Windows: Use device offsets instead of driver offsets

This updates the `devicetree` plugin to return the virtual offsets of
the device objects themselves instead of that of their parent driver.

Author: dgmcdona

volatility3/framework/plugins/windows/devicetree.py

@@ -138,7 +138,7 @@ def _generator(self) -> Iterator[Tuple]:
                     yield (
                         1,
                         (
-                            format_hints.Hex(driver.vol.offset),
+                            format_hints.Hex(device.vol.offset),
                             "DEV",
                             driver_name,
                             device_name,
@@ -170,7 +170,7 @@ def _generator(self) -> Iterator[Tuple]:
                         yield (
                             level,
                             (
-                                format_hints.Hex(driver.vol.offset),
+                                format_hints.Hex(attached_device.vol.offset),
                                 "ATT",
                                 driver_name,
                                 device_name,