PE, using the IAT directory

Question

PE, using the IAT directory

In PE format, we have a table import directory (accessed via IMAGE_DIRECTORY_ENTRY_IMPORT) and an IAT directory (accessed via IMAGE_DIRECTORY_ENTRY_IAT) both are part of the additional header data directory.

Using the import table, the loader dynamically loads and enables the necessary libraries and functions. This is done by iterating through the RVA (Thunk Table) import address table, which is part of the import table.

So, if we use the import directory to allow imports, why do we need the IAT Directory?

I read the Microsoft PE specification but could not find the answer. There are also some questions in SO, but most of them use the IAT to access the Thunk table, not the IAT directory.

thanks

EDIT

I think there is some confusion between the Import Address Table, which is a field in the Import Table directory and Import Address Table called the IAT Directory. My question is about the IAT directory.

Thanks again

+4

windows portable-executable

Yuval Dec 18 '13 at 16:35

source share

3 answers

Hans Passant · Answer 1 · 2013-12-18T17:23:58+0000

This is well described in the PE specification you linked, chapter 5.4.4. These are the same tables:

, . 32- ( PE32) 64- ( PE32 +) . , - " ".

, , . PE . - . :

, , . , , , . PE, .
, , . , Notepad.exe , . . DLL, DLL , , ntdll.dll, kernel32.dll user32.dll(etcetera).

IAT , IAT . , . , , - .

Xiao Jia · Answer 2 · 2015-08-25T04:27:16+0000

IMAGE_DIRECTORY_ENTRY_IMPORT IAT, , [IMAGE_DIRECTORY_ENTRY_IAT].VirtualAddress [IMAGE_DIRECTORY_ENTRY_IAT].Size.

, , , IMAGE_DIRECTORY_ENTRY_IAT, IAT ( ILT) .

Brian · Answer 3 · 2013-12-18T16:48:44+0000

- PE:

MSDN 2002 : Inside Windows

Win32 Portable, Part 2

PE, using the IAT directory

More articles: