https://research32.blogspot.com/2014/12/iat-for-notepadexe.html
https://relearex.wordpress.com/2017/12/26/hooking-series-part-i-import-address-table-hooking/
When an executable is first loaded, the Windows loader is responsible for reading in the files PE structure and loading the executable image into memory. One of the other steps it takes is to load all of the dlls that the application uses and map them into the process address space.
The executable also lists all of the functions it will require from each dll. Because the function addresses are not static a mechanism had to be developed that allowed for the these variables to be changed without needing to alter all of the compiled code at runtime.
This was accomplished through the use of an import address table (IAT). This is a table of function pointers filled in by the windows loader as the dlls are loaded.
The EAT works in the same way as the IAT, apart from the library will be exporting the functions to the image executable, in which the program will import into the IAT (I won’t get into the nitty gritty details).
These two memory structures can be manipulated by malware in order to make the executable call some other function rather than the function intended to be called.