Imports and Exports
Imports and exports are the mechanisms that enable the dynamic linking
process of executables described earlier. Consider an executable that refer-
ences functions in other executables while it is being compiled and linked. The
compiler and linker have no idea of the actual addresses of the imported func-
tions. It is only in runtime that these addresses will be known. To solve this
problem, the linker creates a special import table that lists all the functions
imported by the current module by their names. The import table contains a
list of modules that the module uses and the list of functions called within each
of those modules.
When the module is loaded, the loader loads every module listed in the
import table, and goes to find the address of each of the functions listed in each
module. The addresses are found by going over the exporting module’s export
table, which contains the names and RVAs of every exported function.
When the importing module needs to call into an imported function, the
calling code typically looks like this:
call [SomeAddress]Where SomeAddressis a pointer into the executable import address table
(IAT). When the modue is linked the IAT is nothing but an list of empty values,
but when the module is loaded, the linker resolves each entry in the IAT to
point to the actual function in the exporting module. This way when the call-
ing code is executed, SomeAddresswill point to the actual address of the
imported function. Figure 3.4 illustrates this process on three executables:
ImportingModule.EXE, SomeModule.DLL, and AnotherModule.DLL.
Directories
PE Executables contain a list of special optional directories, which are essen-
tially additional data structures that executables can contain. Most directories
have a special data structure that describes their contents, and none of them is
required for an executable to function properly.
Windows Fundamentals 99