What is Input Address Table and Input Name Table as displayed by dumpbin /imports?

Question

What is Input Address Table and Input Name Table as displayed by dumpbin /imports?

Dump of file c:\windows\System32\kernel32.dll

File Type: DLL

  Section contains the following imports:

    API-MS-Win-Core-RtlSupport-L1-1-0.dll
              78DBC000 Import Address Table
              78E18D58 Import Name Table
                     0 time date stamp
                     0 Index of first forwarder reference

My initial guess was, it is the RVA IMAGE_IMPORT_DESCRIPTOR.FirstThunk, but looking at the value for IAT, it looks quite large to be a RVA. I also guess, it cannot be an absolute address, as then the value would be meaningless (as that would mean w.r.t PE load address).

Use Case

I am creating a C++ Library to emulate dumpbin, and I am currently wondering what these two values would map to?

Answer 1

I believe that dumpbin is displaying these two values (FirstThunk and OriginalFirstThunk) as virtual addresses based on the preferred base address (image base) of the module.

In this example, the values are "ImageBase from optional header + FirstThunk/OriginalFirstThunk".