The Optional Header display shows the contents of the PE file Optional Header.
This is the magic number stored in the PE file to identify the file type.
Valid values are:
•0x010B 32 bit
•0x020B 64 bit
This is the version of the linker used to build the image.
The description field indicates which version of Visual Studio may have been used to build this file.
If Visual Studio 2012 is set to build using Visual Studio 2010 libraries this field will indicate Visual Studio 2010.
If a different compiler/linker is used (Embarcadero, Delphi, MingW) the description field will be incorrect.
Size of code
Size of the executable code in the PE file.
Size of initialised data
Size of the initialised data in the PE file.
Size of uninitialised data
Size of the uninitialised data in the PE file.
Entry point RVA
The relative virtual address of the entry point to the executable. This is an offset from the start of the PE file.
This is DllMain for a DLL, or the start of the program for an EXE.
Base of code
This is the relative virtual address of the start of the code in the PE file.
Base of data
This is the relative virtual address of the start of the data in the PE file.
Sections are aligned at boundaries that are a multiple of this value after the PE file is mapped into memory.
Sections are aligned at boundaries that are a multiple of this value before the PE file is mapped into memory.
The minimum version of the Windows operating system that this software can execute.
A user definable version number.
The windows subsystem version number.
The Win32 version number
Size of image
The size of the parts of the PE file that the DLL loader needs to be concerned with.
Size of headers
The size of the PE header and the section (object) table.
The Windows subsystem.
Valid values are:
•Windows Character UI
•OS2 Character UI
•Posix Character UI
•Windows 95/98 Driver
•Windows CE GUI
•EFI Boot Service Driver
•EFI Runtime Driver
•Windows Boot Application
These are characteristics that affect how the PE file is treated. This is a bitmask. Many values can apply at the same time.
Valid characteristics are:
•Call when DLL is first loaded into a process's address space
•Call when a thread terminates
•Call when a thread starts up
•Call when DLL exits
•Fixed load address
•Force code integrity check
•Data execution prevention compatible
•Do not bind
•Terminal server aware
This is the amount of memory reserved for the first thread's stack.
This is the amount of memory committed for the first thread's stack.
This is the amount of memory reserved for the process heap.
This is the amount of memory committed for the process heap.
The Loader flags value is obsolete. This value is normally set to 0.
Known values appear to be related to debugging support.
1. Invoke a breakpoint instruction before starting the process
2. Invoke a debugger on the process after it's been loaded