Originally Posted by
brewbuck
Without the IAT the executable loader would have to make a huge number of fixups in the code segment. With the IAT, all the loader has to do is pass once through the table and add the true VMA to each entry.
This can reduce the number of fixups by many thousands of times for a complex DLL. And because Windows loads and unloads DLLs like nobody's business, being able to do it quickly is important.
There's another ENORMOUS reason why we do not directly modify the code segment. This would prevent us from being able to share code pages between different instances of the DLL. Essentially, it would completely defeat the purpose of having a DLL, which is to allow the same code to be loaded only ONCE into memory. If two processes load the same DLL at different addresses, then they will have different IATs. That's a much smaller impact than having two complete copies of the DLL in memory at the same time.