Class: WindowsPEOptionalHeader
"A Windows PE optional header is a grouping of characteristics unique to the 'optionalHeader' of a Windows PE (Portable Executable) file, consisting of a collection of metadata about the executable code structure of the file."
URI: observable:WindowsPEOptionalHeader
classDiagram
class WindowsPEOptionalHeader
UcoInherentCharacterizationThing <|-- WindowsPEOptionalHeader
WindowsPEOptionalHeader : addressOfEntryPoint
WindowsPEOptionalHeader : baseOfCode
WindowsPEOptionalHeader : checksum
WindowsPEOptionalHeader : dllCharacteristics
WindowsPEOptionalHeader : fileAlignment
WindowsPEOptionalHeader : imageBase
WindowsPEOptionalHeader : loaderFlags
WindowsPEOptionalHeader : magic
WindowsPEOptionalHeader : majorImageVersion
WindowsPEOptionalHeader : majorLinkerVersion
WindowsPEOptionalHeader : majorOSVersion
WindowsPEOptionalHeader : majorSubsystemVersion
WindowsPEOptionalHeader : minorImageVersion
WindowsPEOptionalHeader : minorLinkerVersion
WindowsPEOptionalHeader : minorOSVersion
WindowsPEOptionalHeader : minorSubsystemVersion
WindowsPEOptionalHeader : numberOfRVAAndSizes
WindowsPEOptionalHeader : sectionAlignment
WindowsPEOptionalHeader : sizeOfCode
WindowsPEOptionalHeader : sizeOfHeaders
WindowsPEOptionalHeader : sizeOfHeapCommit
WindowsPEOptionalHeader : sizeOfHeapReserve
WindowsPEOptionalHeader : sizeOfImage
WindowsPEOptionalHeader : sizeOfInitializedData
WindowsPEOptionalHeader : sizeOfStackCommit
WindowsPEOptionalHeader : sizeOfStackReserve
WindowsPEOptionalHeader : sizeOfUninitializedData
WindowsPEOptionalHeader : subsystem
WindowsPEOptionalHeader : win32VersionValue
Inheritance
- UcoThing
- UcoInherentCharacterizationThing
- WindowsPEOptionalHeader
- UcoInherentCharacterizationThing
Slots
| Name | Cardinality and Range | Description | Inheritance |
|---|---|---|---|
| majorLinkerVersion | 0..1 ByteType |
"Specifies the linker major version number | direct |
| minorLinkerVersion | 0..1 ByteType |
"Specifies the linker minor version number | direct |
| addressOfEntryPoint | 0..1 UnsignedIntegerType |
"Specifies the address of the entry point relative to the imageBase when the ... | direct |
| baseOfCode | 0..1 UnsignedIntegerType |
"Specifies the address that is relative to the imageBase of the beginning-of-... | direct |
| checksum | 0..1 UnsignedIntegerType |
"Specifies the checksum of the PE binary | direct |
| fileAlignment | 0..1 UnsignedIntegerType |
"Specifies the factor (in bytes) that is used to align the raw data of sectio... | direct |
| imageBase | 0..1 UnsignedIntegerType |
"Specifies the address that is relative to the imageBase of the beginning-of-... | direct |
| loaderFlags | 0..1 UnsignedIntegerType |
"Specifies the reserved loaderFlags" | direct |
| numberOfRVAAndSizes | 0..1 UnsignedIntegerType |
"Specifies the number of data-directory entries in the remainder of the optio... | direct |
| sectionAlignment | 0..1 UnsignedIntegerType |
"Specifies the alignment (in bytes) of PE sections when they are loaded into ... | direct |
| sizeOfCode | 0..1 UnsignedIntegerType |
"Specifies the size of the code (text) section | direct |
| sizeOfHeaders | 0..1 UnsignedIntegerType |
"Specifies the combined size of the MS-DOS, PE header, and section headers, r... | direct |
| sizeOfHeapCommit | 0..1 UnsignedIntegerType |
"Specifies the size of the local heap space to commit | direct |
| sizeOfHeapReserve | 0..1 UnsignedIntegerType |
"Specifies the size of the local heap space to reserve | direct |
| sizeOfImage | 0..1 UnsignedIntegerType |
"Specifies the size, in bytes, of the image, including all headers, as the im... | direct |
