getEntryFunction doesn't handle PE format

[kaimi-]

Current getEntryFunction implementation can only handle an ELF header, thus the extension can't locate an entry point for PE/PE+ files automatically.

The logic of analyze function seems to be odd, as there's a generic way of locating an entry point through the analyzeFromMain function, which isn't called at all if the executable header wasn't successfully parsed.

Another thing, that analyzeFromMain is only trying to locate a global main function, which isn't always present in, for example, executables created in MASM. Probably it should locate and utilize an entry function address, if main is not present.

[MatthewShao]

Yes, we have extensively run tests on ELF files, but barely test PE files. We definitely want to have PE file support in the future, that requires updated entry point finding logic as well as entry function model. PRs are welcome! However, the analysis algorithm is format-agnostic, you can try to specify an function entry point address to start analysis, with -entry <address> parameter in headless mode, or setting "Analysis Start Address" in configuration window of GUI mode.

[zyq8709]

In fact, we have not modeled entry points for such as WinMain in PE files yet and impose some restrictions on file format. You are welcome to help us improve the support for PE entry points.

[zyq8709]

We can work on a better design together to solve this problem well. :)