diff --git a/scripts/base/files/pe/main.bro b/scripts/base/files/pe/main.bro index 76ba04fc8c..f9ebc57297 100644 --- a/scripts/base/files/pe/main.bro +++ b/scripts/base/files/pe/main.bro @@ -79,7 +79,7 @@ event file_new(f: fa_file) if ( f?$mime_type && f$mime_type == /application\/x-dosexec.*/ ) { #print "found a windows executable"; - FileAnalysis::add_analyzer(f, [$tag=FileAnalysis::ANALYZER_PE]); + Files::add_analyzer(f, Files::ANALYZER_PE); #FileAnalysis::add_analyzer(f, [$tag=FileAnalysis::ANALYZER_EXTRACT, # $extract_filename=fmt("exe-%d", ++blah_counter)]); } diff --git a/src/file_analysis/analyzer/pe/PE.cc b/src/file_analysis/analyzer/pe/PE.cc index 51db8fd232..59fbad91df 100644 --- a/src/file_analysis/analyzer/pe/PE.cc +++ b/src/file_analysis/analyzer/pe/PE.cc @@ -1,14 +1,10 @@ -#include - #include "PE.h" -#include "pe_pac.h" -#include "util.h" -#include "Event.h" +#include "file_analysis/Manager.h" using namespace file_analysis; PE::PE(RecordVal* args, File* file) - : file_analysis::Analyzer(args, file) + : file_analysis::Analyzer(file_mgr->GetComponentTag("PE"), args, file) { conn = new binpac::PE::MockConnection(this); interp = new binpac::PE::File(conn); @@ -26,10 +22,6 @@ bool PE::DeliverStream(const u_char* data, uint64 len) { interp->NewData(data, data + len); } - catch ( const binpac::HaltParser &e ) - { - return false; - } catch ( const binpac::Exception& e ) { printf("Binpac exception: %s\n", e.c_msg()); diff --git a/src/file_analysis/analyzer/pe/pe-analyzer.pac b/src/file_analysis/analyzer/pe/pe-analyzer.pac index 045f71c479..619bffad53 100644 --- a/src/file_analysis/analyzer/pe/pe-analyzer.pac +++ b/src/file_analysis/analyzer/pe/pe-analyzer.pac @@ -2,7 +2,6 @@ %extern{ #include "Event.h" #include "file_analysis/File.h" -#include "file_analysis.bif.func_h" #include "events.bif.h" %} @@ -10,7 +9,6 @@ refine flow File += { function proc_the_file(): bool %{ - throw binpac::HaltParser(); return true; %}