Each data directory gives the address and size of a table or string used by Windows NT. These are all loaded into memory so that they can be used by the system at run time. A data directory is an eight-byte field that has the following declaration:
typedef struct _IMAGE_DATA_DIRECTORY {
DWORD RVA;
DWORD Size;
} IMAGE_DATA_DIRECTORY, *PIMAGE_DATA_DIRECTORY;The first field, RVA, is the relative virtual address of the table. The RVA is the address of the table, when loaded, relative to the base address of the image. The second field gives the size in bytes. The data directories, which form the last part of the Optional Header, are listed below.
Note that the number of directories is not fixed. The NumberOfRvaAndSizes field in the optional header should be checked before looking for a specific directory.
Do not assume that the RVAs given in this table point to the beginning of a section or that the sections containing specific tables have specific names.
| Offset | Size | Field | Description |
| 96 | 8 | Export Table | Export Table address and size. |
| 104 | 8 | Import Table | Import Table address and size |
| 112 | 8 | Resource Table | Resource Table address and size. |
| 120 | 8 | Exception Table | Exception Table address and size. |
| 128 | 8 | Certificate Table | Attribute Certificate Table address and size. |
| 136 | 8 | Base Relocation Table | Base Relocation Table address and size. |
| 144 | 8 | Debug | Debug data starting address and size. |
| 152 | 8 | Architecture | Architecture-specific data address and size. |
| 160 | 8 | Global Ptr | Relative virtual address of the global pointer register. Size member of this structure is set to 0. |
| 168 | 8 | TLS Table | Thread Local Storage (TLS) Table address and size. |
| 176 | 8 | Load Config Table | Load Configuration Table address and size. |
| 184 | 8 | Bound Import | Bound Import Table address and size. |
| 192 | 8 | IAT | Import Address Table address and size. |
| 200 | 8 | Delay Import Descriptor | Address and size of the Delay Import Descriptor. |
| 208 | 16 | Reserved | |
The Certificate Table entry points to a table of attribute certificates. These certificates are not loaded into memory as part of the image. As such, the first field of this entry, which is normally an RVA, is a File Pointer instead.