| sizeOfInitializedData | 0..1 UnsignedIntegerType |
"Specifies the size of the initialized data section | direct |
| sizeOfStackCommit | 0..1 UnsignedIntegerType |
"Specifies the size of the stack to commit | direct |
| sizeOfStackReserve | 0..1 UnsignedIntegerType |
"Specifies the size of the stack to reserve | direct |
| sizeOfUninitializedData | 0..1 UnsignedIntegerType |
"Specifies the size of the uninitialized data section | direct |
| win32VersionValue | 0..1 UnsignedIntegerType |
"Specifies the reserved win32VersionValue | direct |
| dllCharacteristics | 0..1 UnsignedShortType |
"Specifies the flags that characterize the PE binary | direct |
| magic | 0..1 UnsignedShortType |
"Specifies the value that indicates the type of the PE binary | direct |
| majorImageVersion | 0..1 UnsignedShortType |
"Specifies the major version number of the image | direct |
| majorOSVersion | 0..1 UnsignedShortType |
"Specifies the major version number of the required operating system | direct |
| majorSubsystemVersion | 0..1 UnsignedShortType |
"Specifies the major version number of the subsystem | direct |
| minorImageVersion | 0..1 UnsignedShortType |
"Specifies the minor version number of the image | direct |
| minorOSVersion | 0..1 UnsignedShortType |
"Specifies the minor version number of the required operating system | direct |
| minorSubsystemVersion | 0..1 UnsignedShortType |
"Specifies the minor version number of the subsystem | direct |
| subsystem | 0..1 UnsignedShortType |
"Specifies the subsystem (e | direct |
Usages
| used by | used in | type | used |
|---|---|---|---|
| WindowsPEBinaryFileFacet | optionalHeader | range | WindowsPEOptionalHeader |
Identifier and Mapping Information
Schema Source
- from schema: https://w3id.org/lmodel/uco-observable
Mappings
| Mapping Type | Mapped Value |
|---|---|
| self | observable:WindowsPEOptionalHeader |
| native | observable:WindowsPEOptionalHeader |
LinkML Source
Direct
name: WindowsPEOptionalHeader
description: '"A Windows PE optional header is a grouping of characteristics unique
to the ''optionalHeader'' of a Windows PE (Portable Executable) file, consisting
of a collection of metadata about the executable code structure of the file."'
in_subset:
- microsoft
from_schema: https://w3id.org/lmodel/uco-observable
rank: 1000
is_a: UcoInherentCharacterizationThing
slots:
- majorLinkerVersion
- minorLinkerVersion
- addressOfEntryPoint
- baseOfCode
- checksum
- fileAlignment
- imageBase
- loaderFlags
- numberOfRVAAndSizes
- sectionAlignment
- sizeOfCode
- sizeOfHeaders
- sizeOfHeapCommit
- sizeOfHeapReserve
- sizeOfImage
- sizeOfInitializedData
- sizeOfStackCommit
- sizeOfStackReserve
- sizeOfUninitializedData
- win32VersionValue
- dllCharacteristics
- magic
- majorImageVersion
- majorOSVersion
- majorSubsystemVersion
- minorImageVersion
- minorOSVersion
- minorSubsystemVersion
- subsystem
slot_usage:
majorLinkerVersion:
name: majorLinkerVersion
multivalued: true
domain_of:
- WindowsPEOptionalHeader
minorLinkerVersion:
name: minorLinkerVersion
multivalued: true
domain_of:
- WindowsPEOptionalHeader
addressOfEntryPoint:
name: addressOfEntryPoint
multivalued: true
domain_of:
- WindowsPEOptionalHeader
baseOfCode:
name: baseOfCode
multivalued: true
domain_of:
- WindowsPEOptionalHeader
checksum:
name: checksum
multivalued: true
domain_of:
- WindowsPEOptionalHeader
fileAlignment:
name: fileAlignment
multivalued: true
domain_of:
- WindowsPEOptionalHeader
imageBase:
name: imageBase
multivalued: true
domain_of:
- WindowsPEOptionalHeader
loaderFlags:
name: loaderFlags
multivalued: true
domain_of:
- WindowsPEOptionalHeader
numberOfRVAAndSizes:
