PE Header是PE相关结构NT映像头IMAGE_NT_HEADER的简称PE头文件开始是一个字符串PE00(50 45 00 00) 由MS_DOS头部的e_1fanew字段指向IMAGE_NT_HEADERS STRUCT{+00H		DWORD				Signature+04H		IMAGE_FILE_HEADER		FileHeader+18H		IMAGE_OPTIONAL_HEADER32 	OptionalHeader}IMAGE_NT_HEADERS ENDSSignature字段：一个有效的PE文件Signature字段被设置为00004550H,ASCII=PE00,标志	着PE文件头的开始IMAGE_FILE_HEADER STRUCT结构主要字段如下typedef struct_IMAGE_FILE_HEADER{+04H		WORD    Machine;           //运行平台+06H		WORD    NumberOfSections; //文件的区块数目+08H		DWORD   TimeDateStamp;    //文件创建日期和事件+0CH		DWORD   PointerToSymbolTable; //只想符号表（主要用于调试）+10H		DWORD   NumberOfSymbols;      //符号表中的符号个数（同上）+14H		WORD    SizeOfOptionalHeader;  //IMAGE_OPTIONAL_HEADER32结构大小+16H		WORD    Characteristics;      //文件属性}IMAGE_FILE_HEADER,*PIMAGE_FILE_HEADER;IMAGE_OPTIONAL_HEADER32结构主要字段如下typedef struct_IMAGE_OPTIONAL_HEADER{+28H	DWORD   AddressOfEntryPoint;     // 程序执行入口RVA+34H	DWORD   ImageBase;               // 程序的首选装载地址+38H	DWORD   SectionAlignment;        // 内存中的区块的对齐大小+3CH	DWORD   FileAlignment;           // 文件中的区块的对齐大小+5CH	WORD    Subsystem;               // 可执行文件期望的子系统+78H	IMAGE_DATA_DIRECTORY                                               		                               DataDirectory[IMAGE_NUMBEROF_DIRECTORY_ENTRIES]}IMAGE_OPTIONAL_HEADER32,*PIMAGE_OPTION_HEADER32IMAGE_DATA_DIRECTORY STRUCT{VirtualAddress DWORD ?	;相对虚拟地址isize	  DWORD ?	;大小
}IMAGE_DATA_DIRECTORY ENDS