diff --git a/scripts/base/files/pe/main.bro b/scripts/base/files/pe/main.bro
index f9ebc57297..091c322990 100644
--- a/scripts/base/files/pe/main.bro
+++ b/scripts/base/files/pe/main.bro
@@ -39,11 +39,15 @@ hook set_file(f: fa_file) &priority=5
 
 event pe_dos_header(f: fa_file, h: PE::DOSHeader) &priority=5
 	{
+	print "DOS header";
+	print h;
 	hook set_file(f);
 	}
 
 event pe_file_header(f: fa_file, h: PE::FileHeader) &priority=5
 	{
+	print "File header";
+	print h;
 	hook set_file(f);
 	f$pe$compile_ts = h$ts;
 	f$pe$machine    = machine_types[h$machine];
@@ -53,6 +57,8 @@ event pe_file_header(f: fa_file, h: PE::FileHeader) &priority=5
 
 event pe_optional_header(f: fa_file, h: PE::OptionalHeader) &priority=5
 	{
+	print "Optional header";
+	print h;
 	hook set_file(f);
 	f$pe$os = os_versions[h$os_version_major, h$os_version_minor];
 	f$pe$subsystem = windows_subsystems[h$subsystem];
@@ -60,6 +66,8 @@ event pe_optional_header(f: fa_file, h: PE::OptionalHeader) &priority=5
 
 event pe_section_header(f: fa_file, h: PE::SectionHeader) &priority=5
 	{
+	print "Section header";
+	print h;
 	hook set_file(f);
 
 	print h;
@@ -78,9 +86,6 @@ event file_new(f: fa_file)
 	{
 	if ( f?$mime_type && f$mime_type == /application\/x-dosexec.*/ ) 
 		{
-		#print "found a windows executable";
 		Files::add_analyzer(f, Files::ANALYZER_PE);
-		#FileAnalysis::add_analyzer(f, [$tag=FileAnalysis::ANALYZER_EXTRACT, 
-		#                               $extract_filename=fmt("exe-%d", ++blah_counter)]);
 		}
 	}
diff --git a/src/file_analysis/analyzer/pe/pe-analyzer.pac b/src/file_analysis/analyzer/pe/pe-analyzer.pac
index 619bffad53..2b49cd2c23 100644
--- a/src/file_analysis/analyzer/pe/pe-analyzer.pac
+++ b/src/file_analysis/analyzer/pe/pe-analyzer.pac
@@ -9,6 +9,7 @@ refine flow File += {
 
 	function proc_the_file(): bool
 		%{
+		printf("Processed\n");
 		return true;
 		%}
 
@@ -203,4 +204,5 @@ refine typeattr IMAGE_SECTION_HEADER += &let {
 
 refine typeattr TheFile += &let {
 	proc: bool = $context.flow.proc_the_file();
-};
\ No newline at end of file
+};
+
diff --git a/src/file_analysis/analyzer/pe/pe-file.pac b/src/file_analysis/analyzer/pe/pe-file.pac
index 03a25ce150..58278a7ffd 100644
--- a/src/file_analysis/analyzer/pe/pe-file.pac
+++ b/src/file_analysis/analyzer/pe/pe-file.pac
@@ -3,7 +3,7 @@ type TheFile = record {
 	dos_header      : DOS_Header;
 	dos_code        : DOS_Code(dos_code_len);
 	pe_header       : IMAGE_NT_HEADERS;
-	section_headers : IMAGE_SECTION_HEADER[] &length=pe_header.optional_header.size_of_headers;
+	section_headers : IMAGE_SECTIONS(pe_header.file_header.NumberOfSections);
 	#pad             : bytestring &length=offsetof(pe_header.data_directories + pe_header.data_directories[1].virtual_address);
 	#data_sections   : DATA_SECTIONS[pe_header.file_header.NumberOfSections];
 	#data_sections   : DATA_SECTIONS[] &length=data_len;
@@ -41,7 +41,7 @@ type DOS_Code(len: uint32) = record {
 type IMAGE_NT_HEADERS = record {
 	PESignature     : uint32;
 	file_header     : IMAGE_FILE_HEADER;
-	optional_header : IMAGE_OPTIONAL_HEADER(file_header.SizeOfOptionalHeader) &length=file_header.SizeOfOptionalHeader;
+	optional_header : IMAGE_OPTIONAL_HEADER(file_header.SizeOfOptionalHeader, file_header.NumberOfSections) &length=file_header.SizeOfOptionalHeader;
 } &byteorder=littleendian &length=file_header.SizeOfOptionalHeader+offsetof(optional_header);
 
 type IMAGE_FILE_HEADER = record {
@@ -54,7 +54,7 @@ type IMAGE_FILE_HEADER = record {
 	Characteristics       : uint16;
 };
 
-type IMAGE_OPTIONAL_HEADER(len: uint16) = record {
+type IMAGE_OPTIONAL_HEADER(len: uint16, number_of_sections: uint16) = record {
 	magic                   : uint16;
 	major_linker_version    : uint8;
 	minor_linker_version    : uint8;
@@ -80,12 +80,13 @@ type IMAGE_OPTIONAL_HEADER(len: uint16) = record {
 	subsystem               : uint16;
 	dll_characteristics     : uint16;
 	mem: case magic of {
-		0x0b01  -> i32           : MEM_INFO32;
-		0x0b02  -> i64           : MEM_INFO64;
+		267  -> i32           : MEM_INFO32;
+		268  -> i64           : MEM_INFO64;
 		default -> InvalidPEFile : empty;
 	};
 	loader_flags            : uint32;
 	number_of_rva_and_sizes : uint32;
+	rvas					: IMAGE_RVAS(number_of_rva_and_sizes);
 } &byteorder=littleendian &length=len;
 
 type MEM_INFO32 = record {
@@ -102,6 +103,10 @@ type MEM_INFO64 = record {
 	size_of_heap_commit   : uint64;
 } &byteorder=littleendian &length=32;
 
+type IMAGE_SECTIONS(num: uint16) = record {
+	sections : IMAGE_SECTION_HEADER[num];
+} &length=num*40;
+
 type IMAGE_SECTION_HEADER = record {
 	name                      : bytestring &length=8;
 	virtual_size              : uint32;
@@ -129,6 +134,15 @@ type IMAGE_IMPORT_DIRECTORY = record {
 	rva_import_addr_table   : uint32;
 };
 
+type IMAGE_RVAS(num: uint32) = record {
+	rvas : IMAGE_RVA[num];
+} &length=num*8;
+
+type IMAGE_RVA = record {
+	virtual_address : uint32;
+	size			: uint32;
+} &length=8;
+
 type DATA_SECTIONS = record {
 	blah: uint8;
 };
\ No newline at end of file