common windows functions

[baltoro]

Hi,
I'm new to assembly programming, but, have programmed C++ for Windows for years, and I'm curious about something.
When you invoke an existing windows function (for example, CreateWindow, referencing with includelib, user32.lib) from one of the standard assembly libraries, does the code execute a jump to the actual Microsoft Windows version of the function (for example, in User32.dll), or is the code a disassembly of the Windows version?

[hutch--]

It actually does that same as any other language that can call Windows API functions. The Windows API functions reside in the system DLLs that are loaded in memory and running applications make a DLL call when they call an API.

I have seen a long time ago the technique of copying the data from a system API to local executable memory and on old Win9x OS versions this sometimes made the API a bit faster but it does not seem to have any great advantage on modern NT based systems.

[baltoro]

Thanks Hutch, that's what I'd have guessed.

[drizz]

user32.lib, kernel32.lib... and others only contain descriptors (IMPORT_OBJECT_HEADER structs) for linker to create thunks in your executable, more precisely to make IAT (Import address table). When your exe is on disk, IAT contains only names, when your exe is loaded in memory windows_loader fills this IAT with actual addresses (from those system dlls), hence when you "invoke" a function it just executes a <call dword ptr [IAT]>, or <call> to <jump dword ptr[IAT]> (based on descriptors); there is no executable code linked. masm32.lib and other on the other hand have pure code and data that is linked to your exe (if you reference it) and executes directly from your exe file.