Heap streams return objects instead of raw bytes or strings

[malwarefrank]

This adds support for easily identifying the RVA of any heap item, including Strings, Guids, and UserStrings. It does so by creating HeapItem classes that contain the raw bytes, the decoded values, and the rva where the raw bytes were found in the underlying PE.

The .get() member of each of these heap streams now returns these objects. This is a potential BREAKING CHANGE, however the HeapItem subclasses can be treated similarly to what they represent. The original .get() functions have been renamed to .get_bytes() or .get_str() where before they returned bytes or str.

HeapItemString and UserString can be indexed like and compared to strings. HeapItemBinary can be indexed like and compared to bytes objects.

Closes #85

[malwarefrank]

@c3rb3ru5d3d53c @williballenthin welcome testing or comments if you have some time before I merge this in

[williballenthin]

From afar, these changes look reasonable and a nice improvement to the API. I wouldn't ask that any changes be made before merging.

(Opinion follows:) Personally, I'm not super keen on:

however the HeapItem subclasses can be treated similarly to what they represent.

This feels clever, and I'm not sure that's a good thing. I guess it's a trade off to keep client code a bit more concise. Will it so easy that users get themselves in trouble because the types aren't as they seem? shrug

Like I said, the changes look great, and although I volunteered an opinion, I don't think you should make any modifications unless you strongly agree.

[malwarefrank]

I agree. I originally thought it would be convenient, but decided to remove the str and bytes compatibility. I left the eq because it really is convenient and doesn't overly complicate, I think. We will see :)