Make the dos code available in script land.

src/file_analysis/analyzers/pe-analyzer.pac

@@ -59,6 +59,17 @@ refine flow File += {
 		return true;
 		%}
 
+	function proc_dos_code(code: bytestring): bool
+		%{
+		if ( pe_dos_code )
+			{
+			BifEvent::generate_pe_dos_code((Analyzer *) connection()->bro_analyzer(), 
+			                               connection()->bro_analyzer()->GetFile()->GetVal()->Ref(),
+			                               new StringVal(code.length(), (const char*) code.data()));
+			}
+		return true;
+		%}
+
 	function proc_nt_headers(h: IMAGE_NT_HEADERS): bool
 		%{
 		if ( ${h.PESignature} != 17744 ) // Number is uint32 version of "PE\0\0"
@@ -171,6 +182,10 @@ refine typeattr DOS_Header += &let {
 	proc : bool = $context.flow.proc_dos_header(this);
 };
 
+refine typeattr DOS_Code += &let {
+	proc : bool = $context.flow.proc_dos_code(code);
+};
+
 refine typeattr IMAGE_NT_HEADERS += &let {
 	proc : bool = $context.flow.proc_nt_headers(this);
 };

src/file_analysis/analyzers/pe-file.pac

@@ -1,7 +1,7 @@
 
 type TheFile = record {
 	dos_header     : DOS_Header;
-	dos_code       : bytestring &length=dos_code_len;
+	dos_code       : DOS_Code(dos_code_len);
 	pe_header      : IMAGE_NT_HEADERS;
 	sections_table : IMAGE_SECTION_HEADER[] &length=pe_header.file_header.NumberOfSections*40 &transient;
 	#pad            : bytestring &length=offsetof(pe_header.data_directories + pe_header.data_directories[1].virtual_address);
@@ -34,6 +34,10 @@ type DOS_Header = record {
 	AddressOfNewExeHeader    : uint32;
 } &byteorder=littleendian &length=64;
 
+type DOS_Code(len: uint32) = record {
+	code : bytestring &length=len;
+};
+
 type IMAGE_NT_HEADERS = record {
 	PESignature     : uint32;
 	file_header     : IMAGE_FILE_HEADER;