Access to IMAGE_OPTIONAL_HEADER

How to Access the `IMAGE_OPTIONAL_HEADER` structure

after initialize the PE class you can get access the IMAGE_OPTIONAL_HEADER structure by calling GetImageOptionalHeader() method. by calling this function, you get the object of ImageOptionalHeader class, so you can retrieve IMAGE_OPTIONAL_HEADER fields, changed or modify them.

Note: Every field in ImageOptionalHeader class has two overload method. first overload is getter function to just retrieve the specific field and second overload is a Setter for change and modify the specific field.

#include <iostream>
#include <POEX.h> // include POEX header

int main()
{
    auto pe = POEX::PE(L"1.exe");

    // Access to Image Nt Header
    auto nt = pe.GetImageNtHeader();

    /// Access to Image Optional Header
    auto oh = nt.OptionalHeader();
    
    // Access to 'Subsystem' and print it in console as string;
    std::cout << "Subsystem Type: " << oh.ToString(oh.Subsystem()) << std::endl;

    /// Change the value of `Subsystem' field 
    oh.Subsystem(SubsystemType::WindowsGui);

    // print again the `Subsystem' field for seeing change
    std::cout << "Subsystem Type: " << oh.ToString(oh.Subsystem()) << std::endl;

    return 0;
}

To access the Optional Header you need to first access the NT Header after that get access the Optional Header. For simplicity of working with Magic Type, Subsystem type and Dll Characteristics fields, you can use the FileType, SubsystemType and DllCharacteristicsType enums.

List of all available method in `ImageOptionalHeader` class

auto ToString(SubsystemType subsystem)->std::string;
auto ToString(FileType filetype)->std::string;
auto ToString(DllCharacteristicsType dllCharacteristicsType)->std::string;

auto DataDirectory()->std::vector<std::unique_ptr<ImageDataDirectory>>;

auto Magic() const->FileType;
auto Magic(const FileType& fileType)->void;

auto MajorLinkerVersion() const->byte;
auto MajorLinkerVersion(const byte& mlVersion);

auto MinorLinkerVersion() const->byte;
auto MinorLinkerVersion(const byte& mlVersion);

auto SizeOfCode() const->unsigned int;
auto SizeOfCode(const unsigned int& sizeOfCode)-> void;

auto SizeOfInitializedData() const->unsigned int;
auto SizeOfInitializedData(const unsigned int& sizeOfInitializedData)->void;

auto SizeOfUninitializedData() const->unsigned int;
auto SizeOfUninitializedData(const unsigned int& sizeOfUninitializedData)->void;

auto AddressOfEntryPoint() const->unsigned int;
auto AddressOfEntryPoint(const unsigned int& addressOfEntryPoint)->void;

auto BaseOfCode() const->unsigned int;
auto BaseOfCode(const unsigned int& baseOfCode)->void;

auto BaseOfData() const->unsigned int;
auto BaseOfData(const unsigned int& baseOfData)->void;

auto ImageBase() const ->unsigned long;
auto ImageBase(const unsigned long& imageBase)->void;

auto SectionAlignment() const->unsigned int;
auto SectionAlignment(const unsigned int& sectionAlignment)->void;

auto FileAlignment() const->unsigned int;
auto FileAlignment(const unsigned int& fileAlignment)->void;

auto MajorOperatingSystemVersion() const->unsigned short;
auto MajorOperatingSystemVersion(const unsigned short& majorOperatingSystemVersion)->void;

auto MinorOperatingSystemVersion() const->unsigned short;
auto MinorOperatingSystemVersion(const unsigned short& minorOperatingSystemVersion)->void;

auto MajorImageVersion() const->unsigned short;
auto MajorImageVersion(const unsigned short& majorImageVersion)->void;

auto MinorImageVersion() const->unsigned short;
auto MinorImageVersion(const unsigned short& minorImageVersion)->void;

auto MajorSubsystemVersion() const->unsigned short;
auto MajorSubsystemVersion(const unsigned short& majorSubsystemVersion)->void;

auto MinorSubsystemVersion() const->unsigned short;
auto MinorSubsystemVersion(const unsigned short& minorSubsystemVersion)->void;

auto Win32VersionValue() const->unsigned int;
auto Win32VersionValue(const unsigned int& win32VersionValue = 0)->void;

auto SizeOfImage() const->unsigned int;
auto SizeOfImage(const unsigned int& sizeOfImage)->void;

auto SizeOfHeaders() const->unsigned int;
auto SizeOfHeaders(const unsigned int& sizeOfHeaders)->void;

auto CheckSum() const->unsigned int;
auto CheckSum(const unsigned int& checkSum)->void;

auto Subsystem() const->SubsystemType;
auto Subsystem(const SubsystemType& systemType)->void;

auto DllCharacteristics() const->DllCharacteristicsType;
auto DllCharacteristics(const DllCharacteristicsType& dllCharacteristicsType)->void;

auto SizeOfStackReserve() const->unsigned long;
auto SizeOfStackReserve(const unsigned long& sizeOfStackReserve)->void;

auto SizeOfStackCommit() const->unsigned long;
auto SizeOfStackCommit(const unsigned long& sizeOfStackCommit)->void;

auto SizeOfHeapReserve() const->unsigned long;
auto SizeOfHeapReserve(const unsigned long& sizeOfHeapReserve)->void;

auto SizeOfHeapCommit() const->unsigned long;
auto SizeOfHeapCommit(const unsigned long& sizeOfHeapCommit)->void;

auto LoaderFlags() const->unsigned int;
auto LoaderFlags(const unsigned int& loaderFlags)->void;

auto NumberOfRvaAndSizes() const->unsigned int;
auto NumberOfRvaAndSizes(const unsigned int& numberOfRvaAndSizes)->void;

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Access to IMAGE_OPTIONAL_HEADER

How to Access the `IMAGE_OPTIONAL_HEADER` structure

List of all available method in `ImageOptionalHeader` class

Clone this wiki locally

Access to IMAGE_OPTIONAL_HEADER

How to Access the IMAGE_OPTIONAL_HEADER structure

List of all available method in ImageOptionalHeader class

Clone this wiki locally

How to Access the `IMAGE_OPTIONAL_HEADER` structure

List of all available method in `ImageOptionalHeader` class