From 4753e4a3c2b4486367ab19e6544e7e70147c79c4 Mon Sep 17 00:00:00 2001
From: Vlad Grigorescu <grigorescu@gmail.com>
Date: Thu, 16 Apr 2015 19:44:39 -0500
Subject: [PATCH] Make base_of_data optional.

---
 scripts/base/init-bare.bro                    | 2 +-
 src/file_analysis/analyzer/pe/pe-analyzer.pac | 5 ++++-
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/scripts/base/init-bare.bro b/scripts/base/init-bare.bro
index d30874a1b2..866b9d5ff9 100644
--- a/scripts/base/init-bare.bro
+++ b/scripts/base/init-bare.bro
@@ -2586,7 +2586,7 @@ type PE::OptionalHeader: record {
 	size_of_uninit_data     : count;
 	addr_of_entry_point     : count;
 	base_of_code            : count;
-	base_of_data            : count;
+	base_of_data            : count &optional;
 	image_base              : count;
 	section_alignment       : count;
 	file_alignment          : count;
diff --git a/src/file_analysis/analyzer/pe/pe-analyzer.pac b/src/file_analysis/analyzer/pe/pe-analyzer.pac
index 1d7d0dbbff..e227f9af0d 100644
--- a/src/file_analysis/analyzer/pe/pe-analyzer.pac
+++ b/src/file_analysis/analyzer/pe/pe-analyzer.pac
@@ -114,7 +114,10 @@ refine flow File += {
 			oh->Assign(5,  new Val(${h.size_of_uninit_data}, TYPE_COUNT));
 			oh->Assign(6,  new Val(${h.addr_of_entry_point}, TYPE_COUNT));
 			oh->Assign(7, new Val(${h.base_of_code}, TYPE_COUNT));
-			oh->Assign(8, new Val(${h.base_of_data}, TYPE_COUNT));
+
+			if ( ${h.pe_format} != PE32_PLUS )
+				oh->Assign(8, new Val(${h.base_of_data}, TYPE_COUNT));
+
 			oh->Assign(9, new Val(${h.image_base}, TYPE_COUNT));
 			oh->Assign(10, new Val(${h.section_alignment}, TYPE_COUNT));
 			oh->Assign(11, new Val(${h.file_alignment}, TYPE_COUNT));