name: numberOfRVAAndSizes
multivalued: true
domain_of:
- WindowsPEOptionalHeader
sectionAlignment:
name: sectionAlignment
multivalued: true
domain_of:
- WindowsPEOptionalHeader
sizeOfCode:
name: sizeOfCode
multivalued: true
domain_of:
- WindowsPEOptionalHeader
sizeOfHeaders:
name: sizeOfHeaders
multivalued: true
domain_of:
- WindowsPEOptionalHeader
sizeOfHeapCommit:
name: sizeOfHeapCommit
multivalued: true
domain_of:
- WindowsPEOptionalHeader
sizeOfHeapReserve:
name: sizeOfHeapReserve
multivalued: true
domain_of:
- WindowsPEOptionalHeader
sizeOfImage:
name: sizeOfImage
multivalued: true
domain_of:
- WindowsPEOptionalHeader
sizeOfInitializedData:
name: sizeOfInitializedData
multivalued: true
domain_of:
- WindowsPEOptionalHeader
sizeOfStackCommit:
name: sizeOfStackCommit
multivalued: true
domain_of:
- WindowsPEOptionalHeader
sizeOfStackReserve:
name: sizeOfStackReserve
multivalued: true
domain_of:
- WindowsPEOptionalHeader
sizeOfUninitializedData:
name: sizeOfUninitializedData
multivalued: true
domain_of:
- WindowsPEOptionalHeader
win32VersionValue:
name: win32VersionValue
multivalued: true
domain_of:
- WindowsPEOptionalHeader
dllCharacteristics:
name: dllCharacteristics
multivalued: true
domain_of:
- WindowsPEOptionalHeader
magic:
name: magic
multivalued: true
domain_of:
- WindowsPEOptionalHeader
majorImageVersion:
name: majorImageVersion
multivalued: true
domain_of:
- WindowsPEOptionalHeader
majorOSVersion:
name: majorOSVersion
multivalued: true
domain_of:
- WindowsPEOptionalHeader
majorSubsystemVersion:
name: majorSubsystemVersion
multivalued: true
domain_of:
- WindowsPEOptionalHeader
minorImageVersion:
name: minorImageVersion
multivalued: true
domain_of:
- WindowsPEOptionalHeader
minorOSVersion:
name: minorOSVersion
multivalued: true
domain_of:
- WindowsPEOptionalHeader
minorSubsystemVersion:
name: minorSubsystemVersion
multivalued: true
domain_of:
- WindowsPEOptionalHeader
subsystem:
name: subsystem
multivalued: true
domain_of:
- WindowsPEOptionalHeader
Induced
name: WindowsPEOptionalHeader
description: '"A Windows PE optional header is a grouping of characteristics unique
to the ''optionalHeader'' of a Windows PE (Portable Executable) file, consisting
of a collection of metadata about the executable code structure of the file."'
in_subset:
- microsoft
from_schema: https://w3id.org/lmodel/uco-observable
rank: 1000
is_a: UcoInherentCharacterizationThing
slot_usage:
majorLinkerVersion:
name: majorLinkerVersion
multivalued: true
domain_of:
- WindowsPEOptionalHeader
minorLinkerVersion:
name: minorLinkerVersion
multivalued: true
domain_of:
- WindowsPEOptionalHeader
addressOfEntryPoint:
name: addressOfEntryPoint
multivalued: true
domain_of:
- WindowsPEOptionalHeader
baseOfCode:
name: baseOfCode
multivalued: true
domain_of:
- WindowsPEOptionalHeader
checksum:
name: checksum
multivalued: true
domain_of:
- WindowsPEOptionalHeader
fileAlignment:
name: fileAlignment
multivalued: true
domain_of:
- WindowsPEOptionalHeader
imageBase:
name: imageBase
multivalued: true
domain_of:
- WindowsPEOptionalHeader
loaderFlags:
name: loaderFlags
multivalued: true
domain_of:
- WindowsPEOptionalHeader
numberOfRVAAndSizes:
name: numberOfRVAAndSizes
multivalued: true
domain_of:
- WindowsPEOptionalHeader
sectionAlignment:
name: sectionAlignment
multivalued: true
domain_of:
- WindowsPEOptionalHeader
sizeOfCode:
name: sizeOfCode
multivalued: true
domain_of:
- WindowsPEOptionalHeader
sizeOfHeaders:
name: sizeOfHeaders
multivalued: true
domain_of:
- WindowsPEOptionalHeader
sizeOfHeapCommit:
name: sizeOfHeapCommit
multivalued: true
domain_of:
- WindowsPEOptionalHeader
sizeOfHeapReserve:
name: sizeOfHeapReserve
