Add Kernel Bitmap Dump (Type=6) Support

[brian-mckinney]

Windows kernel bitmap dumps (DumpType=6) are becoming more and more prevalent, especially considering you can request them directly from Task Manager now.

DumpType=6 is encoded identically to DumpType=5 on disk. The only difference is semantic — the kernel bitmap covers kernel pages only (and optionally user pages), where DumpType=5 typically covers everything. Adding 0x06 to the supported types list and extending the bitmap-parsing branch to handle it was all the layer needed.

Four plugins needed follow-up fixes once the dump actually loads:

• crashinfo was showing "Unknown/Unsupported (0x6)" and leaving the bitmap statistics fields (HeaderSize, BitmapSize, Pages) as N/A

• memmap would hang for many minutes on kernel-only dumps — page tables are kernel data, so VA-to-PA translation succeeds for user-space addresses, but the physical pages themselves aren't in the dump. Walking O(millions) of dead-end lookups per process was the result. A single PEB validity check before the walk detects the situation and skips the process cleanly.

• mftscan would crash when a found MFT record signature straddled a present page and an absent adjacent page; the resulting InvalidAddressException on the Flags field was unhandled.

• cmdscan had a latent UnboundLocalError that wasn't being caught, that could surface when user-space heap is absent.

I tested this change against two Type 6 dumps, one with user pages, another without. They were tested against all of the applicable windows plugins, and produced expected results