A question came up in the NTDEV discussion list recently asking something along the lines of, "the PoolTag utility (free download here) shows that pool allocations for tag ‘WXYZ’ are out of control…Anyone know who owns it?" Turns out this is a pretty easy question to answer if you know where to look!
There’s a file named PoolTag.txt that you can grab from either the Debugging Tools for Windows’ "\triage" directory, or the Server 2003 DDK’s "\tools\other\i386" directory. This file lists all of the tags that the Windows supplied drivers use, along with the owning module and a short description of the tag.
Also, if you have a debugger attached, the !poolused command in WinDBG displays the information from PoolTag.txt along with the pooltags.