The IAT (Import Address Table)

The Import Address Table stores information about the loaded modules imported by the current running processs.

The IAT is important during reverse engineering process to identify functions been used by the application and therefore understand better the application functionality and capabilities, its possible to understand the application behaviour by reviewing the IAT and looking for functions commonly used by malware.

Exploit developer perspective the IAT is important to identiy weak/vulnerable functions used by the application, after idenfiying the vulnerable function the exploit developer will attempt to reach the vulnerable function by manipulating the network packet or file format.

Below is an example of dependecy walker loaded with notepad.exe. We can see functions and modules used by notepad.exe We can see the notepad.exe uses kernel32 module and kernelbase as well and multiple functions from these modules.

Thank you for reading.