stylebad.blogg.se - Pestudio 8.

Let’s now take a look at the optional header, which contains the following elements: This is useful, because we don’t actually have to know the exact address of that member in memory, but only the offset within the current executable/library.

IMAGE_FILE_UP_SYSTEM_ONLY: set if the file is not designed to run on multiprocessor systemsĪll of the above members and also all the other members of the PE header can be found by using the RVA, which is a relative virtual address.

IMAGE_FILE_DLL: set if the file is a DLL, otherwise it’s an EXE.

IMAGE_FILE_SYSTEM: set if the file is a system file such as a driver.

IMAGE_FILE_NET_RUN_FROM_SWAP: set if application may not run from the network (in this case, the OS is advised to copy the file to the swapfile and execute it from there).

IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP: set if application may not run from a removable medium such as floppy of a CD Rom (in this case, the OS is advised to copy the file to the swapfile and execute it from there).IMAGE_FILE_DEBUG_STRIPPED: set if there is no debugging information.IMAGE_FILE_32BIT_MACHINE: set if the machine is expected to be a 32 bit machine.IMAGE_FILE_BYTES_REVERSED_LO and IMAGE_FILE_BYTES_REVERSED_HI: set if the endianess of the file is not what the machine would expect and must swap bytes before reading.IMAGE_FILE_AGGRESIVE_WS_TRIM: set of the OS is supposed to trim the working set of the running process (the amount of memory the process uses) aggressively by paging it out.IMAGE_FILE_LOCAL_SYMS_STRIPPED: set if there is no information about local symbols in the file – not used for executable files.IMAGE_FILE_LINE_NUMS_STRIPPED: set if the line number information is stripped – not used for executable files.IMAGE_FILE_EXECUTABLE_IMAGE: set if file is an executable (it is not an object of a library).

IMAGE_FILE_RELOCS_STRIPPED: set if there is no relocation information in the file (in sections themselves).