PE Header是PE相關結構NT映像頭IMAGE_NT_HEADER的簡稱PE頭文件開始是一個字符串PE00(50 45 00 00) 由MS_DOS頭部的e_1fanew字段指向IMAGE_NT_HEADERS STRUCT{+00H		DWORD				Signature+04H		IMAGE_FILE_HEADER		FileHeader+18H		IMAGE_OPTIONAL_HEADER32 	OptionalHeader}IMAGE_NT_HEADERS ENDSSignature字段：一個有效的PE文件Signature字段被設置為00004550H,ASCII=PE00,標志	著PE文件頭的開始IMAGE_FILE_HEADER STRUCT結構主要字段如下typedef struct_IMAGE_FILE_HEADER{+04H		WORD    Machine;           //運行平臺+06H		WORD    NumberOfSections; //文件的區塊數目+08H		DWORD   TimeDateStamp;    //文件創建日期和事件+0CH		DWORD   PointerToSymbolTable; //只想符號表（主要用于調試）+10H		DWORD   NumberOfSymbols;      //符號表中的符號個數（同上）+14H		WORD    SizeOfOptionalHeader;  //IMAGE_OPTIONAL_HEADER32結構大小+16H		WORD    Characteristics;      //文件屬性}IMAGE_FILE_HEADER,*PIMAGE_FILE_HEADER;IMAGE_OPTIONAL_HEADER32結構主要字段如下typedef struct_IMAGE_OPTIONAL_HEADER{+28H	DWORD   AddressOfEntryPoint;     // 程序執行入口RVA+34H	DWORD   ImageBase;               // 程序的首選裝載地址+38H	DWORD   SectionAlignment;        // 內存中的區塊的對齊大小+3CH	DWORD   FileAlignment;           // 文件中的區塊的對齊大小+5CH	WORD    Subsystem;               // 可執行文件期望的子系統+78H	IMAGE_DATA_DIRECTORY                                               		                               DataDirectory[IMAGE_NUMBEROF_DIRECTORY_ENTRIES]}IMAGE_OPTIONAL_HEADER32,*PIMAGE_OPTION_HEADER32IMAGE_DATA_DIRECTORY STRUCT{VirtualAddress DWORD ?	;相對虛擬地址isize	  DWORD ?	;大小
}IMAGE_DATA_DIRECTORY ENDS