可选pe头结构中最后一个属性：_IMAGE_DATA_DIRECTORY DataDirectory[16]；用来表示数据目录  1、我们所了解的PE分为头和节，在每个节中，都包含了我们写的一些代码和数据，但还有一些非常重要                的信息是编译器替我们加到PE文件中的，这些信息可能存在在任何可以利用的地方。                                2、这些信息之所以重要，是因为这些信息包含了诸如：                PE程序的图标在哪里？                用到了哪些系统提供的函数？                为其他的程序提供哪些函数？                                3、编译器添加了这么多信息，那程序是如何找到这些信息的呢？                答案就是：数据目录                                4、数据目录定位：                可选PE头最后一个成员，就是数据目录.一共有16个:                typedef struct _IMAGE_DATA_DIRECTORY {                    DWORD   VirtualAddress;                //内存偏移    DWORD   Size;                //大小} IMAGE_DATA_DIRECTORY, *PIMAGE_DATA_DIRECTORY;                                #define IMAGE_NUMBEROF_DIRECTORY_ENTRIES    16     分别是：导出表、导入表、资源表、异常信息表、安全证书表、重定位表、调试信息表、版权所以表、全局指针表                TLS表、加载配置表、绑定导入表、IAT表、延迟导入表、COM信息表 最后一个保留未使用。              其中的size是参考值，可以修改而不影响程序；                  和程序运行时息息相关的表有：                    导出表                    导入表           35-数据目录         重定位表                    IAT表                  输出数据目录：  #include "stdafx.h"#include "PeTool.h"  #define SRC "C:\\Users\\Administrator\\Desktop\\TraceMe.exe"#define DEST "C:\\Users\\Administrator\\Desktop\\copy1.exe"  void printDataDirectory(){    //定义头结构指针    PIMAGE_DOS_HEADER dosHeader = NULL;        //dos头指针    PIMAGE_FILE_HEADER peHeader = NULL;        //pe头指针    PIMAGE_OPTIONAL_HEADER32 opHeader = NULL;    //可选pe头指针      //1.读取文件到缓冲区    LPVOID pFileBuffer = NULL;    DWORD fileSize = ReadPEFile(SRC, &pFileBuffer);    if(!fileSize){        printf("读取文件失败\n");        return;    }    //2.初始化头指针    dosHeader = (PIMAGE_DOS_HEADER) pFileBuffer;    peHeader = (PIMAGE_FILE_HEADER) ((DWORD)dosHeader dosHeader->e_lfanew 4);    opHeader = (PIMAGE_OPTIONAL_HEADER32) ((DWORD)peHeader IMAGE_SIZEOF_FILE_HEADER);    //3.输出数据目录信息    PIMAGE_DATA_DIRECTORY DataDirectory = opHeader->DataDirectory;    printf("IMAGE_DIRECTORY_ENTRY_EXPORT: Address: %x ,Size: %x \n",DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress,        DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].Size);        printf("IMAGE_DIRECTORY_ENTRY_IMPORT: Address: %x ,Size: %x \n",DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT].VirtualAddress,        DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT].Size);     printf("IMAGE_DIRECTORY_ENTRY_RESOURCE: Address: %x ,Size: %x \n",DataDirectory[IMAGE_DIRECTORY_ENTRY_RESOURCE].VirtualAddress,        DataDirectory[IMAGE_DIRECTORY_ENTRY_RESOURCE].Size);     printf("IMAGE_DIRECTORY_ENTRY_EXCEPTION: Address: %x ,Size: %x \n",DataDirectory[IMAGE_DIRECTORY_ENTRY_EXCEPTION].VirtualAddress,        DataDirectory[IMAGE_DIRECTORY_ENTRY_EXCEPTION].Size);     printf("IMAGE_DIRECTORY_ENTRY_SECURITY: Address: %x ,Size: %x \n",DataDirectory[IMAGE_DIRECTORY_ENTRY_SECURITY].VirtualAddress,        DataDirectory[IMAGE_DIRECTORY_ENTRY_SECURITY].Size);        printf("IMAGE_DIRECTORY_ENTRY_BASERELOC: Address: %x ,Size: %x \n",DataDirectory[IMAGE_DIRECTORY_ENTRY_BASERELOC].VirtualAddress,        DataDirectory[IMAGE_DIRECTORY_ENTRY_BASERELOC].Size);     printf("IMAGE_DIRECTORY_ENTRY_DEBUG: Address: %x ,Size: %x \n",DataDirectory[IMAGE_DIRECTORY_ENTRY_DEBUG].VirtualAddress,        DataDirectory[IMAGE_DIRECTORY_ENTRY_DEBUG].Size);     printf("IMAGE_DIRECTORY_ENTRY_ARCHITECTURE: Address: %x ,Size: %x \n",DataDirectory[IMAGE_DIRECTORY_ENTRY_ARCHITECTURE].VirtualAddress,        DataDirectory[IMAGE_DIRECTORY_ENTRY_ARCHITECTURE].Size);     printf("IMAGE_DIRECTORY_ENTRY_GLOBALPTR: Address: %x ,Size: %x \n",DataDirectory[IMAGE_DIRECTORY_ENTRY_GLOBALPTR].VirtualAddress,        DataDirectory[IMAGE_DIRECTORY_ENTRY_GLOBALPTR].Size);     printf("IMAGE_DIRECTORY_ENTRY_TLS: Address: %x ,Size: %x \n",DataDirectory[IMAGE_DIRECTORY_ENTRY_TLS].VirtualAddress,        DataDirectory[IMAGE_DIRECTORY_ENTRY_TLS].Size);     printf("IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG: Address: %x ,Size: %x \n",DataDirectory[IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG].VirtualAddress,        DataDirectory[IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG].Size);     printf("IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT: Address: %x ,Size: %x \n",DataDirectory[IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT].VirtualAddress,        DataDirectory[IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT].Size);     printf("IMAGE_DIRECTORY_ENTRY_IAT: Address: %x ,Size: %x \n",DataDirectory[IMAGE_DIRECTORY_ENTRY_IAT].VirtualAddress,        DataDirectory[IMAGE_DIRECTORY_ENTRY_IAT].Size);     printf("IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT: Address: %x ,Size: %x \n",DataDirectory[IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT].VirtualAddress,        DataDirectory[IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT].Size);     printf("IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR: Address: %x ,Size: %x \n",DataDirectory[IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR].VirtualAddress,        DataDirectory[IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR].Size);} int main(int argc, char* argv[]){    printDataDirectory();    getchar();}结果：      来源：https://www.icode9.com/content-4-523151.html