Index: pool.c
===================================================================
--- ntoskrnl/mm/ARM3/pool.c	(revision 74045)
+++ ntoskrnl/mm/ARM3/pool.c	(working copy)
@@ -24,7 +24,7 @@
 KGUARDED_MUTEX MmPagedPoolMutex;
 MM_PAGED_POOL_INFO MmPagedPoolInfo;
 SIZE_T MmAllocatedNonPagedPool;
-ULONG MmSpecialPoolTag;
+ULONG MmSpecialPoolTag = 1;
 ULONG MmConsumedPoolPercentage;
 BOOLEAN MmProtectFreedNonPagedPool;
 SLIST_HEADER MiNonPagedPoolSListHead;
Index: special.c
===================================================================
--- ntoskrnl/mm/ARM3/special.c	(revision 74045)
+++ ntoskrnl/mm/ARM3/special.c	(working copy)
@@ -76,6 +76,10 @@
 NTAPI
 MmUseSpecialPool(SIZE_T NumberOfBytes, ULONG Tag)
 {
+    PLDR_DATA_TABLE_ENTRY LdrEntry;
+    PVOID CallersCaller;
+    UNICODE_STRING Win32k = RTL_CONSTANT_STRING(L"win32k.sys");
+
     /* Special pool is not suitable for allocations bigger than 1 page */
     if (NumberOfBytes > (PAGE_SIZE - sizeof(POOL_HEADER)))
     {
@@ -82,12 +86,30 @@
         return FALSE;
     }
 
-    if (MmSpecialPoolTag == '*')
+    if (Tag == 'enoN' || KeGetCurrentIrql() >= DISPATCH_LEVEL)
     {
         return TRUE;
     }
 
-    return Tag == MmSpecialPoolTag;
+    /* Find the first four letters of the driver name if we can */
+    RtlGetCallersAddress(NULL, &CallersCaller);
+    if (!PsLoadedModuleList.Flink)
+    {
+        return TRUE;
+    }
+
+    LdrEntry = MiLookupDataTableEntry(CallersCaller);
+    if (!LdrEntry)
+    {
+        return TRUE;
+    }
+
+    if (RtlEqualUnicodeString(&LdrEntry->BaseDllName, &Win32k, TRUE))
+    {
+        return TRUE;
+    }
+
+    return FALSE;
 }
 
 BOOLEAN