If you receive Query pooltags Failed c0000002 when starting Poolmon.exe, the GlobalFlag value in the registry must be set using Regedt32.
As setting this value causes NT to use extra resources to gather pooltag information, record the current value of GlobalFlag so it can be reset when you are done using Poolmon.exe. Edit:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager
and set the GlobalFlag value which is a type REG_DWORD by turning on the bit that corresponds to a Hex 400.
If you have the
you can use Gflags.exe to do this.To use this utility to enable Pool tagging:
Double-click on the Gflags.exe file in the resource kit directory or open a MS-DOS command prompt and type in GFLAGS and press Enter. After the GFLAGS window opens, set the destination in the upper window to System Registry. In the lower portion of the window, click to select the Enable Pool Tagging check box. Windows NT will have to be restarted for the change to take affect.
GFLAGS can also set the flag required for the kernel feature of Oh.exe, a tool that shows the handles of open windows. For usage information, at a MS- DOS command prompt type: gflags /?
GlobalFlag consists of 32 bits that are used as switches to enable or disable several different advanced internal system diagnostics and troubleshooting tests. For more information, see the definition of Ntexapi.h FLG_ in the Win32 SDK.
