I am just trying to get an idea of binary formats, and while learning about PE format, I found that it has an IAT for looking up where the imported functions are available in the memory.
I do not understand why would the loader have this additional level of indirection. Since the loaded already knows where the imported function is loaded in memory, why does it not just reference that in the assembly rather than populating the IAT and then during program execution first accessing the IAT and then finding the address from there.
I am not sure whether my understanding about this is correct or not. Could someone please shed some light on this.
The loader modifies the IAT when the DLL is loaded, filling it with the actual address of the imported functions. The code in the DLL makes an indirect call through the IAT entry. Avoids having to patch the code (i.e. modifying the assembly), that kind of patching prevents code sharing.
A decent web page that shows the plumbing is here.