calling Windows API from assembly but there is no hardcoded address

Question

I am learning fasm on windows XP environment while I read a fasm source code, I found invoke macro

invoke  MessageBox,0,[_strbuf],_msgcap,MB_ICONINFORMATION+MB_OK

and import macro.

import user,\
     MessageBox,'MessageBoxA',\
     wsprintf,'wsprintfA'

but I couldn't find any hard-coded address of MessageBoxA nor loading user32.dll in the assembly code. there are only macro definitions which label the string but not an address.

my assumption is this

1. there is code that load user32.dll and return start address of loaded dll => here, let us call the returned address to location A

2. there are pairs for hard-coded address and label (e.g. MessageBoxA = 0x00000000)

3. so the instruction 'call' can call MessageBoxA label(which will be converted to location A + MessageBoxA offset)

is my assumption wrong? I wonder how APIs are called.

thanks

Answer 1

Read the FASM documentation, it explains how MessageBoxA() is referenced in user32.dll.

Then read the MSDN documentation about how Windows executables actually work. Pay particular attention to the section about PE File Imports, which explains how the address of imported DLL functions are resolved at run-time.

In a nutshell, the import statement in FASM is setting up an entry in a lookup table within the compiled EXE file. The OS then fills in that lookup table when the EXE is loaded into memory before its code begins running.

Answer 2

Here's a screen shot from the free Dependency Walker tool.

Note: there is a function name, Ordinal and Entry Point.

So yes, what you inferred is pretty much it. The functions are linked at runtime instead of at compile time. (DLL Dynamic Link Library).