PE头
typedef struct _IMAGE_NT_HEADERS { DWORD Signature; PE头标识 为固定的ascii码 PE00 IMAGE_FILE_HEADER FileHeader; 标准PE头 IMAGE_OPTIONAL_HEADER OptionalHeader; 扩展PE头 } IMAGE_NT_HEADERS, *PIMAGE_NT_HEADERS;
标准PE头结构
typedef struct _IMAGE_FILE_HEADER { WORD Machine; PE文件运行的平台类型 WORD NumberOfSections; 文件中"节"的数量 DWORD TimeDateStamp; DWORD PointerToSymbolTable; DWORD NumberOfSymbols; WORD SizeOfOptionalHeader; 扩展PE头的长度 WORD Characteristics; 文件属性 如:DLL文件, EXE文件等 } IMAGE_FILE_HEADER, *PIMAGE_FILE_HEADER;
Characteristics属性位的含义
扩展PE头结构
typedef struct _IMAGE_OPTIONAL_HEADER { WORD Magic; 魔术字,说明文件的类型 10bH表示32位的PE文件 20bH表示64位的PE文件 107H表示ROM映像 BYTE MajorLinkerVersion; BYTE MinorLinkerVersion; DWORD SizeOfCode; DWORD SizeOfInitializedData; DWORD SizeOfUninitializedData; DWORD AddressOfEntryPoint; DWORD BaseOfCode; DWORD BaseOfData; DWORD ImageBase; DWORD SectionAlignment; DWORD FileAlignment; WORD MajorOperatingSystemVersion; WORD MinorOperatingSystemVersion; WORD MajorImageVersion; WORD MinorImageVersion; WORD MajorSubsystemVersion; WORD MinorSubsystemVersion; DWORD Win32VersionValue; DWORD SizeOfImage; DWORD SizeOfHeaders; DWORD CheckSum; WORD Subsystem; WORD DllCharacteristics; DWORD SizeOfStackReserve; DWORD SizeOfStackCommit; DWORD SizeOfHeapReserve; DWORD SizeOfHeapCommit; DWORD LoaderFlags; DWORD NumberOfRvaAndSizes; IMAGE_DATA_DIRECTORY DataDirectory[IMAGE_NUMBEROF_DIRECTORY_ENTRIES]; } IMAGE_OPTIONAL_HEADER, *PIMAGE_OPTIONAL_HEADER;