When an addition to the existing API is made, the minor version is bumped. When an API feature or function is removed or changed, the major version is bumped.
Add in support for specifying a type override for object_from_symbol
Add a get_size() method to Windows VAD structures and fix several off-by-one issues when calculating VAD sizes.
Update in the windows _EPROCESS.owning_process method to support Windows Vista and later versions.
Add in child_template to template class
Changes to linux core calls
Add in the linux task.get_threads method to the API.
Add in the windows DEVICE_OBJECT.get_attached_devices and DRIVER_OBJECT.get_devices methods to the API.
Fix the behaviour of the offsets returned by the PDB scanner.
Remove the symbol_shift mechanism, where symbol tables could alter their own symbols.
Symbols from a symbol table are now always the offset values. They can be added to a Module
and when symbols are requested from a Module they are shifted by the module's offset to get
an absolute offset. This can be done with Module.get_absolute_symbol_address or as part of
Module.object_from_symbol(absolute = False, ...).
- Added support for module collections
- Added context.modules
- Added ModuleRequirement
- Added get_symbols_by_absolute_location