Help and Support
 

powered byLive Search

How to find pool tags that are used by third-party drivers

View products that this article applies to.
Article ID:298102
Last Review:March 1, 2007
Revision:5.2
This article was previously published under Q298102

SUMMARY

This article describes how to find the source of a pool tag that is used by a third-party driver. This may be useful because when you troubleshoot an issue, you may encounter a pool tag that cannot be tied to a Microsoft component, and finding the source of these tags can be complicated and is often impossible without the use of a kernel-mode debugger.

MORE INFORMATION

To find files that (potentially) use a given pool tag, use the Search tool in Windows 2000:
1.Click Start, point to Search, and then click For Files or Folders.
2.In the Search for files or folders named box, type *.sys.
3.In the Containing text box, type the pool tag you want to search for.
4.In the Look in box, type the path to the system root drivers, for example, C:\WINNT\system32\drivers, and then click Search Now.
You should receive a list of drivers that contain the tag. Although there may be some false hits here (as the text string may naturally occur in other files), this method should allow you to narrow the scope of your search.

You can use the findstr command (in all versions of Windows) instead of Windows Explorer. To minimize the occurrence of false hits, change to the system root\drivers folder at a command prompt. If needed, use Windows Explorer to find this folder. Run the findstr /m /l tag *.sys command, where the /m switch is used to list only the file name. If you receive multiple files, try to reduce the amount of files returns by adding the letter "h" to the tag before you run the search. This is mainly useful when the tag is comprised of three letters.

Note You may find that this query may not find the appropriate driver because the driver is not loaded from %SYSTEMROOT%\drivers. In this case, run more global searches such as findstr /m /l tag *.sys that start from %SystemRoot%, %ProgramFiles%, %SystemDrive%, %ProgramData%. For examples, use the findstr /m /l hTCPt *.sys command to return Tcpip.sys and findstr /m /l hCPnp *.sys to return Classpnp.sys or Acpiec.sys depending on which operating system you are running.

For more information, click the following article numbers to view the articles in the Microsoft Knowledge Base:
250453 (http://support.microsoft.com/kb/250453/) Determining special pool tagging options when debugging
177415 (http://support.microsoft.com/kb/177415/) How to use Memory Pool Monitor (Poolmon.exe) to troubleshoot kernel mode memory leaks
APPLIES TO
Microsoft Windows NT Server 4.0, Terminal Server Edition
Microsoft Windows 2000 Server
Microsoft Windows 2000 Advanced Server
Microsoft Windows 2000 Datacenter Server
Microsoft Windows NT Server 4.0 Standard Edition
Microsoft Windows NT Server 4.0 Enterprise Edition
Microsoft Windows NT Workstation 4.0 Developer Edition
Microsoft Windows Server 2003, Standard Edition (32-bit x86)
Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
Microsoft Windows XP Professional

Back to the top

Keywords: 
kb3rdparty kbenv kbhowto KB298102

Article Translations

 

Other Support Options

  • Need More Help?
    Contact a Support professional by E-mail, Online or Phone.
  • Customer Service
    For non-technical assistance with product purchases, subscriptions, online services, events, training courses, corporate sales, piracy issues, and more.
  • Newsgroups
    Pose a question to other users. Discussion groups and Forums about specific Microsoft products, technologies, and services.