The Optional Header display shows the contents of the PE file Optional Header.
Magic Number
This is the magic number stored in the PE file to identify the file type.
Valid values are:
•0x0107 ROM
•0x010B 32 bit
•0x020B 64 bit
Linker Version
This is the version of the linker used to build the image.
The description field indicates which version of Visual Studio may have been used to build this file.
If Visual Studio 2012 is set to build using Visual Studio 2010 libraries this field will indicate Visual Studio 2010.
If a different compiler/linker is used (Embarcadero, Delphi, MingW) the description field will be incorrect.
Size of code
Size of the executable code in the PE file.
Size of initialised data
Size of the initialised data in the PE file.
Size of uninitialised data
Size of the uninitialised data in the PE file.
Entry point RVA
The relative virtual address of the entry point to the executable. This is an offset from the start of the PE file.
This is DllMain for a DLL, or the start of the program for an EXE.
Base of code
This is the relative virtual address of the start of the code in the PE file.
Base of data
This is the relative virtual address of the start of the data in the PE file.
Section alignment
Sections are aligned at boundaries that are a multiple of this value after the PE file is mapped into memory.
File alignment
Sections are aligned at boundaries that are a multiple of this value before the PE file is mapped into memory.
O.S. version
The minimum version of the Windows operating system that this software can execute.
Image version
A user definable version number.
Subsystem version
The windows subsystem version number.
Win32 version
The Win32 version number
Size of image
The size of the parts of the PE file that the DLL loader needs to be concerned with.
Size of headers
The size of the PE header and the section (object) table.
Subsystem
The Windows subsystem.
Valid values are:
•Unknown
•Native
•Windows GUI
•Windows Character UI
•OS2 Character UI
•Posix Character UI
•Windows 95/98 Driver
•Windows CE GUI
•EFI Application
•EFI Boot Service Driver
•EFI Runtime Driver
•EFI ROM
•XBox
•Windows Boot Application
Characteristics
These are characteristics that affect how the PE file is treated. This is a bitmask. Many values can apply at the same time.
Valid characteristics are:
•Call when DLL is first loaded into a process's address space
•Call when a thread terminates
•Call when a thread starts up
•Call when DLL exits
•Unknown(0x0010)
•Unknown(0x0020)
•Relocatable
•Fixed load address
•Force code integrity check
•Data execution prevention compatible
•No isolation
•No SEH
•Do not bind
•WDM driver
•Reserved(0x4000)
•Terminal server aware
Stack reserve
This is the amount of memory reserved for the first thread's stack.
Stack commit
This is the amount of memory committed for the first thread's stack.
Heap reserve
This is the amount of memory reserved for the process heap.
Heap commit
This is the amount of memory committed for the process heap.
Loader flags
The Loader flags value is obsolete. This value is normally set to 0.
Known values appear to be related to debugging support.
1. Invoke a breakpoint instruction before starting the process
2. Invoke a debugger on the process after it's been loaded
