diff --git a/scripts/base/init-bare.bro b/scripts/base/init-bare.bro
index b8993606d3..e99feeef76 100644
--- a/scripts/base/init-bare.bro
+++ b/scripts/base/init-bare.bro
@@ -2489,6 +2489,41 @@ type irc_join_info: record {
 ## .. bro:see:: irc_join_message
 type irc_join_list: set[irc_join_info];
 
+type PEHeader: record {
+#	Machine               : count;
+#	TimeDateStamp         : time;
+#	magic                   : uint16;
+#	major_linker_version    : uint8;
+#	minor_linker_version    : uint8;
+#	size_of_code            : uint32;
+#	size_of_init_data       : uint32;
+#	size_of_uninit_data     : uint32;
+#	addr_of_entry_point     : uint32;
+#	base_of_code            : uint32;
+#	base_of_data            : uint32;
+#	image_base              : uint32;
+#	section_alignment       : uint32;
+#	file_alignment          : uint32;
+#	os_version_major        : uint16;
+#	os_version_minor        : uint16;
+#	major_image_version     : uint16;
+#	minor_image_version     : uint16;
+#	major_subsys_version    : uint16;
+#	minor_subsys_version    : uint16;
+#	win32_version           : uint32;
+#	size_of_image           : uint32;
+#	checksum                : uint32;
+#	subsystem               : uint16;
+#	mem: case magic of {
+#		0x0b01  -> i32           : MEM_INFO32;
+#		0x0b02  -> i64           : MEM_INFO64;
+#		default -> InvalidPEFile : empty;
+#	};
+#	loader_flags            : uint32;
+#	number_of_rva_and_sizes : uint32;
+#
+};
+
 ## Record for Portable Executable (PE) section headers.
 type PESectionHeader: record {
 	name                      : string;
diff --git a/src/binpac_bro.h b/src/binpac_bro.h
index 1f63808c10..03857179f1 100644
--- a/src/binpac_bro.h
+++ b/src/binpac_bro.h
@@ -7,7 +7,7 @@ class PortVal;
 
 #include "util.h"
 #include "Analyzer.h"
-#include "file_analysis/Action.h"
+#include "file_analysis/Analyzer.h"
 #include "Val.h"
 #include "event.bif.func_h"
 
@@ -16,7 +16,7 @@ class PortVal;
 namespace binpac {
 
 typedef Analyzer* BroAnalyzer;
-typedef file_analysis::Action BroFileAnalyzer;
+typedef file_analysis::Analyzer BroFileAnalyzer;
 typedef Val* BroVal;
 typedef PortVal* BroPortVal;
 typedef StringVal* BroStringVal;
diff --git a/src/file_analysis/AnalyzerSet.cc b/src/file_analysis/AnalyzerSet.cc
index bdf23c2446..5959279f61 100644
--- a/src/file_analysis/AnalyzerSet.cc
+++ b/src/file_analysis/AnalyzerSet.cc
@@ -4,6 +4,7 @@
 #include "Extract.h"
 #include "DataEvent.h"
 #include "Hash.h"
+#include "analyzers/PE.h"
 
 using namespace file_analysis;
 
@@ -14,6 +15,7 @@ static AnalyzerInstantiator analyzer_factory[] = {
 	file_analysis::SHA1::Instantiate,
 	file_analysis::SHA256::Instantiate,
 	file_analysis::DataEvent::Instantiate,
+	file_analysis::PE::Instantiate,
 };
 
 static void analyzer_del_func(void* v)
diff --git a/src/file_analysis/analyzers/PE.cc b/src/file_analysis/analyzers/PE.cc
index c15b6ba739..662ea1f3e4 100644
--- a/src/file_analysis/analyzers/PE.cc
+++ b/src/file_analysis/analyzers/PE.cc
@@ -7,38 +7,29 @@
 
 using namespace file_analysis;
 
-PE_Analyzer::PE_Analyzer(RecordVal* args, File* file)
-    : Action(args, file)
+PE::PE(RecordVal* args, File* file)
+    : file_analysis::Analyzer(args, file)
 	{
 	conn = new binpac::PE::MockConnection(this);
 	interp = new binpac::PE::File(conn);
 	done=false;
 	}
 
-PE_Analyzer::~PE_Analyzer()
+PE::~PE()
 	{
 	delete interp;
 	}
 
-Action* PE_Analyzer::Instantiate(RecordVal* args, File* file)
+bool PE::DeliverStream(const u_char* data, uint64 len)
 	{
-	return new PE_Analyzer(args, file);
-	}
-
-bool PE_Analyzer::DeliverStream(const u_char* data, uint64 len)
-	{
-	printf("deliver stream\n");
-	if (done)
-	{
-		printf("analyzer done\n");
-		return false;
-	}
-
-	Action::DeliverStream(data, len);
 	try
 		{
 		interp->NewData(data, data + len);
 		}
+	catch ( const binpac::HaltParser &e )
+		{
+		return false;
+		}
 	catch ( const binpac::Exception& e )
 		{
 		printf("Binpac exception: %s\n", e.c_msg());
@@ -48,9 +39,9 @@ bool PE_Analyzer::DeliverStream(const u_char* data, uint64 len)
 	return true;
 	}
 