multivalued: true
domain_of:
- WindowsPEOptionalHeader
sizeOfImage:
name: sizeOfImage
multivalued: true
domain_of:
- WindowsPEOptionalHeader
sizeOfInitializedData:
name: sizeOfInitializedData
multivalued: true
domain_of:
- WindowsPEOptionalHeader
sizeOfStackCommit:
name: sizeOfStackCommit
multivalued: true
domain_of:
- WindowsPEOptionalHeader
sizeOfStackReserve:
name: sizeOfStackReserve
multivalued: true
domain_of:
- WindowsPEOptionalHeader
sizeOfUninitializedData:
name: sizeOfUninitializedData
multivalued: true
domain_of:
- WindowsPEOptionalHeader
win32VersionValue:
name: win32VersionValue
multivalued: true
domain_of:
- WindowsPEOptionalHeader
dllCharacteristics:
name: dllCharacteristics
multivalued: true
domain_of:
- WindowsPEOptionalHeader
magic:
name: magic
multivalued: true
domain_of:
- WindowsPEOptionalHeader
majorImageVersion:
name: majorImageVersion
multivalued: true
domain_of:
- WindowsPEOptionalHeader
majorOSVersion:
name: majorOSVersion
multivalued: true
domain_of:
- WindowsPEOptionalHeader
majorSubsystemVersion:
name: majorSubsystemVersion
multivalued: true
domain_of:
- WindowsPEOptionalHeader
minorImageVersion:
name: minorImageVersion
multivalued: true
domain_of:
- WindowsPEOptionalHeader
minorOSVersion:
name: minorOSVersion
multivalued: true
domain_of:
- WindowsPEOptionalHeader
minorSubsystemVersion:
name: minorSubsystemVersion
multivalued: true
domain_of:
- WindowsPEOptionalHeader
subsystem:
name: subsystem
multivalued: true
domain_of:
- WindowsPEOptionalHeader
attributes:
majorLinkerVersion:
name: majorLinkerVersion
description: '"Specifies the linker major version number."'
from_schema: https://w3id.org/lmodel/uco-observable
rank: 1000
multivalued: true
alias: majorLinkerVersion
owner: WindowsPEOptionalHeader
domain_of:
- WindowsPEOptionalHeader
range: byte type
minorLinkerVersion:
name: minorLinkerVersion
description: '"Specifies the linker minor version number."'
from_schema: https://w3id.org/lmodel/uco-observable
rank: 1000
multivalued: true
alias: minorLinkerVersion
owner: WindowsPEOptionalHeader
domain_of:
- WindowsPEOptionalHeader
range: byte type
addressOfEntryPoint:
name: addressOfEntryPoint
description: '"Specifies the address of the entry point relative to the imageBase
when the executable is loaded into memory."'
from_schema: https://w3id.org/lmodel/uco-observable
rank: 1000
multivalued: true
alias: addressOfEntryPoint
owner: WindowsPEOptionalHeader
domain_of:
- WindowsPEOptionalHeader
range: unsigned integer type
baseOfCode:
name: baseOfCode
description: '"Specifies the address that is relative to the imageBase of the
beginning-of-code section when it is loaded into memory."'
from_schema: https://w3id.org/lmodel/uco-observable
rank: 1000
multivalued: true
alias: baseOfCode
owner: WindowsPEOptionalHeader
domain_of:
- WindowsPEOptionalHeader
range: unsigned integer type
checksum:
name: checksum
description: '"Specifies the checksum of the PE binary."'
from_schema: https://w3id.org/lmodel/uco-observable
rank: 1000
multivalued: true
alias: checksum
owner: WindowsPEOptionalHeader
domain_of:
- WindowsPEOptionalHeader
range: unsigned integer type
fileAlignment:
name: fileAlignment
description: '"Specifies the factor (in bytes) that is used to align the raw data
of sections in the image file."'
from_schema: https://w3id.org/lmodel/uco-observable
rank: 1000
multivalued: true
alias: fileAlignment
owner: WindowsPEOptionalHeader
domain_of:
- WindowsPEOptionalHeader
range: unsigned integer type
imageBase:
name: imageBase
description: '"Specifies the address that is relative to the imageBase of the
beginning-of-data section when it is loaded into memory."'
