Updated PE analyzer to work with changes in master.

scripts/base/files/pe/main.bro

@@ -79,7 +79,7 @@ event file_new(f: fa_file)
 	if ( f?$mime_type && f$mime_type == /application\/x-dosexec.*/ ) 
 		{
 		#print "found a windows executable";
-		FileAnalysis::add_analyzer(f, [$tag=FileAnalysis::ANALYZER_PE]);
+		Files::add_analyzer(f, Files::ANALYZER_PE);
 		#FileAnalysis::add_analyzer(f, [$tag=FileAnalysis::ANALYZER_EXTRACT, 
 		#                               $extract_filename=fmt("exe-%d", ++blah_counter)]);
 		}

src/file_analysis/analyzer/pe/PE.cc

@@ -1,14 +1,10 @@
-#include <string>
-
 #include "PE.h"
-#include "pe_pac.h"
-#include "util.h"
-#include "Event.h"
+#include "file_analysis/Manager.h"
 
 using namespace file_analysis;
 
 PE::PE(RecordVal* args, File* file)
-    : file_analysis::Analyzer(args, file)
+    : file_analysis::Analyzer(file_mgr->GetComponentTag("PE"), args, file)
 	{
 	conn = new binpac::PE::MockConnection(this);
 	interp = new binpac::PE::File(conn);
@@ -26,10 +22,6 @@ bool PE::DeliverStream(const u_char* data, uint64 len)
 		{
 		interp->NewData(data, data + len);
 		}
-	catch ( const binpac::HaltParser &e )
-		{
-		return false;
-		}
 	catch ( const binpac::Exception& e )
 		{
 		printf("Binpac exception: %s\n", e.c_msg());

src/file_analysis/analyzer/pe/pe-analyzer.pac

@@ -2,7 +2,6 @@
 %extern{
 #include "Event.h"
 #include "file_analysis/File.h"
-#include "file_analysis.bif.func_h"
 #include "events.bif.h"
 %}
 
@@ -10,7 +9,6 @@ refine flow File += {
 
 	function proc_the_file(): bool
 		%{
-		throw binpac::HaltParser();
 		return true;
 		%}