Vaibhav
Vaibhav

Reputation: 429

Why does a loaded PE binary need IAT?

I am just trying to get an idea of binary formats, and while learning about PE format, I found that it has an IAT for looking up where the imported functions are available in the memory.

I do not understand why would the loader have this additional level of indirection. Since the loaded already knows where the imported function is loaded in memory, why does it not just reference that in the assembly rather than populating the IAT and then during program execution first accessing the IAT and then finding the address from there.

I am not sure whether my understanding about this is correct or not. Could someone please shed some light on this.

Upvotes: 2

Views: 962

Answers (1)

Hans Passant
Hans Passant

Reputation: 942267

The loader modifies the IAT when the DLL is loaded, filling it with the actual address of the imported functions. The code in the DLL makes an indirect call through the IAT entry. Avoids having to patch the code (i.e. modifying the assembly), that kind of patching prevents code sharing.

A decent web page that shows the plumbing is here.

Upvotes: 3

Related Questions