from_schema: https://w3id.org/lmodel/uco-observable
rank: 1000
multivalued: true
alias: imageBase
owner: WindowsPEOptionalHeader
domain_of:
- WindowsPEOptionalHeader
range: unsigned integer type
loaderFlags:
name: loaderFlags
description: '"Specifies the reserved loaderFlags"'
from_schema: https://w3id.org/lmodel/uco-observable
rank: 1000
multivalued: true
alias: loaderFlags
owner: WindowsPEOptionalHeader
domain_of:
- WindowsPEOptionalHeader
range: unsigned integer type
numberOfRVAAndSizes:
name: numberOfRVAAndSizes
description: '"Specifies the number of data-directory entries in the remainder
of the optionalHeader."'
from_schema: https://w3id.org/lmodel/uco-observable
rank: 1000
multivalued: true
alias: numberOfRVAAndSizes
owner: WindowsPEOptionalHeader
domain_of:
- WindowsPEOptionalHeader
range: unsigned integer type
sectionAlignment:
name: sectionAlignment
description: '"Specifies the alignment (in bytes) of PE sections when they are
loaded into memory."'
from_schema: https://w3id.org/lmodel/uco-observable
rank: 1000
multivalued: true
alias: sectionAlignment
owner: WindowsPEOptionalHeader
domain_of:
- WindowsPEOptionalHeader
range: unsigned integer type
sizeOfCode:
name: sizeOfCode
description: '"Specifies the size of the code (text) section. If there are multiple
such sections, this refers to the sum of the sizes of each section."'
from_schema: https://w3id.org/lmodel/uco-observable
rank: 1000
multivalued: true
alias: sizeOfCode
owner: WindowsPEOptionalHeader
domain_of:
- WindowsPEOptionalHeader
range: unsigned integer type
sizeOfHeaders:
name: sizeOfHeaders
description: '"Specifies the combined size of the MS-DOS, PE header, and section
headers, rounded up a multiple of the value specified in the file_alignment
header."'
from_schema: https://w3id.org/lmodel/uco-observable
rank: 1000
multivalued: true
alias: sizeOfHeaders
owner: WindowsPEOptionalHeader
domain_of:
- WindowsPEOptionalHeader
range: unsigned integer type
sizeOfHeapCommit:
name: sizeOfHeapCommit
description: '"Specifies the size of the local heap space to commit."'
from_schema: https://w3id.org/lmodel/uco-observable
rank: 1000
multivalued: true
alias: sizeOfHeapCommit
owner: WindowsPEOptionalHeader
domain_of:
- WindowsPEOptionalHeader
range: unsigned integer type
sizeOfHeapReserve:
name: sizeOfHeapReserve
description: '"Specifies the size of the local heap space to reserve."'
from_schema: https://w3id.org/lmodel/uco-observable
rank: 1000
multivalued: true
alias: sizeOfHeapReserve
owner: WindowsPEOptionalHeader
domain_of:
- WindowsPEOptionalHeader
range: unsigned integer type
sizeOfImage:
name: sizeOfImage
description: '"Specifies the size, in bytes, of the image, including all headers,
as the image is loaded in memory."'
from_schema: https://w3id.org/lmodel/uco-observable
rank: 1000
multivalued: true
alias: sizeOfImage
owner: WindowsPEOptionalHeader
domain_of:
- WindowsPEOptionalHeader
range: unsigned integer type
sizeOfInitializedData:
name: sizeOfInitializedData
description: '"Specifies the size of the initialized data section. If there are
multiple such sections, this refers to the sum of the sizes of each section."'
from_schema: https://w3id.org/lmodel/uco-observable
rank: 1000
multivalued: true
alias: sizeOfInitializedData
owner: WindowsPEOptionalHeader
domain_of:
- WindowsPEOptionalHeader
range: unsigned integer type
sizeOfStackCommit:
name: sizeOfStackCommit
description: '"Specifies the size of the stack to commit."'
from_schema: https://w3id.org/lmodel/uco-observable
rank: 1000
multivalued: true
alias: sizeOfStackCommit
owner: WindowsPEOptionalHeader
domain_of:
- WindowsPEOptionalHeader
range: unsigned integer type
sizeOfStackReserve:
name: sizeOfStackReserve
description: '"Specifies the size of the stack to reserve."'
