IAT hooking is a way to run malicious code by modifying the Import Address Table of a specific executable. Consisting to replace one legitimate function from imported DLL by a malicious one. IAT hooking and inline hooking are generally known as userland rootkits. IAT hooking is a technique that malware uses to change the import address table. When a legitimate application calls an API located in a DLL, the replaced function is executed instead of the original one. In contrast, with inline hooking, malware modifies the API function itself.