-bool PE_Analyzer::EndOfFile()
+bool PE::EndOfFile()
 	{
 	printf("end of file!\n");
-	done=true;
+	//throw binpac::HaltParser();
 	return false;
 	}
diff --git a/src/file_analysis/analyzers/PE.h b/src/file_analysis/analyzers/PE.h
index 6f25e19723..1fd67c22db 100644
--- a/src/file_analysis/analyzers/PE.h
+++ b/src/file_analysis/analyzers/PE.h
@@ -12,18 +12,19 @@ namespace file_analysis {
 /**
  * An action to simply extract files to disk.
  */
-class PE_Analyzer : Action {
+class PE : public file_analysis::Analyzer {
 public:
-	static Action* Instantiate(RecordVal* args, File* file);
+	~PE();
 
-	~PE_Analyzer();
+	static file_analysis::Analyzer* Instantiate(RecordVal* args, File* file)
+		{ return new PE(args, file); }
 
 	virtual bool DeliverStream(const u_char* data, uint64 len);
 
 	virtual bool EndOfFile();
 
 protected:
-	PE_Analyzer(RecordVal* args, File* file);
+	PE(RecordVal* args, File* file);
 	binpac::PE::File* interp;
 	binpac::PE::MockConnection* conn;
 	bool done;
diff --git a/src/file_analysis/analyzers/pe-analyzer.pac b/src/file_analysis/analyzers/pe-analyzer.pac
index 18efc1d54a..fdba29a5bb 100644
--- a/src/file_analysis/analyzers/pe-analyzer.pac
+++ b/src/file_analysis/analyzers/pe-analyzer.pac
@@ -9,10 +9,7 @@ refine flow File += {
 
 	function proc_the_file(): bool
 		%{
-		printf("ending the flow!\n");
-		connection()->bro_analyzer()->EndOfFile();
-		connection()->FlowEOF(true);
-		connection()->FlowEOF(false);
+		throw binpac::HaltParser();
 		return true;
 		%}
 
diff --git a/src/file_analysis/analyzers/pe-file.pac b/src/file_analysis/analyzers/pe-file.pac
index bedfb35204..84b26381b4 100644
--- a/src/file_analysis/analyzers/pe-file.pac
+++ b/src/file_analysis/analyzers/pe-file.pac
@@ -6,7 +6,6 @@ type TheFile = record {
 	sections_table : IMAGE_SECTION_HEADER[] &length=pe_header.file_header.NumberOfSections*40 &transient;
 	#pad            : bytestring &length=offsetof(pe_header.data_directories + pe_header.data_directories[1].virtual_address);
 	#data_sections  : DATA_SECTIONS[pe_header.file_header.NumberOfSections];
-	#pad            : bytestring &restofdata;
 } &let {
 	dos_code_len: uint32 = dos_header.AddressOfNewExeHeader - 64;
 } &byteorder=littleendian;
@@ -75,9 +74,9 @@ type IMAGE_OPTIONAL_HEADER(len: uint16) = record {
 	subsystem               : uint16;
 	dll_characteristics     : uint16;
 	mem: case magic of {
-		0x0b01  -> i32 : MEM_INFO32;
-		0x0b02  -> i64 : MEM_INFO64;
-		default -> InvalidPEFile : bytestring &length=0;
+		0x0b01  -> i32           : MEM_INFO32;
+		0x0b02  -> i64           : MEM_INFO64;
+		default -> InvalidPEFile : empty;
 	};
 	loader_flags            : uint32;
 	number_of_rva_and_sizes : uint32;
diff --git a/src/types.bif b/src/types.bif
index fa9539dcbc..ca84794865 100644
--- a/src/types.bif
+++ b/src/types.bif
@@ -163,6 +163,7 @@ type ModbusHeaders: record;
 type ModbusCoils: vector;
 type ModbusRegisters: vector;
 
+type PEHeader: record;
 type PESectionHeader: record;
 
 module Log;
@@ -250,6 +251,9 @@ enum Analyzer %{
 
 	## Deliver the file contents to the script-layer in an event.
 	ANALYZER_DATA_EVENT,
+
+	## Pass the file to the PE analyzer.
+	ANALYZER_PE,
 %}
 
 module GLOBAL;