Which Pool Tag

A question came up in the NTDEV discussion list recently asking something along the lines of, "the PoolTag utility (free download here) shows that pool allocations for tag ‘WXYZ’ are out of control…Anyone know who owns it?" Turns out this is a pretty easy question to answer if you know where to look!

There’s a file named PoolTag.txt that you can grab from either the Debugging Tools for Windows’ "\triage" directory, or the Server 2003 DDK’s "\tools\other\i386" directory. This file lists all of the tags that the Windows supplied drivers use, along with the owning module and a short description of the tag.

Also, if you have a debugger attached, the !poolused command in WinDBG displays the information from PoolTag.txt along with the pooltags.

Related Articles
Must Succeed Pool...DEAD!
No Pool Tagging for Special Pool
Permanent Pool Overrun Checking Starting With XP SP2
ExAllocatePoolWithQuota Raises Exceptions
Pool and Memory Events

User Comments
Rate this article and give us feedback. Do you find anything missing? Share your opinion with the community!
Post Your Comment

"It works on XP"
If you use the version in the Server 2003 DDK on XP, it should work just fine. Remember to enable pool tagging on XP. You don't need to enable pool tagging on Server 2003 and forward; it's permanently enabled.

-- juneb (MSFT)

06-Apr-04, June Blender

"RE: No /c option ?"
It looks like this option first shows up in the version of PoolMon available in the Server 2003 DDK.

06-Feb-04, Scott Noone

"No /c option ?"
The Poolmon in the WinXP DDK doesn't seem to have the /c switch mentioned by June ? What gives?

06-Feb-04, Carl Gregory

Try the poolmon /c option, too. It generates localtag.txt, a list of the drivers on local system and the pooltags they use. It's like pooltag.txt, but it's customized for your machine.

When you run poolmon with the /g (pooltag.txt) and /c (localtag.txt) options, the poolmon display lists the name of the driver that assigns each tag. Pooltag.txt and localtag.txt are the data sources for the column.

For more info, search for "Poolmon" in the DDK.

~~juneb (MSFT)

17-Dec-03, June Blender

Post Your Comments.
Print this article.
Email this article.
bottom nav links