What is the code to FASM?

This is FASM code

format PE64 GUI
sub rsp,8*5
mov r9,0
lea r8,[_caption]
lea rdx,[_message]
mov rcx,0
call [MessageBoxA]
add rsp,40
sub rsp,16
mov ecx,eax
call [ExitProcess]
_caption db 'Win64 assembly program',0
_message db 'Hello World!'0
section '.idata' import data readable writeable
dd 0,0,0,RVA kernel_name,RVA kernel_table
dd 0,0,0,RVA user_name,RVA user_table
kernel_table:
ExitProcess dq RVA _ExitProcess
dq 0
user_table:
MessageBoxA dq RVA _MessageBoxA
dq 0
kernel_name db 'KERNEL32.DLL',0
user_name db 'USER32.DLL',0
_ExitProcess dw 0
db 'ExitProcess',0
_MessageBoxA dw 0
db 'MessageBoxA',0


I need to understand what these commands and parameters
I am mostly interested in these lines:
1)
sub rsp,8*5
add rsp,40
sub rsp,16

I know it's a backup and restore of the stack, but why?

2) Why the registers r9, r8, rdx, rcx used in the program, I tried with other registers, it did not work, the program just does not run.

3)
section '.idata' import data readable writeable
dd 0,0,0,RVA kernel_name,RVA kernel_table
dd 0,0,0,RVA user_name,RVA user_table
kernel_table:
ExitProcess dq RVA _ExitProcess
dq 0

What is it? What means dd? What does RVA?

4)
ExitProcess dq RVA _ExitProcess
dq 0


_ExitProcess dw 0
db 'ExitProcess',0

What these lines are?

Do not send to Google, I had already been there and has not found anything concrete.
This code I took from the website, it displays "Hello World", the author does not specifically says what is responsible for what.
March 19th 20 at 09:25
1 answer
March 19th 20 at 09:27
Solution
sub rsp,8*5
add rsp,40
sub rsp,16


I know it's a backup and restore of the stack, but why?


I'm not strong in Windows ABI but I suspect that on the stack to reserve space for all function parameters, even those that are passed via registers. Judging by this, the way it is. You can immediately reserve the desired maximum (4 * 8) and not to drive the rsp there/here.

Why the registers r9, r8, rdx, rcx used in the program, I tried with other registers, it did not work, the program just does not run.


Read here, register usage.

What means dd? What does RVA?

dd == double word data, RVA == relative virtual address.

section '.idata' import data

Everything that goes in this section need to link the called program functions by name in definitions of functions MessageBox and ExitProcess in libraries. To understand the format of this section should be located in it.

Find more questions by tags Assembler