add tag to ScanRange

KMDF Driver2/Driver.cpp

@@ -126,7 +126,7 @@ DriverControl(PDEVICE_OBJECT /* DriverObject */, PIRP Irp) {
             outputData = (POUTPUT_DATA)MmGetSystemAddressForMdlSafe(Irp->MdlAddress, NormalPagePriority | MdlMappingNoExecute);
             scanRange = &(inputData->scanRange);
             DbgPrint("[NAK] :: Range: %llx - %llx", scanRange->start, scanRange->end);
-            (outputData->poolChunk).addr = (ULONG64)scanRemote(scanRange->start, scanRange->end);
+            (outputData->poolChunk).addr = (ULONG64)scanRemote(scanRange->start, scanRange->end, scanRange->tag);
             DbgPrint("[NAK] :: Found: %llx", (outputData->poolChunk).addr);
             break;
         case DEREFERENCE_ADDRESS:
@@ -575,7 +575,7 @@ scanLargePool(PVOID /* largePageTableArray */, ULONG64 /* largePageTableSize */)
 }
 
 PVOID
-scanRemote(ULONG64 startAddress, ULONG64 endAddress) {
+scanRemote(ULONG64 startAddress, ULONG64 endAddress, ULONG tag) {
     POOL_HEADER p;
     PVOID currentAddr = (PVOID)startAddress;
     while (true) {
@@ -592,9 +592,9 @@ scanRemote(ULONG64 startAddress, ULONG64 endAddress) {
 
         if (p.tag == 0) continue;
         if (!validTag(&p)) continue;
-        if (!validPool(&p)) continue;
+        // if (!validPool(&p)) continue;
 
-        if (p.tag != 'Proc' && p.tag != 'corP')
+        if (p.tag != tag)
             continue;
 
         return p.addr;

KMDF Driver2/Driver.h

@@ -46,7 +46,7 @@ VOID
 scanLargePool(PVOID largePageTableArray, ULONG64 largePageTableSize);
 
 PVOID
-scanRemote(ULONG64 startAddress, ULONG64 endAddress);
+scanRemote(ULONG64 startAddress, ULONG64 endAddress, ULONG tag);
 
 VOID
 hideProcess(CHAR* name, ULONG64 size);

KMDF Driver2/sioctl.h

@@ -76,6 +76,7 @@ typedef struct _DEREF_ADDR {
 typedef struct _SCAN_RANGE {
     ULONG64 start;
     ULONG64 end;
+    ULONG tag;
 } SCAN_RANGE, *PSCAN_RANGE;
 
 typedef struct _HIDE_PROCESS {