I am learning fasm on windows XP environment while I read a fasm source code, I found invoke macro:
invoke MessageBox,0,[_strbuf],_msgcap,MB_ICONINFORMATION+MB_OK
and import macro.
import user,\
MessageBox,'MessageBoxA',\
wsprintf,'wsprintfA'
but I couldn't find any hard-coded address of MessageBoxA nor loading user32.dll in the assembly code.
There are only macro definitions which label the string but not an address.
My assumption is this:
there is code that load user32.dll and return start address of loaded dll => here, let us call the returned address to location A
there are pairs for hard-coded address and label (e.g. MessageBoxA = 0x00000000)
so the instruction 'call' can call MessageBoxA label(which will be converted to location A + MessageBoxA offset)
Is my assumption wrong? I wonder how APIs are called.
Read the FASM documentation, it explains how MessageBoxA() is referenced in user32.dll.
Then read the MSDN documentation about how Windows executables actually work. Pay particular attention to the section about PE File Imports, which explains how the address of imported DLL functions are resolved at run-time.
In a nutshell, the import statement in FASM is setting up an entry in a lookup table within the compiled EXE file. The OS then fills in that lookup table when the EXE is loaded into memory before its code begins running.