PE: Skip instruction analysis except for the first frame

[ishitatsuyuki]

Only the top frame can be potentially in an epilog; further frames should point to a function call, which is by definition outside an epilog. Instruction parsing can be skipped in such cases as a small optimization.

An exception is interruption coming from signal-like primitives. There are no signals on Win32, but access violation exceptions work similarly. These will push a KiUserExceptionDispatcher entry on stack along with a MACHFRAME entry. We should make sure to treat anything beyond a MACHFRAME entry as the same as a first frame.

[ishitatsuyuki]

Opened a PoC at #26.

Actually, this was more critical than I thought since the lookup address is shifted by 1 for return address frames. Which means that instruction analysis was basically reading garbage all the time.

[mstange]

Fixed by #27.

I've opened #30 and #31 for the remaining work.