from_schema: https://w3id.org/lmodel/uco-observable
rank: 1000
multivalued: true
alias: sizeOfStackReserve
owner: WindowsPEOptionalHeader
domain_of:
- WindowsPEOptionalHeader
range: unsigned integer type
sizeOfUninitializedData:
name: sizeOfUninitializedData
description: '"Specifies the size of the uninitialized data section. If there
are multiple such sections, this refers to the sum of the sizes of each section."'
from_schema: https://w3id.org/lmodel/uco-observable
rank: 1000
multivalued: true
alias: sizeOfUninitializedData
owner: WindowsPEOptionalHeader
domain_of:
- WindowsPEOptionalHeader
range: unsigned integer type
win32VersionValue:
name: win32VersionValue
description: '"Specifies the reserved win32VersionValue."'
from_schema: https://w3id.org/lmodel/uco-observable
rank: 1000
multivalued: true
alias: win32VersionValue
owner: WindowsPEOptionalHeader
domain_of:
- WindowsPEOptionalHeader
range: unsigned integer type
dllCharacteristics:
name: dllCharacteristics
description: '"Specifies the flags that characterize the PE binary."'
from_schema: https://w3id.org/lmodel/uco-observable
rank: 1000
multivalued: true
alias: dllCharacteristics
owner: WindowsPEOptionalHeader
domain_of:
- WindowsPEOptionalHeader
range: unsigned short type
magic:
name: magic
description: '"Specifies the value that indicates the type of the PE binary."'
from_schema: https://w3id.org/lmodel/uco-observable
rank: 1000
multivalued: true
alias: magic
owner: WindowsPEOptionalHeader
domain_of:
- WindowsPEOptionalHeader
range: unsigned short type
majorImageVersion:
name: majorImageVersion
description: '"Specifies the major version number of the image."'
from_schema: https://w3id.org/lmodel/uco-observable
rank: 1000
multivalued: true
alias: majorImageVersion
owner: WindowsPEOptionalHeader
domain_of:
- WindowsPEOptionalHeader
range: unsigned short type
majorOSVersion:
name: majorOSVersion
description: '"Specifies the major version number of the required operating system."'
from_schema: https://w3id.org/lmodel/uco-observable
rank: 1000
multivalued: true
alias: majorOSVersion
owner: WindowsPEOptionalHeader
domain_of:
- WindowsPEOptionalHeader
range: unsigned short type
majorSubsystemVersion:
name: majorSubsystemVersion
description: '"Specifies the major version number of the subsystem."'
from_schema: https://w3id.org/lmodel/uco-observable
rank: 1000
multivalued: true
alias: majorSubsystemVersion
owner: WindowsPEOptionalHeader
domain_of:
- WindowsPEOptionalHeader
range: unsigned short type
minorImageVersion:
name: minorImageVersion
description: '"Specifies the minor version number of the image."'
from_schema: https://w3id.org/lmodel/uco-observable
rank: 1000
multivalued: true
alias: minorImageVersion
owner: WindowsPEOptionalHeader
domain_of:
- WindowsPEOptionalHeader
range: unsigned short type
minorOSVersion:
name: minorOSVersion
description: '"Specifies the minor version number of the required operating system."'
from_schema: https://w3id.org/lmodel/uco-observable
rank: 1000
multivalued: true
alias: minorOSVersion
owner: WindowsPEOptionalHeader
domain_of:
- WindowsPEOptionalHeader
range: unsigned short type
minorSubsystemVersion:
name: minorSubsystemVersion
description: '"Specifies the minor version number of the subsystem."'
from_schema: https://w3id.org/lmodel/uco-observable
rank: 1000
multivalued: true
alias: minorSubsystemVersion
owner: WindowsPEOptionalHeader
domain_of:
- WindowsPEOptionalHeader
range: unsigned short type
subsystem:
name: subsystem
description: '"Specifies the subsystem (e.g., GUI, device driver, etc.) that is
required to run this image."'
from_schema: https://w3id.org/lmodel/uco-observable
rank: 1000
multivalued: true
alias: subsystem
owner: WindowsPEOptionalHeader
domain_of:
- WindowsPEOptionalHeader
range: unsigned short type