Reputation: 429
Why does a loaded PE binary need IAT?
I am just trying to get an idea of binary formats, and while learning about PE format, I found that it has an IAT for looking up where the imported functions are available in the memory.
I do not understand why would the loader have this additional level of indirection. Since the loaded already knows where the imported function is loaded in memory, why does it not just reference that in the assembly rather than populating the IAT and then during program execution first accessing the IAT and then finding the address from there.
I am not sure whether my understanding about this is correct or not. Could someone please shed some light on this.
Upvotes: 2
Views: 962
Answers (1)
Reputation: 942267
The loader modifies the IAT when the DLL is loaded, filling it with the actual address of the imported functions. The code in the DLL makes an indirect call through the IAT entry. Avoids having to patch the code (i.e. modifying the assembly), that kind of patching prevents code sharing.
A decent web page that shows the plumbing is here.
Upvotes: 3
Related Questions
- I am confused about PE file relocations
- PE format, what is the use for IAT Directory
- PE Loading: What to do with resource section?
- PE Format: Why the IAT can be empty, and a MS detours myth
- Why is the PE format position dependent?
- PE file - what's missing?
- PE Format - IAT Questions
- When does the PE file format IAT function addresses get set
- About the code section of PE format
- About the entry point of PE in Windows